H01–H14 Heuristic Security Analysis

These detections are higher-level signals that use structure and context, not just raw pattern matching.

Function boundary analysis

• H01: Mixed auth and data access (auth + DB access tangled in one function)
• H02: Sensitive route without auth (e.g. /admin/* without auth controls)
• H03: Dangerous operation in route (e.g. eval, exec, subprocess in request handlers)
• H04: God function (very large functions that are hard to audit)

Import combination detection

• H05: Pickle with network code (deserialization risk + network input)
• H06: Shell commands in web app (command execution reachable from web handlers)
• H07: XML parsing with network (XXE risk patterns)
• H08: YAML in network context (unsafe yaml.load patterns)
• H09: Template without autoescape (template injection/XSS risk)

Taint-style cross checks

• H10: Tainted input reaches dangerous sinks (user input → SQL/exec/HTML/file/redirect)

Cross-reference & anti-pattern checks

• H11: Debug mode enabled in production code paths
• H12: Hardcoded credentials (beyond simple secret formats; contextual)
• H13: Silent exception swallowing (security failures hidden by except: pass)
• H14: Timing-unsafe comparison (secrets compared with == in sensitive paths)

Why it matters

Heuristic signals catch "real-world" risk that can be missed by single-line patterns, especially when the danger emerges from combinations (web + shell, network + deserialization).

Safer examples

• Keep auth boundaries clear: centralize auth/authorization and keep business logic separate.
• Avoid dynamic execution (eval, exec) and dangerous deserialization.
• Use safe parsing defaults (safe YAML loaders, secure XML parsers).
• Never swallow security exceptions silently; log safely and fail closed.

How SiteShadow detects it (high level)

• Uses code structure and proximity/context signals (e.g., "web handler + dangerous sink") rather than single-line signatures.
• Cross-checks risky combinations (network input + deserialization, web routes + shell execution, XML parsing + network).

References

• OWASP Secure Coding Practices: https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/
• CWE Top 25: https://cwe.mitre.org/top25/

---

← Back to Vulnerability Library