Add more suspicious globals

mmaitre314 · Sep 6, 2022 · 1c86244 · 1c86244
1 parent 7d67d2f
commit 1c86244
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 5 deletions.
diff --git a/src/picklescan/scanner.py b/src/picklescan/scanner.py
@@ -12,14 +12,17 @@
 _log = logging.getLogger("picklescan")
 
 _suspicious_globals = {
-    "__builtin__": {"eval", "compile", "getattr", "apply"},  # Pickle versions 0, 1, 2 have those function under '__builtin__'
-    "builtins": {"eval", "compile", "getattr", "apply"},  # Pickle versions 3, 4 have those function under 'builtins'
+    "__builtin__": {"eval", "compile", "getattr", "apply", "exec", "open", "breakpoint"},  # Pickle versions 0, 1, 2 have those function under '__builtin__'
+    "builtins": {"eval", "compile", "getattr", "apply", "exec", "open", "breakpoint"},  # Pickle versions 3, 4 have those function under 'builtins'
     "webbrowser": "*",  # Includes webbrowser.open()
     "httplib": "*",  # Includes http.client.HTTPSConnection()
     "requests.api": "*",
     "aiohttp.client": "*",
     "nt": "*",  # Alias for 'os' on Windows. Includes os.system()
     "posix": "*",  # Alias for 'os' on Linux. Includes os.system()
+    "socket": "*",
+    "subprocess": "*",
+    "sys": "*",
 }
 
 _pickle_file_extensions = {".pkl", ".pickle", ".joblib"}

diff --git a/tests/data/malicious7.pkl b/tests/data/malicious7.pkl
diff --git a/tests/data/malicious8.pkl b/tests/data/malicious8.pkl
diff --git a/tests/data/malicious9.pkl b/tests/data/malicious9.pkl
diff --git a/tests/test_scanner.py b/tests/test_scanner.py
@@ -1,9 +1,12 @@
+import http.client
 import io
 import os
 import pickle
-import http.client
-import pytest
+import socket
+import subprocess
+import sys
 import zipfile
+import pytest
 import requests
 import aiohttp
 from picklescan.scanner import _http_get, _list_globals, scan_pickle_bytes, scan_zip_bytes,\
@@ -40,6 +43,21 @@ def __reduce__(self):
         return aiohttp.ClientSession, tuple()
 
 
+class Malicious6:
+    def __reduce__(self):
+        return socket.create_connection, (("github.com", 80),)
+
+
+class Malicious7:
+    def __reduce__(self):
+        return subprocess.run, (["ls", "-l"],)
+
+
+class Malicious8:
+    def __reduce__(self):
+        return sys.exit, (0,)
+
+
 class HTTPResponse:
     def __init__(self, status, data=None):
         self.status = status
@@ -138,6 +156,9 @@ def initialize_pickle_files():
     initialize_pickle_file(f"{_root_path}/data/malicious4.pickle", Malicious4(), 4)
     initialize_pickle_file(f"{_root_path}/data/malicious5.pickle", Malicious5(), 4)
     initialize_data_file(f"{_root_path}/data/malicious6.pkl", pickle.dumps(["a", "b", "c"]) + pickle.dumps(Malicious4()))
+    initialize_pickle_file(f"{_root_path}/data/malicious7.pkl", Malicious6(), 4)
+    initialize_pickle_file(f"{_root_path}/data/malicious8.pkl", Malicious7(), 4)
+    initialize_pickle_file(f"{_root_path}/data/malicious9.pkl", Malicious8(), 4)
 
     initialize_zip_file(f"{_root_path}/data/malicious1.zip", "data.pkl", pickle.dumps(Malicious1(), protocol=4))
 
@@ -184,10 +205,13 @@ def test_scan_file_path():
     assert scan_file_path(f"{_root_path}/data/malicious4.pickle") == (1, 1)
     assert scan_file_path(f"{_root_path}/data/malicious5.pickle") == (1, 1)
     assert scan_file_path(f"{_root_path}/data/malicious6.pkl") == (1, 1)
+    assert scan_file_path(f"{_root_path}/data/malicious7.pkl") == (1, 1)
+    assert scan_file_path(f"{_root_path}/data/malicious8.pkl") == (1, 1)
+    assert scan_file_path(f"{_root_path}/data/malicious9.pkl") == (1, 1)
 
 
 def test_scan_directory_path():
-    assert scan_directory_path(f"{_root_path}/data/") == (16, 12)
+    assert scan_directory_path(f"{_root_path}/data/") == (19, 15)
 
 
 def test_scan_url():