1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
\.extractall[[:space:]]*\(
RawSQL[[:space:]]*\(
\.extra[[:space:]]*\(.*tables=
csrf[\._]exempt
exec([vl][pe]*)?[[:space:]]*\(
\.system[[:space:]]*\([^\)]+\)
[Pp]open[234]?[[:space:]]*\(
openpty[[:space:]]*\(
[Pp][Ii][Pp][Ee][[:space:]]*\(
pipes
exec[[:space:]]*\(
spawn([vl][pe]*)?[[:space:]]\(
shell[[:space:]]\(
subprocess[[:space:]]\(
\.getoutput[[:space:]]*\(
execfile
eval[[:space:]]*\(
fork[[:space:]]*\(
\.trycmd[[:space:]]*\(
run_as_root[[:space:]]*=[[:space:]]*True
,[[:space:]]*shell[[:space:]]*=[[:space:]]*True
\.NamedTemporaryFile[[:space:]]*\(.*\)
\.chmod[[:space:]]*\(
\.run[[:space:]]*\(.*[Dd]ebug[[:space:]]*=[[:space:]]*True
\.secret_key[[:space:]]*=[[:space:]]*['"][^'"]+
render_template_string[[:space:]]*\(.*\{[^\}]+\}
exec[[:space:]]*\([^\);]*["'][[:space:]]*\+
\.execute[[:space:]]*\([[:space:]]*["'].*%.*["'][[:space:]]*%.*\)
[Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+[A-Za-z0-9]+[[:space:]]*=[[:space:]]*\{[^\}]+\}
FROM[[:space:]]+[A-Za-z0-9]+[[:space:]]*=[[:space:]]*\{[^\}]+\}
(WHERE|where)[[:space:]]+[A-Za-z0-9]+[[:space:]]*=[[:space:]]*\{[^\}]+\}
[\'\" ]+(AND|and)[[:space:]]+[A-Za-z0-9]+[[:space:]]*=[[:space:]]*\{[^\}]+\}
(LIKE|like)[[:space:]]+[^\}\);]*\{[^\}]+\}
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+[A-Za-z0-9_, -]*\{[^\}]+\}
['" ](LIMIT|limit)[[:space:]]+[^\}\);]*\{[^\}]+\}
autoescape[[:space:]]*=[[:space:]]*[Ff][Aa][Ll][Ss][Ee]
[Vv][Ee][Rr][Ii][Ff][Yy]_([Ee][Xx][Pp]|[Ss][Ii][Gg][Nn][Aa][Tt][Uu][Rr][Ee])[^:]*:.?False
[Aa]lgorithms?[[:space:]]*=[[:space:]]*\[?[[:space:]]*["']none["']
\.insert(_one|_many)?[[:space:]]*\(
\.find(_one|_many)?[[:space:]]*\(
\.replace(_one|_many)?[[:space:]]*\(
\.drop_database[[:space:]]*\(
\.create_index[[:space:]]*\(
\.remove[[:space:]]*\(
access[[:space:]]*\(
assert[[:space:]]*\(
mkfifo
pathconf
listdir
open[[:space:]]*\(
lstat
stat[[:space:]]*\(
chmod[[:space:]]*\(
chown[[:space:]]*\(
rename[[:space:]]*\(
mkdir[[:space:]]*\(
rmdir[[:space:]]\(
remove[[:space:]]*\(
\.unlink[[:space:]]*\(
link[[:space:]]*\(
input[[:space:]]*\(
compile[[:space:]]*\(
tmpfile
tmpnam
getlogin
ttyname
raw_input
read[[:space:]]*\(
recvfrom
recv
\.signal[[:space:]]\(
[Bb]astion
[Rr][Ee]xec
r_eval
r_execfile
r_exec
shell[[:space:]]*=[[:space:]]*[Ff]alse
Cookie
SmartCookie
SerialParser
multiprocessing
shelve
import[[:space:]]+ast
import[[:space:]]+parser
import[[:space:]]+compiler
urllib3.disable_warnings
c?[Pp]ickle\.(loads|dumps)[[:space:]]*\(
[Ww][Hh][Ee][Rr][Ee][[:space:]]+.*=[[:space:]]*\{\}
[Aa][Nn][Dd][[:space:]]+.*=[[:space:]]*\{\}
[Ww][Hh][Ee][Rr][Ee][[:space:]]+.*=.*%s.*%[[:space:]]+[A-Za-z0-9]+
\.filter[[:space:]]*\([[:space:]]*text[[:space:]]*\([^\)]+%s
\.create_function[[:space:]]*\(
\.create_aggregate[[:space:]]*\(
\.create_collation[[:space:]]*\(
\.enable_load_extension[[:space:]]*\([[:space:]]*True
\.execute(many|script)?[[:space:]]*\(
\.iterdump[[:space:]]*\(
\.load_extension[[:space:]]*\(
\.set_authorizer[[:space:]]*\(
\.set_progress_handler[[:space:]]*\(
\.set_missing_host_key_policy[[:space:]]*\([^\)]+\.AutoAddPolicy
\.exec_command[[:space:]]*\(
\.(post|get|head)[[:space:]]*\([^,]+,[[:space:]]*verify[[:space:]]*=[[:space:]]*False
SSLv2_METHOD
\.generate_private_key[[:space:]]*\(
\.startswith\(
\.urlopen\(
[Yy][Aa][Mm][Ll]\.(dump|load)[[:space:]]*\(
|
