sdk/python/Web Frameworks/PyCelery
Web Frameworks

PyCelery

Celery is a distributed task queue. Celery(broker=..., backend=...) configures brokers — findings when broker URL has insecure defaults (redis:// without TLS, amqp:// without TLS). @task decorators accept arbitrary user-controlled args via the queue.

1 source
Taint flow1 source 0 sinks
Sources — untrusted input
.task()

Sources

.task()Source
#
Signature
@celery.task(bind=False, ...) -> Callable

Registers a task. Arguments are user-controlled sources.

tracks:return

Other Methods

.Celery()Neutral
#
Signature
celery.Celery(main=None, broker=None, backend=None, ...) -> Celery

Celery app. Finding when broker scheme is redis:// or amqp:// without TLS.

Fully-Qualified Names

FQNField
celeryfqns[0]
celery.Celeryfqns[1]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py
from codepathfinder.go_rule import PyCelery
Next →PyCgi