feat(analyzer): detect insecure deserialization (AST10, TT6, DS1–DS4)#246
Open
AbhiramDwivedi wants to merge 1 commit into
Open
feat(analyzer): detect insecure deserialization (AST10, TT6, DS1–DS4)#246AbhiramDwivedi wants to merge 1 commit into
AbhiramDwivedi wants to merge 1 commit into
Conversation
Closes the insecure-deserialization gap (OWASP ASI05 - Unexpected Code Execution) across the analyzer stack: - behavioral_ast (AST10): flags pickle / marshal / dill / jsonpickle / joblib / pandas.read_pickle, plus argument-aware yaml.load, torch.load, and numpy.load so the hardened forms (SafeLoader, weights_only=True, default allow_pickle=False) are not false-positived. - behavioral_taint_tracking (TT6): external or file input -> deserialization sink, the RCE-class flow analogue of TT5. - static_patterns_deserialization (DS1-DS4): language-gated regex breadth for the non-Python scripts a skill may bundle (PHP unserialize, Ruby Marshal/YAML/Oj, JS node-serialize/funcster). Registers the new analyzer node, adds rule metadata (explanations, remediations, category, pattern names), and ships unit tests for all rules including hardened-form and language-gating negative cases. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Ram Dwivedi <abhiram.dwivedi@yahoo.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Closes #245. Adds insecure-deserialization detection (CWE-502; OWASP ASI05 – Unexpected Code Execution). Before this change an RCE-class skill — e.g. PHP
unserialize($_GET…)— scanned SAFE / 0.Changes
behavioral_ast(AST10) —pickle/cPickle/_pickle/marshal/dill/jsonpickle/joblib/pandas.read_pickle, plus argument-awareyaml.load,torch.load,numpy.loadso hardened forms (SafeLoader,weights_only=True, defaultallow_pickle=False) are not flagged. MEDIUM / 0.70.behavioral_taint_tracking(TT6) — external or file input → deserialization sink; HIGH / 0.85 (the deserialization analogue of TT5). File-read sources are deliberately included: loading a bundled/downloaded blob is the classic skill vector.static_patterns_deserialization(DS1–DS4) — new language-gated regex module for the non-Python scripts a skill may bundle: PHPunserialize(DS1), RubyMarshal/restore(DS2), RubyYAML/Psych/Oj(DS3), JSnode-serialize/serialize-to-js/funcster(DS4). Registered in the analyzer registry; Python is intentionally excluded here (covered with AST/taint precision above).pattern_defaults.py— newInsecure Deserializationcategory plus explanation / remediation / display-name / category metadata for every new rule.Scope
Only the languages SkillSpector already supports — Python (deep), JS/TS, Ruby, PHP (breadth). Java/.NET are intentionally out of scope.
Tests / validation
test_behavioral_ast.py,test_behavioral_taint_tracking.py,test_static_patterns_deserialization.py;test_registry.pyupdated for the new node.make lintclean;ruff format --checkclean; full unit suite: 1294 passed, 15 skipped, 6 xfailed.yaml.safe_load,weights_only=True) confirmed not false-positived.All commits are DCO signed-off.