
240 Chapter 6 • Code Auditing and Reverse Engineering
■
TCL Calls to the exec command.
■
PHP Calls to fopen() and popen().
■
Python Check to see if the os (or posix) module is loaded. If
so, you should check each use of the os.exec* family of func-
tions: os.exec, os.execve, os.execle, os.execlp, os.execvp,
and os.execvpe. Also check for os.popen and os.system (or
possibly posix.popen and posix.system).
■
You should be wary of functionality available in the rexec
module; if this module is imported, you should carefully
review all uses of rexec.* commands.
■
SSI Use of the <!--#exec command=””--> tag.
■
Java Check to see if the java.lang package is imported.