trailofbits.python.numpy-load-library.numpy-load-library

trailofbits

Author

unknown

Download Count*

CC BY-NC-SA 4.0

License

Loading custom operator libraries can result in arbitrary code execution

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: numpy-load-library
    message: Loading custom operator libraries can result in arbitrary code execution
    languages:
      - python
    severity: ERROR
    metadata:
      category: security
      cwe: "CWE-676: Use of Potentially Dangerous Function"
      subcategory:
        - audit
      confidence: MEDIUM
      likelihood: MEDIUM
      impact: HIGH
      technology:
        - numpy
      description: Potential arbitrary code execution from `NumPy` library loading
      references:
        - https://numpy.org/doc/stable/reference/routines.ctypeslib.html#numpy.ctypeslib.load_library
      license: AGPL-3.0 license
      vulnerability_class:
        - Dangerous Method or Function
    patterns:
      - pattern: numpy.ctypeslib.load_library(...)
      - pattern-not: numpy.ctypeslib.load_library("...", "...")

Examples

numpy-load-library.py

import numpy

path = "libname"
directory  = "loader_path/"

# ok: numpy-load-library
numpy.ctypeslib.load_library(path, directory)

# ok: numpy-load-library
numpy.ctypeslib.as_ctypes(2)

# ok: numpy-load-library
numpy.ctypeslib.load_library("lib", "./loader")

# ruleid: numpy-load-library
numpy.ctypeslib.load_library("lib", input())

# ruleid: numpy-load-library
numpy.ctypeslib.load_library(input(), "./loader")

def test(param):
    # ruleid: numpy-load-library
    return numpy.ctypeslib.load_library(param, "./loader")

Short Link: https://sg.run/NXkL