Skip to content

feat: add static regex detection for os.system and os.popen shell injections#1165

Open
bhaveshyab wants to merge 1 commit into
imDarshanGK:mainfrom
bhaveshyab:feature/os-injection-detection-763
Open

feat: add static regex detection for os.system and os.popen shell injections#1165
bhaveshyab wants to merge 1 commit into
imDarshanGK:mainfrom
bhaveshyab:feature/os-injection-detection-763

Conversation

@bhaveshyab

Copy link
Copy Markdown

Description

Added robust static analysis regex patterns (BugPattern) to detect unsafe usages of os.system() and os.popen() in Python source code, which can introduce severe command and shell injection vulnerabilities.

Related Issue

Fixes #763

Type of change

  • Bug fix
  • New feature / enhancement
  • Documentation update
  • Test addition
  • Refactor

Checklist

  • I have read CONTRIBUTING.md
  • My branch is up to date with main
  • I have run pytest -v and all tests pass
  • I have not introduced duplicate issues or features
  • My PR title follows the format: feat/fix/docs/test: short description
  • I have added tests for new features (Level 2 and 3 issues)
  • No hardcoded secrets or API keys in my code
  • This PR is linked to a GSSoC 2026 issue

Test evidence

backend\tests\test_code_assistant.py ....                                 [100%]
============================== 4 passed in 0.22s ===============================

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Security] Add detection for os.system() and os.popen() shell injection vulnerabilities

1 participant