{
  "rule_ids": [
    "pipe_to_interpreter"
  ],
  "severity": "HIGH",
  "command_redacted": "cat /etc/casaos/app-management.json | python3 -c \"\nimport json,sys\nd=[REDACTED]\n...",
  "findings": [
    {
      "rule_id": "pipe_to_interpreter",
      "severity": "HIGH",
      "title": "Pipe to interpreter: cat | python3",
      "description": "Command pipes output from 'cat' directly to interpreter 'python3'. Downloaded content will be executed without inspection.",
      "evidence": [
        {
          "type": "command_pattern",
          "pattern": "pipe to interpreter",
          "matched": "cat /etc/casaos/app-management.json | python3 -c \"\nimport json,sys\nd=[REDACTED]\nfor item in d:\n    if item.get('name') in ['printvault','docmaster']:\n        print(json.dumps(item, indent=[REDACTED] ensure_ascii=[REDACTED]\n        print('---')\n\""
        }
      ],
      "mitre_id": "T1059.004"
    }
  ],
  "timestamp": "2026-05-17T19:24:36.227387046+00:00"
}