Scan Patterns (68)
| Category | Language | Extensions | Pattern | Confidence | Enabled |
|---|---|---|---|---|---|
| code-injection | python | .py | \beval\s*\( |
high | Yes |
| code-injection | python | .py | \bexec\s*\( |
high | Yes |
| code-injection | python | .py | \bcompile\s*\( |
medium | Yes |
| unsafe-deser | python | .py | pickle\.(load|loads)\s*\( |
high | Yes |
| unsafe-deser | python | .py | torch\.load\s*\( |
medium | Yes |
| unsafe-deser | python | .py | joblib\.load\s*\( |
medium | Yes |
| unsafe-deser | python | .py | marshal\.loads?\s*\( |
high | Yes |
| unsafe-deser | python | .py | yaml\.load\s*\( |
high | Yes |
| unsafe-deser | python | .py | yaml\.full_load\s*\( |
medium | Yes |
| shell-injection | python | .py | subprocess.*shell\s*=\s*True |
high | Yes |
| shell-injection | python | .py | os\.system\s*\( |
high | Yes |
| shell-injection | python | .py | os\.popen\s*\( |
high | Yes |
| dynamic-import | python | .py | __import__\s*\( |
medium | Yes |
| dynamic-import | python | .py | importlib\.import_module |
medium | Yes |
| ssrf | python | .py | requests\.(get|post|put|delete|head)\s*\( |
low | Yes |
| path-traversal | python | .py | os\.path\.join\s*\( |
low | Yes |
| sql-injection | python | .py | \.execute\s*\(\s*f["'] |
high | Yes |
| sql-injection | python | .py | \.execute\s*\(.*\.format\s*\( |
high | Yes |
| sql-injection | python | .py | \.execute\s*\(.*%\s |
medium | Yes |
| regex-dos | python | .py | re\.compile\s*\(.*\b(request|user|input|param) |
medium | Yes |
| auth-bypass | python | .py | jwt\.decode.*verify\s*=\s*False |
high | Yes |
| auth-bypass | python | .py | verify\s*=\s*False |
low | Yes |
| buffer-overflow | c | .c, .cpp, .cc, .h, .hpp | \bstrcpy\s*\( |
high | Yes |
| buffer-overflow | c | .c, .cpp, .cc, .h, .hpp | \bstrcat\s*\( |
high | Yes |
| buffer-overflow | c | .c, .cpp, .cc, .h, .hpp | \bsprintf\s*\( |
high | Yes |
| buffer-overflow | c | .c, .cpp, .cc, .h, .hpp | \bgets\s*\( |
high | Yes |
| buffer-overflow | c | .c, .cpp, .cc, .h, .hpp | \bvsprintf\s*\( |
high | Yes |
| integer-overflow | c | .c, .cpp, .cc, .h, .hpp | malloc\s*\(.*\* |
medium | Yes |
| integer-overflow | c | .c, .cpp, .cc, .h, .hpp | \(int\)\s*\w+\s*[\*\+] |
medium | Yes |
| integer-overflow | c | .c, .cpp, .cc, .h, .hpp | static_cast<int> |
medium | Yes |
| format-string | c | .c, .cpp, .cc | printf\s*\(\s*[a-zA-Z_] |
high | Yes |
| assert-only | c | .c, .cpp, .cc, .h, .hpp | \bASSERT\s*\( |
low | Yes |
| shell-injection | c | .c, .cpp, .cc | \bsystem\s*\( |
high | Yes |
| shell-injection | c | .c, .cpp, .cc | \bpopen\s*\( |
high | Yes |
| code-injection | php | .php | \beval\s*\( |
high | Yes |
| code-injection | php | .php | \bassert\s*\( |
medium | Yes |
| unsafe-deser | php | .php | \bunserialize\s*\( |
high | Yes |
| shell-injection | php | .php | \b(shell_exec|passthru|system|exec|popen)\s*\( |
high | Yes |
| file-inclusion | php | .php | (include|require)(_once)?\s*\(\s*\$ |
high | Yes |
| ssrf | php | .php | file_get_contents\s*\(\s*\$ |
medium | Yes |
| sql-injection | php | .php | \.\s*\$_(GET|POST|REQUEST|COOKIE) |
high | Yes |
| zip-slip | php | .php | extractTo\s*\( |
medium | Yes |
| xss | php | .php | echo\s+\$_(GET|POST|REQUEST) |
high | Yes |
| code-injection | js | .js, .ts, .jsx, .tsx | \beval\s*\( |
high | Yes |
| code-injection | js | .js, .ts, .jsx, .tsx | new\s+Function\s*\( |
high | Yes |
| xss | js | .js, .ts, .jsx, .tsx | \.innerHTML\s*= |
medium | Yes |
| xss | js | .js, .ts, .jsx, .tsx | document\.write\s*\( |
medium | Yes |
| xss | js | .js, .ts, .jsx, .tsx | dangerouslySetInnerHTML |
medium | Yes |
| xss | js | .js, .ts, .jsx, .tsx | v-html\s*= |
medium | Yes |
| shell-injection | js | .js, .ts | child_process\.(exec|execSync)\s*\( |
high | Yes |
| prototype-pollution | js | .js, .ts | __proto__ |
high | Yes |
| prototype-pollution | js | .js, .ts | constructor\s*\[\s*["']prototype |
high | Yes |
| shell-injection | go | .go | exec\.Command\s*\( |
medium | Yes |
| sql-injection | go | .go | \.(Query|Exec)\s*\(.*\+ |
high | Yes |
| template-injection | go | .go | template\.HTML\s*\( |
medium | Yes |
| path-traversal | go | .go | filepath\.Join\s*\( |
low | Yes |
| shell-injection | java | .java | Runtime.*exec\s*\( |
high | Yes |
| shell-injection | java | .java | ProcessBuilder |
medium | Yes |
| unsafe-deser | java | .java | ObjectInputStream.*readObject |
high | Yes |
| xxe | java | .java | XMLInputFactory |
medium | Yes |
| jndi-injection | java | .java | InitialContext.*lookup |
high | Yes |
| code-injection | ruby | .rb | \beval\s*\( |
high | Yes |
| code-injection | ruby | .rb | \binstance_eval\b |
high | Yes |
| shell-injection | ruby | .rb | \bsystem\s*\( |
high | Yes |
| unsafe-deser | ruby | .rb | YAML\.load\b |
high | Yes |
| dynamic-dispatch | ruby | .rb | \bsend\s*\( |
medium | Yes |
| hardcoded-secret | any | - | (api_key|apikey|secret_key|password|aws_secret)\s*=\s*["'][A-Za-z0-9+/=]{20,} |
medium | Yes |
| weak-crypto | any | - | \b(md5|sha1)\s*\( |
low | Yes |