Python Subinterpreter Code Injection
Description
Detects code injection vulnerabilities in Python applications that use subinterpreters, specifically when untrusted input is passed to run_in_subinterp function. This allows attackers to execute arbitrary Python code in a subinterpreter context, which could lead to system compromise even though subinterpreters provide some isolation.
Detection Strategy
• Check if test.support or _testcapi libraries are imported in the codebase
• Identify calls to functions ending with 'run_in_subinterp'
• Verify if the first argument to run_in_subinterp contains or is derived from user input
• Confirm the user input is not properly sanitized before being passed to the function
Vulnerable code example
from test import support
from flask import Flask, request
app = Flask(__name__)
@app.route("/run", methods=["POST"])
def run_payload():
payload = request.form.get("payload")...✅ Secure code example
from test import support
from flask import Flask, request, jsonify
app = Flask(__name__)
@app.route("/run", methods=["POST"])
def run_payload():
payload = request.form.get("payload")...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.