Switch read_to_string to read in scan.rs and simplify Python patterns

- Updated `scan.rs` to use `std::fs::read` for handling files as bytes instead of strings. - Simplified Python patterns by removing redundant or low-priority vulnerability checks.
2026-06-06 19:35:13 +02:00 · 2025-06-17 18:36:46 +02:00 · 2025-06-17 18:36:46 +02:00 · d7b8833ec6
commit d7b8833ec6
parent a2fc38f2c4
2 changed files with 5 additions and 22 deletions
--- a/src/patterns/python.rs
+++ b/src/patterns/python.rs
@ -13,28 +13,10 @@ pub const PATTERNS: &[Pattern] = &[
    query: "(call function: (identifier) @id (#eq? @id \"exec\")) @vuln",
    severity: Severity::High,
  },
-  Pattern {
-    id: "pickle_load",
-    description: "pickle.load / loads – unsafe deserialization",
-    query: "(call function: (attribute attribute: (identifier) @attr (#match? @attr \"load(s)?\") object: (identifier) @pkg (#eq? @pkg \"pickle\"))) @vuln",
-    severity: Severity::High,
-  },
  Pattern {
    id: "subprocess_shell_true",
    description: "subprocess.* with shell=True",
    query: "(call function: (attribute object: (identifier) @pkg (#eq? @pkg \"subprocess\")) arguments: (argument_list . (keyword_argument name: (identifier) @k (#eq? @k \"shell\")) (true) @val)) @vuln",
    severity: Severity::Medium,
-  },
-  Pattern {
-    id: "random_random",
-    description: "random.random() for security-sensitive randomness",
-    query: "(call function: (attribute attribute: (identifier) @attr (#eq? @attr \"random\") object: (identifier) @pkg (#eq? @pkg \"random\"))) @vuln",
-    severity: Severity::Low,
-  },
-  Pattern {
-    id: "sql_concat",
-    description: "SQL query built via f-string or +-concat",
-    query: "(call function: (attribute attribute: (identifier) @m (#match? @m \"execute|executemany\")) arguments: (argument_list (f_string) @fstr)) @vuln",
-    severity: Severity::Medium,
-  },
+  }
 ];