mcp-server-semgrep/semgrep-rules/python/django/security/injection/request-data-write.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: request-data-write
  message: >-
    Found user-controlled request data passed into '.write(...)'. This could be dangerous
    if a malicious actor is able to control data into sensitive files. For example,
    a malicious actor could force rolling of critical log files, or cause a denial-of-service
    by using up available disk space. Instead, ensure that request data is properly
    escaped or sanitized.
  metadata:
    cwe:
    - "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"
    owasp:
    - A03:2021 - Injection
    category: security
    technology:
    - django
    references:
    - https://owasp.org/Top10/A03_2021-Injection
    subcategory:
    - vuln
    likelihood: MEDIUM
    impact: MEDIUM
    confidence: MEDIUM
  languages: [python]
  severity: WARNING
  pattern-either:
  - pattern: $F.write(..., request.$W.get(...), ...)
  - pattern: |
      $DATA = request.$W.get(...)
      ...
      $F.write(..., $DATA, ...)
  - pattern: |
      $DATA = request.$W.get(...)
      ...
      $INTERM = $DATA
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W.get(...)
      ...
      $F.write(..., $B.$C(..., $DATA, ...), ...)
  - pattern: |
      $DATA = request.$W.get(...)
      ...
      $INTERM = $B.$C(..., $DATA, ...)
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W.get(...)
      ...
      $F.write(..., $STR % $DATA, ...)
  - pattern: |
      $DATA = request.$W.get(...)
      ...
      $INTERM = $STR % $DATA
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W.get(...)
      ...
      $F.write(..., f"...{$DATA}...", ...)
  - pattern: |
      $DATA = request.$W.get(...)
      ...
      $INTERM = f"...{$DATA}..."
      ...
      $F.write(..., $INTERM, ...)
  - pattern: $A = $F.write(..., request.$W.get(...), ...)
  - pattern: return $F.write(..., request.$W.get(...), ...)
  - pattern: $F.write(..., request.$W(...), ...)
  - pattern: |
      $DATA = request.$W(...)
      ...
      $F.write(..., $DATA, ...)
  - pattern: |
      $DATA = request.$W(...)
      ...
      $INTERM = $DATA
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W(...)
      ...
      $F.write(..., $B.$C(..., $DATA, ...), ...)
  - pattern: |
      $DATA = request.$W(...)
      ...
      $INTERM = $B.$C(..., $DATA, ...)
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W(...)
      ...
      $F.write(..., $STR % $DATA, ...)
  - pattern: |
      $DATA = request.$W(...)
      ...
      $INTERM = $STR % $DATA
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W(...)
      ...
      $F.write(..., f"...{$DATA}...", ...)
  - pattern: |
      $DATA = request.$W(...)
      ...
      $INTERM = f"...{$DATA}..."
      ...
      $F.write(..., $INTERM, ...)
  - pattern: $A = $F.write(..., request.$W(...), ...)
  - pattern: return $F.write(..., request.$W(...), ...)
  - pattern: $F.write(..., request.$W[...], ...)
  - pattern: |
      $DATA = request.$W[...]
      ...
      $F.write(..., $DATA, ...)
  - pattern: |
      $DATA = request.$W[...]
      ...
      $INTERM = $DATA
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W[...]
      ...
      $F.write(..., $B.$C(..., $DATA, ...), ...)
  - pattern: |
      $DATA = request.$W[...]
      ...
      $INTERM = $B.$C(..., $DATA, ...)
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W[...]
      ...
      $F.write(..., $STR % $DATA, ...)
  - pattern: |
      $DATA = request.$W[...]
      ...
      $INTERM = $STR % $DATA
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W[...]
      ...
      $F.write(..., f"...{$DATA}...", ...)
  - pattern: |
      $DATA = request.$W[...]
      ...
      $INTERM = f"...{$DATA}..."
      ...
      $F.write(..., $INTERM, ...)
  - pattern: $A = $F.write(..., request.$W[...], ...)
  - pattern: return $F.write(..., request.$W[...], ...)
  - pattern: $F.write(..., request.$W, ...)
  - pattern: |
      $DATA = request.$W
      ...
      $F.write(..., $DATA, ...)
  - pattern: |
      $DATA = request.$W
      ...
      $INTERM = $DATA
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W
      ...
      $F.write(..., $B.$C(..., $DATA, ...), ...)
  - pattern: |
      $DATA = request.$W
      ...
      $INTERM = $B.$C(..., $DATA, ...)
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W
      ...
      $F.write(..., $STR % $DATA, ...)
  - pattern: |
      $DATA = request.$W
      ...
      $INTERM = $STR % $DATA
      ...
      $F.write(..., $INTERM, ...)
  - pattern: |
      $DATA = request.$W
      ...
      $F.write(..., f"...{$DATA}...", ...)
  - pattern: |
      $DATA = request.$W
      ...
      $INTERM = f"...{$DATA}..."
      ...
      $F.write(..., $INTERM, ...)
  - pattern: $A = $F.write(..., request.$W, ...)
  - pattern: return $F.write(..., request.$W, ...)