Arbitrary Code Execution via NumPy Library Loading
Description
Loading custom operator libraries with `numpy.ctypeslib.load_library` can result in arbitrary code execution. This function can pose a security risk if used with untrusted input.
Examples
Insecure Code
python
numpy.ctypeslib.load_library('malicious_library')Secure Code
python
numpy.ctypeslib.load_library('approved_library', 'approved_path')Remediation
Validate and sanitize input to `numpy.ctypeslib.load_library` to prevent loading malicious libraries. Consider using a whitelist of approved libraries.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0225 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-676 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | arbitrary code execution, library loading |
| OWASP | N/A |