Django rules

ehooo · Mar 18, 2019 · f3f9f32 · f3f9f32
1 parent 3506e91
commit f3f9f32
Show file tree

Hide file tree

Showing 14 changed files with 40 additions and 0 deletions.
diff --git a/rules/django_cve/django_cve.py → rules/django/django_cve.py b/rules/django_cve/django_cve.py → rules/django/django_cve.py
diff --git a/rules/django_cve/django_popen.py → rules/django/django_popen.py b/rules/django_cve/django_popen.py → rules/django/django_popen.py
diff --git a/rules/django_cve/django_sql_injection.py → rules/django/django_sql_injection.py b/rules/django_cve/django_sql_injection.py → rules/django/django_sql_injection.py
diff --git a/rules/django_cve/django_xss.py → rules/django/django_xss.py b/rules/django_cve/django_xss.py → rules/django/django_xss.py
diff --git a/rules/django/examples/django_sql_injection_extra.py b/rules/django/examples/django_sql_injection_extra.py
@@ -0,0 +1,29 @@
+from django.contrib.auth.models import User
+
+User.objects.filter(username='admin').extra(
+    select={'test': 'secure'},
+    where=['secure'],
+    tables=['secure']
+)
+User.objects.filter(username='admin').extra({'test': 'secure'})
+User.objects.filter(username='admin').extra(select={'test': 'secure'})
+User.objects.filter(username='admin').extra(where=['secure'])
+
+User.objects.filter(username='admin').extra(dict(could_be='insecure'))
+User.objects.filter(username='admin').extra(select=dict(could_be='insecure'))
+query = '"username") AS "username", * FROM "auth_user" WHERE 1=1 OR "username"=? --'
+User.objects.filter(username='admin').extra(select={'test': query})
+User.objects.filter(username='admin').extra(select={'test': '%secure' % 'nos'})
+User.objects.filter(username='admin').extra(select={'test': '{}secure'.format('nos')})
+
+where_var = ['1=1) OR 1=1 AND (1=1']
+User.objects.filter(username='admin').extra(where=where_var)
+where_str = '1=1) OR 1=1 AND (1=1'
+User.objects.filter(username='admin').extra(where=[where_str])
+User.objects.filter(username='admin').extra(where=['%secure' % 'nos'])
+User.objects.filter(username='admin').extra(where=['{}secure'.format('no')])
+
+tables_var = ['django_content_type" WHERE "auth_user"."username"="admin']
+User.objects.all().extra(tables=tables_var).distinct()
+tables_str = 'django_content_type" WHERE "auth_user"."username"="admin'
+User.objects.all().extra(tables=[tables_str]).distinct()
diff --git a/rules/django/examples/django_sql_injection_raw.py b/rules/django/examples/django_sql_injection_raw.py
@@ -0,0 +1,11 @@
+from django.db.models.expressions import RawSQL
+from django.contrib.auth.models import User
+
+User.objects.annotate(val=RawSQL('secure', []))
+User.objects.annotate(val=RawSQL('%secure' % 'nos', []))
+User.objects.annotate(val=RawSQL('{}secure'.format('no'), []))
+raw = '"username") AS "val" FROM "auth_user" WHERE "username"="admin" --'
+User.objects.annotate(val=RawSQL(raw, []))
+raw = '"username") AS "val" FROM "auth_user"' \
+      ' WHERE "username"="admin" OR 1=%s --'
+User.objects.annotate(val=RawSQL(raw, [0]))
diff --git a/rules/django_cve/examples/formset_factory.py → rules/django/examples/formset_factory.py b/rules/django_cve/examples/formset_factory.py → rules/django/examples/formset_factory.py
diff --git a/rules/django_cve/examples/get_format.py → rules/django/examples/get_format.py b/rules/django_cve/examples/get_format.py → rules/django/examples/get_format.py
diff --git a/...ango_cve/examples/get_image_dimensions.py → ...s/django/examples/get_image_dimensions.py b/...ango_cve/examples/get_image_dimensions.py → ...s/django/examples/get_image_dimensions.py
diff --git a/rules/django_cve/examples/imagefield.py → rules/django/examples/imagefield.py b/rules/django_cve/examples/imagefield.py → rules/django/examples/imagefield.py
diff --git a/rules/django_cve/examples/is_safe_url.py → rules/django/examples/is_safe_url.py b/rules/django_cve/examples/is_safe_url.py → rules/django/examples/is_safe_url.py
diff --git a/...ve/examples/multiplechoice_with_hidden.py → ...go/examples/multiplechoice_with_hidden.py b/...ve/examples/multiplechoice_with_hidden.py → ...go/examples/multiplechoice_with_hidden.py
diff --git a/rules/django_cve/examples/strip_tags.py → rules/django/examples/strip_tags.py b/rules/django_cve/examples/strip_tags.py → rules/django/examples/strip_tags.py
diff --git a/rules/django_cve/examples/typecasting.py → rules/django/examples/typecasting.py b/rules/django_cve/examples/typecasting.py → rules/django/examples/typecasting.py