chore: add checker to detect flask app running on insecure host (#147)

* chore: add checker to detect flask app running with host 0.0.0.0

Signed-off-by: Maharshi Basu <basumaharshi10@gmail.com>

* chore: add test directives in test file

Signed-off-by: Maharshi Basu <basumaharshi10@gmail.com>

* chore: refine checker message to describe the problem better

Signed-off-by: Maharshi Basu <basumaharshi10@gmail.com>

---------

Signed-off-by: Maharshi Basu <basumaharshi10@gmail.com>

Author: MashyBasker

checkers/python/app-run-with-bad-host.test.py

@@ -0,0 +1,10 @@
+# Ref: https://owasp.org/Top10/A01_2021-Broken_Access_Control [OWASP A01:2021]
+
+# <expect-error>
+app.run(host="0.0.0.0")
+
+# <expect-error>
+app.run("0.0.0.0")
+
+# OK
+foo.run("0.0.0.0")

checkers/python/app-run-with-bad-host.yml

@@ -0,0 +1,31 @@
+language: py
+name: app-run-with-bad-host
+message: Running Flask with host 0.0.0.0 allows connections from any network interface, posing a security risk.
+category: security
+severity: warning
+
+pattern: >
+  (call
+    function: (attribute
+      object: (identifier) @app
+      attribute: (identifier) @run)
+    arguments: (argument_list
+      (_)*
+      [
+      (keyword_argument
+        name: (identifier) @host
+        value: (string
+          (string_content) @ip))
+      
+      (string
+        (string_content) @ip)
+      ]
+      (_)*)
+    (#eq? @app "app")
+    (#eq? @run "run")
+    (#eq? @host "host")
+    (#eq? @ip "0.0.0.0")) @app-run-with-bad-host
+
+
+description: >
+  Running a Flask application with the host set to 0.0.0.0 allows it to accept connections from any network interface, potentially exposing the server to the public internet. This can pose security risks, as unauthorized users may be able to access the application if proper authentication and firewall rules are not in place