Skip to content

feat: add static regex detection for os.system and os.popen shell injections#1165

Open
bhaveshyab wants to merge 2 commits into
imDarshanGK:mainfrom
bhaveshyab:feature/os-injection-detection-763
Open

feat: add static regex detection for os.system and os.popen shell injections#1165
bhaveshyab wants to merge 2 commits into
imDarshanGK:mainfrom
bhaveshyab:feature/os-injection-detection-763

Conversation

@bhaveshyab

Copy link
Copy Markdown

Description

Added robust static analysis regex patterns (BugPattern) to detect unsafe usages of os.system() and os.popen() in Python source code, which can introduce severe command and shell injection vulnerabilities.

Related Issue

Fixes #763

Type of change

  • Bug fix
  • New feature / enhancement
  • Documentation update
  • Test addition
  • Refactor

Checklist

  • I have read CONTRIBUTING.md
  • My branch is up to date with main
  • I have run pytest -v and all tests pass
  • I have not introduced duplicate issues or features
  • My PR title follows the format: feat/fix/docs/test: short description
  • I have added tests for new features (Level 2 and 3 issues)
  • No hardcoded secrets or API keys in my code
  • This PR is linked to a GSSoC 2026 issue

Test evidence

backend\tests\test_code_assistant.py ....                                 [100%]
============================== 4 passed in 0.22s ===============================

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

👋 This PR has had no activity for 7 days.

Please push updates or comment if you still need more time.

Inactive PRs may be closed automatically after 7 more days.

@github-actions github-actions Bot added the stale label Jul 8, 2026
@github-actions github-actions Bot removed the stale label Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Security] Add detection for os.system() and os.popen() shell injection vulnerabilities

1 participant