main
1id: security-unsafe-curl-pipe-sh
2message: Unsafe pattern - curl | sh
3severity: error
4language: Bash
5note: |
6 This pattern is dangerous:
7 1. No integrity check
8 2. No review of what's being executed
9 3. Vulnerable to MITM attacks
10
11 Better: Download, review, verify checksum, then execute
12rule:
13 any:
14 - pattern: curl $$$URL | sh
15 - pattern: curl $$$URL | bash
16 - pattern: wget -O- $$$URL | sh
17 - pattern: wget -O- $$$URL | bash