├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── c_cpp ├── bof.txt └── heap.txt ├── dotnet ├── deserialization.txt ├── lfi.txt ├── rce.txt ├── ssrf.txt ├── ssti.txt └── xss.txt ├── golang ├── bof.txt ├── deserialization.txt ├── lfi.txt ├── rce.txt ├── ssrf.txt ├── ssti.txt └── xss.txt ├── java ├── deserialization.txt ├── lfi.txt ├── rce.txt ├── ssrf.txt ├── ssti.txt └── xss.txt ├── javascript ├── deserialization.txt ├── lfi.txt ├── nosqli.txt ├── rce.txt ├── ssrf.txt ├── ssti.txt └── xss.txt ├── php ├── deserialization.txt ├── lfi.txt ├── rce.txt ├── ssrf.txt ├── ssti.txt └── xss.txt ├── python ├── deserialization.txt ├── lfi.txt ├── rce.txt ├── ssrf.txt ├── ssti.txt └── xss.txt └── ruby ├── deserialization.txt ├── lfi.txt ├── rce.txt ├── ssrf.txt ├── ssti.txt └── xss.txt /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # CONTRIBUTING 2 | The purpose of this guideline is to define what functions should be included in this repository, and how to include them. 3 | 4 | ## What is an Insecure Function ? 5 | Any function that introduces a vulnerability to the program by itself or when it receives an user-controlled parameter. The vulnerability should be well-documented and not informative. 6 | 7 | ### Vulnerabilities 8 | 9 | Here's a list of vulnerabilities that we included so far, if you think on a vulnerability that should be included open an Issue. 10 | 11 | | Vulnerability | Filename | 12 | |---------------|----------| 13 | | Buffer Overflow| bof.txt | 14 | | Heap Overflow | heap.txt | 15 | | Insecure Deserialization | deserialization.txt | 16 | | Local File Include | lfi.txt | 17 | | Remote Command Execution | rce.txt | 18 | | Server Side Request Forgery | ssrf.txt | 19 | | Server Side Template Injection | ssti.txt | 20 | | Cross-Site Scripting | xss.txt| 21 | | SQL Injection | sqli.txt | 22 | 23 | ### Exceptions 24 | If a function needs special arguments or configurations to be insecure this should be debated per case. 25 | 26 | ## How to represent the Function ? 27 | As the goal of the project is to assist code reviews, the lists should contain a minimal and unambiguous string that represents the function. 28 | This should make it easy for the hacker to search for this string on his source code. The list should also be script friendly. 29 | 30 | ### Minimal 31 | A minimal representation of the Insecure Function should be a string that when searched on the source code only finds Insecure Functions, with some exceptions. 32 | 33 | Example : 34 | ```python 35 | eval(input("Enter a math expression: ")) 36 | ``` 37 | Should be included on the `/python/rce.txt` file as 38 | ``` 39 | eval 40 | ``` 41 | 42 | ### Unambiguous 43 | Sometimes a Function is included on more than one lib, on those cases the lib name should be also included on the file. 44 | 45 | Example: 46 | ```golang 47 | resp, err := http.Get("https://google") 48 | ``` 49 | As `Get` maybe appears on other contexts and it's a fairly common string, we need to include the whole `http.Get` on `/golang/ssrf.txt` 50 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Creative Commons Legal Code 2 | 3 | CC0 1.0 Universal 4 | 5 | CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE 6 | LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN 7 | ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS 8 | INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES 9 | REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS 10 | PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM 11 | THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED 12 | HEREUNDER. 13 | 14 | Statement of Purpose 15 | 16 | The laws of most jurisdictions throughout the world automatically confer 17 | exclusive Copyright and Related Rights (defined below) upon the creator 18 | and subsequent owner(s) (each and all, an "owner") of an original work of 19 | authorship and/or a database (each, a "Work"). 20 | 21 | Certain owners wish to permanently relinquish those rights to a Work for 22 | the purpose of contributing to a commons of creative, cultural and 23 | scientific works ("Commons") that the public can reliably and without fear 24 | of later claims of infringement build upon, modify, incorporate in other 25 | works, reuse and redistribute as freely as possible in any form whatsoever 26 | and for any purposes, including without limitation commercial purposes. 27 | These owners may contribute to the Commons to promote the ideal of a free 28 | culture and the further production of creative, cultural and scientific 29 | works, or to gain reputation or greater distribution for their Work in 30 | part through the use and efforts of others. 31 | 32 | For these and/or other purposes and motivations, and without any 33 | expectation of additional consideration or compensation, the person 34 | associating CC0 with a Work (the "Affirmer"), to the extent that he or she 35 | is an owner of Copyright and Related Rights in the Work, voluntarily 36 | elects to apply CC0 to the Work and publicly distribute the Work under its 37 | terms, with knowledge of his or her Copyright and Related Rights in the 38 | Work and the meaning and intended legal effect of CC0 on those rights. 39 | 40 | 1. Copyright and Related Rights. A Work made available under CC0 may be 41 | protected by copyright and related or neighboring rights ("Copyright and 42 | Related Rights"). Copyright and Related Rights include, but are not 43 | limited to, the following: 44 | 45 | i. the right to reproduce, adapt, distribute, perform, display, 46 | communicate, and translate a Work; 47 | ii. moral rights retained by the original author(s) and/or performer(s); 48 | iii. publicity and privacy rights pertaining to a person's image or 49 | likeness depicted in a Work; 50 | iv. rights protecting against unfair competition in regards to a Work, 51 | subject to the limitations in paragraph 4(a), below; 52 | v. rights protecting the extraction, dissemination, use and reuse of data 53 | in a Work; 54 | vi. database rights (such as those arising under Directive 96/9/EC of the 55 | European Parliament and of the Council of 11 March 1996 on the legal 56 | protection of databases, and under any national implementation 57 | thereof, including any amended or successor version of such 58 | directive); and 59 | vii. other similar, equivalent or corresponding rights throughout the 60 | world based on applicable law or treaty, and any national 61 | implementations thereof. 62 | 63 | 2. Waiver. To the greatest extent permitted by, but not in contravention 64 | of, applicable law, Affirmer hereby overtly, fully, permanently, 65 | irrevocably and unconditionally waives, abandons, and surrenders all of 66 | Affirmer's Copyright and Related Rights and associated claims and causes 67 | of action, whether now known or unknown (including existing as well as 68 | future claims and causes of action), in the Work (i) in all territories 69 | worldwide, (ii) for the maximum duration provided by applicable law or 70 | treaty (including future time extensions), (iii) in any current or future 71 | medium and for any number of copies, and (iv) for any purpose whatsoever, 72 | including without limitation commercial, advertising or promotional 73 | purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each 74 | member of the public at large and to the detriment of Affirmer's heirs and 75 | successors, fully intending that such Waiver shall not be subject to 76 | revocation, rescission, cancellation, termination, or any other legal or 77 | equitable action to disrupt the quiet enjoyment of the Work by the public 78 | as contemplated by Affirmer's express Statement of Purpose. 79 | 80 | 3. Public License Fallback. Should any part of the Waiver for any reason 81 | be judged legally invalid or ineffective under applicable law, then the 82 | Waiver shall be preserved to the maximum extent permitted taking into 83 | account Affirmer's express Statement of Purpose. In addition, to the 84 | extent the Waiver is so judged Affirmer hereby grants to each affected 85 | person a royalty-free, non transferable, non sublicensable, non exclusive, 86 | irrevocable and unconditional license to exercise Affirmer's Copyright and 87 | Related Rights in the Work (i) in all territories worldwide, (ii) for the 88 | maximum duration provided by applicable law or treaty (including future 89 | time extensions), (iii) in any current or future medium and for any number 90 | of copies, and (iv) for any purpose whatsoever, including without 91 | limitation commercial, advertising or promotional purposes (the 92 | "License"). The License shall be deemed effective as of the date CC0 was 93 | applied by Affirmer to the Work. Should any part of the License for any 94 | reason be judged legally invalid or ineffective under applicable law, such 95 | partial invalidity or ineffectiveness shall not invalidate the remainder 96 | of the License, and in such case Affirmer hereby affirms that he or she 97 | will not (i) exercise any of his or her remaining Copyright and Related 98 | Rights in the Work or (ii) assert any associated claims and causes of 99 | action with respect to the Work, in either case contrary to Affirmer's 100 | express Statement of Purpose. 101 | 102 | 4. Limitations and Disclaimers. 103 | 104 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 105 | surrendered, licensed or otherwise affected by this document. 106 | b. Affirmer offers the Work as-is and makes no representations or 107 | warranties of any kind concerning the Work, express, implied, 108 | statutory or otherwise, including without limitation warranties of 109 | title, merchantability, fitness for a particular purpose, non 110 | infringement, or the absence of latent or other defects, accuracy, or 111 | the present or absence of errors, whether or not discoverable, all to 112 | the greatest extent permissible under applicable law. 113 | c. Affirmer disclaims responsibility for clearing rights of other persons 114 | that may apply to the Work or any use thereof, including without 115 | limitation any person's Copyright and Related Rights in the Work. 116 | Further, Affirmer disclaims responsibility for obtaining any necessary 117 | consents, permissions or other rights required for any use of the 118 | Work. 119 | d. Affirmer understands and acknowledges that Creative Commons is not a 120 | party to this document and has no duty or obligation with respect to 121 | this CC0 or use of the Work. 122 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # InsecureFunctionsList 2 | Collaborative repository to catalogue insecure functions in various programming languages. 3 | 4 | This project is maintained by [@c3l3si4n](https://github.com/c3l3si4n) and [@caioluders](https://github.com/caioluders) 5 | 6 | # Goals 7 | The main goal is to have a definitive and precise list of functions that are likely to be insecure. The main usage is to help security code reviews. We do not aim to detail why the function is insecure and how to exploit it, this would be a gargantuan work (maybe later tho). 8 | 9 | ## Contributing 10 | 11 | * Want to add more functions? Fist take a look at the [CONTRIBUTING.md](https://github.com/caioluders/InsecureFunctionsList/blob/main/CONTRIBUTING.md), the document defines what types of functions makes senses to include, and how to represent them. After that please make a Pull Request with the functions that you think should be included. 12 | 13 | * Think a function shouldn't be here? Please read the [CONTRIBUTING.md](https://github.com/caioluders/InsecureFunctionsList/blob/main/CONTRIBUTING.md), and if the function doesn't comply with the guideline open an Issue so we can debate. 14 | 15 | * Requests / Ideas ? Open an Issue ! 16 | -------------------------------------------------------------------------------- /c_cpp/bof.txt: -------------------------------------------------------------------------------- 1 | gets 2 | strcpy 3 | strcat 4 | sprintf 5 | vsprintf 6 | scanf 7 | -------------------------------------------------------------------------------- /c_cpp/heap.txt: -------------------------------------------------------------------------------- 1 | malloc 2 | calloc 3 | free 4 | -------------------------------------------------------------------------------- /dotnet/deserialization.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/dotnet/deserialization.txt -------------------------------------------------------------------------------- /dotnet/lfi.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/dotnet/lfi.txt -------------------------------------------------------------------------------- /dotnet/rce.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/dotnet/rce.txt -------------------------------------------------------------------------------- /dotnet/ssrf.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/dotnet/ssrf.txt -------------------------------------------------------------------------------- /dotnet/ssti.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/dotnet/ssti.txt -------------------------------------------------------------------------------- /dotnet/xss.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/dotnet/xss.txt -------------------------------------------------------------------------------- /golang/bof.txt: -------------------------------------------------------------------------------- 1 | unsafe.Offsetof 2 | unsafe.Sizeof 3 | unsafe.Slice 4 | unsafe.Add 5 | -------------------------------------------------------------------------------- /golang/deserialization.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/golang/deserialization.txt -------------------------------------------------------------------------------- /golang/lfi.txt: -------------------------------------------------------------------------------- 1 | http.FileServer 2 | http.ServeFile 3 | os.ReadFile 4 | os.ReadDir 5 | ioutil.ReadDir 6 | ioutil.ReadFile 7 | io.ReadAll 8 | ioutil.ReadAll 9 | os.Open 10 | Read 11 | -------------------------------------------------------------------------------- /golang/rce.txt: -------------------------------------------------------------------------------- 1 | exec.Command 2 | Command.Run 3 | -------------------------------------------------------------------------------- /golang/ssrf.txt: -------------------------------------------------------------------------------- 1 | http.Get 2 | http.Head 3 | http.Post 4 | http.PostForm 5 | http.Client 6 | http.NewRequest 7 | -------------------------------------------------------------------------------- /golang/ssti.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/golang/ssti.txt -------------------------------------------------------------------------------- /golang/xss.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/golang/xss.txt -------------------------------------------------------------------------------- /java/deserialization.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/java/deserialization.txt -------------------------------------------------------------------------------- /java/lfi.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/java/lfi.txt -------------------------------------------------------------------------------- /java/rce.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/java/rce.txt -------------------------------------------------------------------------------- /java/ssrf.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/java/ssrf.txt -------------------------------------------------------------------------------- /java/ssti.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/java/ssti.txt -------------------------------------------------------------------------------- /java/xss.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/java/xss.txt -------------------------------------------------------------------------------- /javascript/deserialization.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/javascript/deserialization.txt -------------------------------------------------------------------------------- /javascript/lfi.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/javascript/lfi.txt -------------------------------------------------------------------------------- /javascript/nosqli.txt: -------------------------------------------------------------------------------- 1 | find 2 | findOne -------------------------------------------------------------------------------- /javascript/rce.txt: -------------------------------------------------------------------------------- 1 | Function 2 | crypto.generateCRMFRequest 3 | eval 4 | execCommand 5 | execScript 6 | msSetImmediate 7 | range.createContextualFragment 8 | setImmediate 9 | setInterval 10 | setTimeout 11 | -------------------------------------------------------------------------------- /javascript/ssrf.txt: -------------------------------------------------------------------------------- 1 | location 2 | location.host 3 | location.hostname 4 | location.href 5 | location.pathname 6 | location.search 7 | location.protocol 8 | location.assign 9 | location.replace 10 | open 11 | element.srcdoc 12 | XMLHttpRequest.open 13 | XMLHttpRequest.send 14 | jQuery.ajax 15 | $.ajax 16 | fetch 17 | -------------------------------------------------------------------------------- /javascript/ssti.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/javascript/ssti.txt -------------------------------------------------------------------------------- /javascript/xss.txt: -------------------------------------------------------------------------------- 1 | $.parseHTML 2 | add 3 | after 4 | animate 5 | append 6 | before 7 | constructor 8 | document.domain 9 | document.write 10 | document.writeln 11 | element.innerHTML 12 | element.insertAdjacentHTML 13 | element.onevent 14 | element.outerHTML 15 | has 16 | html 17 | index 18 | init 19 | innerHTML 20 | insertAdjacentHTML 21 | insertAfter 22 | insertBefore 23 | jQuery.parseHTML 24 | outerHTML 25 | prepend 26 | replaceAll 27 | replaceWith 28 | wrap 29 | wrapAll 30 | wrapInner 31 | -------------------------------------------------------------------------------- /php/deserialization.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/php/deserialization.txt -------------------------------------------------------------------------------- /php/lfi.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/php/lfi.txt -------------------------------------------------------------------------------- /php/rce.txt: -------------------------------------------------------------------------------- 1 | shell_exec 2 | exec 3 | system 4 | passthru 5 | proc_open 6 | -------------------------------------------------------------------------------- /php/ssrf.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/php/ssrf.txt -------------------------------------------------------------------------------- /php/ssti.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/php/ssti.txt -------------------------------------------------------------------------------- /php/xss.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/php/xss.txt -------------------------------------------------------------------------------- /python/deserialization.txt: -------------------------------------------------------------------------------- 1 | pickle.load 2 | pickle.loads 3 | pickle.Unpickler 4 | -------------------------------------------------------------------------------- /python/lfi.txt: -------------------------------------------------------------------------------- 1 | open 2 | read 3 | send_file 4 | render_template 5 | serve 6 | render_to_string 7 | -------------------------------------------------------------------------------- /python/rce.txt: -------------------------------------------------------------------------------- 1 | eval 2 | os.popen 3 | os.system 4 | commands.getstatusoutput 5 | commands.getoutput 6 | commands.getstatus 7 | subprocess.call 8 | subprocess.Popen 9 | pty.spawn 10 | platform.os.system 11 | __import__ 12 | execfile 13 | importlib.import_module 14 | exec 15 | timeit 16 | -------------------------------------------------------------------------------- /python/ssrf.txt: -------------------------------------------------------------------------------- 1 | requests.get 2 | requests.post 3 | requests.put 4 | requests.options 5 | requests.delete 6 | request.urlopen 7 | urllib.request.urlopen 8 | urllib.urlopen 9 | urlopen 10 | -------------------------------------------------------------------------------- /python/ssti.txt: -------------------------------------------------------------------------------- 1 | render_to_string 2 | render_template 3 | render 4 | -------------------------------------------------------------------------------- /python/xss.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/python/xss.txt -------------------------------------------------------------------------------- /ruby/deserialization.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/ruby/deserialization.txt -------------------------------------------------------------------------------- /ruby/lfi.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/ruby/lfi.txt -------------------------------------------------------------------------------- /ruby/rce.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/ruby/rce.txt -------------------------------------------------------------------------------- /ruby/ssrf.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/ruby/ssrf.txt -------------------------------------------------------------------------------- /ruby/ssti.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/ruby/ssti.txt -------------------------------------------------------------------------------- /ruby/xss.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/caioluders/InsecureFunctionsList/f274dedf2985f1a5312bae2789610cce1dd90485/ruby/xss.txt --------------------------------------------------------------------------------