Skip to content

Commit 4bc4eb1

Browse files
shivasuryaclaude
shivasurya
and
claude
authored
feat(rules): add Python security rules for R2 distribution (#469)
Added Python security rules to the rules directory structure for R2 upload and remote ruleset distribution. **Python Rules Added:** - PYTHON-DESER-001: Unsafe Pickle Deserialization (CRITICAL, CWE-502) - PYTHON-DJANGO-001: Django SQL Injection in cursor.execute() (CRITICAL, CWE-89) - PYTHON-FLASK-001: Flask Debug Mode Enabled (HIGH, CWE-489) **Bundle Structure:** rules/python/ ├── manifest.json ├── deserialization/ │ └── pickle_loads.py ├── django/ │ └── sql_injection.py └── flask/ └── debug_mode.py **Changes:** - Added rules/python/ directory with 3 security rules across 3 bundles - Created rules/python/manifest.json with bundle metadata - Updated rules/manifest.json to include "python" category - Updated timestamp to 2026-01-17 **Bundles:** 1. **deserialization** - Unsafe deserialization (pickle.loads RCE) 2. **django** - Django framework security (SQL injection) 3. **flask** - Flask framework security (debug mode) **Metadata:** - All rules include CWE, CVE, OWASP, severity, tags - Comprehensive documentation in each rule file - Proper @python_rule decorators with full metadata **Testing:** Verified with dry-run: ``` python3 ./tools/process_rules_for_r2.py --dry-run 📦 Processing category: python 📁 Bundle: deserialization (2 files, 12.3 KB) 📁 Bundle: django (2 files, 10.6 KB) 📁 Bundle: flask (2 files, 9.7 KB) ✅ Processing complete! ``` **Next Steps:** After merge, deploy-rules workflow will upload to R2: - https://assets.codepathfinder.dev/rules/python/deserialization.zip - https://assets.codepathfinder.dev/rules/python/django.zip - https://assets.codepathfinder.dev/rules/python/flask.zip **Usage:** ```bash # Download and scan with Python rules pathfinder scan --project . --ruleset python/deserialization pathfinder scan --project . --ruleset python/PYTHON-DESER-001 ``` Co-authored-by: Claude Sonnet 4.5 <[email protected]>
1 parent 09659b3 commit 4bc4eb1

File tree

9 files changed

+1238
-2
lines changed

9 files changed

+1238
-2
lines changed

rules/manifest.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"version": "1.0.0",
3-
"categories": ["docker", "docker-compose"],
4-
"updated_at": "2026-01-14T00:00:00Z",
3+
"categories": ["docker", "docker-compose", "python"],
4+
"updated_at": "2026-01-17T00:00:00Z",
55
"description": "Code Pathfinder unified rules repository"
66
}

rules/python/__init__.py

Whitespace-only changes.

rules/python/deserialization/__init__.py

Whitespace-only changes.

0 commit comments

Comments
 (0)