checker(python): Detect insecure eval and exec calls with user tainted data in Django

[MashyBasker]

Purpose

This PR adds a checker to detect when insecure eval calls are made with user data passed by a request.POST call. This can cause remote code execution vulnerabilities as it allows code injection.

Test logs

Testing built-in rules...
./bin/globstar test -d checkers
Running test case: avoid_add.yml
Running test case: avoid_latest.yml
Running test case: avoid_sudo.yml
Running test case: cgi_import.yml
Running test case: des_weak_crypto.yml
Running test case: fmt_print_in_prod.yml
Running test case: grpc_client_insecure_tls.yml
Running test case: grpc_server_insecure_tls.yml
Running test case: html_req_template_injection.yml
Running test case: http_file_server.yml
Running test case: insecure_cookie.yml
Running test case: jwt_harcoded_signing_key.yml
Running test case: jwt_none_algorithm.yml
Running test case: math_rand.yml
Running test case: md5_weak_hash.yml
Running test case: missing_error_file_open.yml
Running test case: mysql_conn_raw_passwd.yml
Running test case: net_bind_all_interfaces.yml
Running test case: os_create_file_default_permission.yml
Running test case: postgres_config_raw_passwd.yml
Running test case: postgres_conn_raw_passwd.yml
Running test case: pprof_endpoint_automatic_exposure.yml
Running test case: reflect_pkg.yml
Running test case: samesite_cookie.yml
Running test case: sha1_weak_hash.yml
Running test case: tls_config_minver.yml
Running test case: tls_insecure.yml
Running test case: unsafe_pkg.yml
Running test case: unsafe_path_traversal.yml
Running test case: dangerous_eval.yml
Running test case: app-run-with-bad-host.yml
Running test case: avoid-marksafe.yml
Running test case: context-autoescape-off.yml
Running test case: csrf-exempt.yml
Running test case: distributed-security-required-encryption.yml
Running test case: django-class-custom-extends.yml
Running test case: empty-aes-key.yml
Running test case: filter-issafe.yml
Running test case: format-html-param.yml
Running test case: globals-as-template-context.yml
Running test case: hashid-with-django-secret.yml
Running test case: insecure-cipher.yml
Running test case: insecure-hash-sha1.yml
Running test case: insufficient-keysize.yml
Running test case: jwt-python-none-alg.yml
Running test case: query-set-extra.yml
Running test case: safe-string-extend.yml
Running test case: tainted-pickle-deserialize.yml
Running test case: use-ftp-tls.yml
Running test case: weak-ssl-version.yml
Running test case: blowfish_weak_crypto.yml
Running test case: dsa_weak_crypto.yml
Running test case: eval_method.yml
Running test case: md5_weak_hash.yml
Running test case: rails_force_ssl.yml
Running test case: rails_http_hardcoded_passwd.yml
Running test case: rails_httponly_cookie.yml
Running test case: rails_insecure_smtp.yml
Running test case: rails_samesite_cookie.yml
Running test case: rails_unsafe_direct_assignment.yml
Running test case: rsa_weak_crypto.yml
Running test case: sha1_weak_hash.yml
Running test case: skip_authorization.yml
Running test case: ssl_no_verify.yml
Running test case: avoid_unwrap.yml
Running tests in checkers/javascript/testdata for analyzers:
  Running tests for analyzer no-double-eq
  Running tests for analyzer sql_injection

Running tests in checkers/python/testdata for analyzers:
  Running tests for analyzer insecure-urllib-ftp
  Running tests for analyzer django-insecure-eval

All tests passed%                            

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
globstar	⬜️ Ignored (Inspect)	Visit Preview		Mar 27, 2025 3:57pm

[sourya-deepsource]

This checker should be implemented using the taint analyzer.