Arbitrary Code Execution via NumPy f2py Compilation

Description

Compiling arbitrary code can result in code execution. Ensure the source code is from a trusted location. The use of `numpy.f2py.compile()` can potentially lead to arbitrary code execution if the source code is not trusted.

Examples

Insecure Code

python

numpy.f2py.compile(user_input)

Secure Code

python

numpy.f2py.compile("trusted_source.py")

Remediation

Validate and sanitize the input to `numpy.f2py.compile()` to ensure it comes from a trusted source.

Rule Details

Field	Value
ID	CODE-0489
Category	Injection
Severity	CRITICAL
CWE	CWE-676
Confidence	MEDIUM
Impact	HIGH
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	code execution, arbitrary code
OWASP	N/A

References

https://numpy.org/doc/stable/f2py/usage.html

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Arbitrary Code Execution via NumPy f2py Compilation

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Arbitrary Code Execution via NumPy f2py Compilation ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Arbitrary Code Execution via NumPy f2py Compilation

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References