Access Control: Jupyter Notebook - Remote Command Execution¶

Identifier: jupyter_notebook_rce

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Jupyter Notebook is an interactive Notebook, computer application is a web based visualization, Jupyter Notebook API/terminals path there are loopholes in the remote command execution.

Reference:

https://github.com/SCAMagic/SCAMagicScan/blob/de8130a2280ee08d719ac6612e590b8e2678fb97/pocs/poc-yaml-jupyter-notebook-rce.py

Configuration¶

Example¶

Example configuration:

---
security_tests:
  jupyter_notebook_rce:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.