بنقرة واحدة
sc-rce
Remote Code Execution detection via eval, exec, dynamic code loading, and code injection vectors
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Remote Code Execution detection via eval, exec, dynamic code loading, and code injection vectors
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
| name | sc-rce |
| description | Remote Code Execution detection via eval, exec, dynamic code loading, and code injection vectors |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects remote code execution vulnerabilities where user-controlled input reaches functions that evaluate or execute code dynamically. Covers eval-based injection, dynamic function construction, script engine execution, template code execution, and code loading from untrusted sources. This skill focuses on code evaluation mechanisms beyond command injection (covered by sc-cmdi) and deserialization (covered by sc-deserialization).
Called by sc-orchestrator during Phase 2. Runs against all detected languages.
# Python
"eval(", "exec(", "compile(", "__import__(", "importlib.import_module(",
"builtins.__import__", "code.InteractiveInterpreter", "ast.literal_eval"
# JavaScript/Node.js
"eval(", "Function(", "setTimeout(.*string", "setInterval(.*string",
"vm.runInNewContext(", "vm.runInThisContext(", "vm.createContext(",
"require(.*variable", "import(.*variable", "new Function("
# PHP
"eval(", "assert(", "create_function(", "preg_replace(.*/e",
"call_user_func(", "call_user_func_array(", "array_map(",
"usort(.*\\$", "include(.*\\$", "require(.*\\$"
# Java
"ScriptEngine", "ScriptEngineManager", "Nashorn", "GraalVM",
"GroovyShell", "GroovyClassLoader", "javax.script",
"MethodHandle", "ClassLoader.loadClass"
# C#
"CSharpCodeProvider", "Roslyn", "Microsoft.CodeAnalysis",
"Assembly.Load(", "Activator.CreateInstance(",
"Type.GetType(.*variable", "DynamicMethod"
# Go
"plugin.Open(", "yaegi", "go/ast"
# Ruby
"eval(", "instance_eval(", "class_eval(", "module_eval(",
"send(.*variable", "public_send(", "method("
Trace user input to any dynamic code evaluation function. Key patterns:
# VULNERABLE: eval with user input
result = eval(request.GET['expression'])
# VULNERABLE: exec with user input
exec(request.POST['code'])
# SAFE: ast.literal_eval for safe subset
import ast
result = ast.literal_eval(request.GET['data']) # Only parses literals
# SAFE: Restricted evaluation with custom namespace
allowed_names = {"abs": abs, "min": min, "max": max}
result = eval(expression, {"__builtins__": {}}, allowed_names)
# Note: Still risky — sandbox escapes are possible
// VULNERABLE: eval with user input
const result = eval(req.body.expression);
// VULNERABLE: Function constructor
const fn = new Function('return ' + req.body.code);
// VULNERABLE: vm module (escapable sandbox)
const vm = require('vm');
vm.runInNewContext(req.body.code, sandbox);
// SAFE: Use a math parser library instead
const mathjs = require('mathjs');
const result = mathjs.evaluate(req.body.expression);
// VULNERABLE: eval
eval($_POST['code']);
// VULNERABLE: Dynamic function call
$func = $_GET['action'];
$func(); // Calls arbitrary function
// SAFE: Allowlist of functions
$allowed = ['view', 'edit', 'delete'];
if (in_array($_GET['action'], $allowed)) {
$func = $_GET['action'];
$func();
}
eval("1+2") with no user input is not exploitableComprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan