B102
Security
Error
Detect use of exec (security issue)
BACK TO LIST
Python rules
The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.
B103
Security
Error
Chmod setting a permissive mask 0o755 on file (entryfile).
B104
Security
Error
Possible binding to all interfaces.
B108
Security
Error
Insecure usage of file or directory
B201
Security
Critical
A Flask app appears to be run with debug=True
B301
Security
Error
Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data
B302
Security
Error
Deserialization with the marshal module is possibly dangerous.
B303
Security
Error
Use of insecure MD2
B305
Security
Error
Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.
B306
Security
Error
Use of insecure and deprecated function (mktemp).
B307
Security
Error
Use of possibly insecure function - consider using safer ast.literal\_eval.
B308
Security
Error
Use of mark\_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
B309
Security
Error
Use of HTTPSConnection on older versions of Python prior to 2.7.9 and 3.4.3 do not provide security
B310
Security
Error
Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
B312
Security
Critical
Telnet-related functions are being called. Telnet is considered insecure. Use SSH or some other encrypted protocol.
B313
Security
Error
Using xml.etree.cElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
B314
Security
Error
Using xml.etree.ElementTree.iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.iterparse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
B317
Security
Error
Using xml.sax.make\_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make\_parser with its defusedxml equivalent function or make sure defusedxml.defuse\_stdlib() is called
B318
Security
Error
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
B320
Security
Error
Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
B321
Security
Critical
FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
B322
Security
Critical
The input method in Python 2 will read from standard input
B323
Security
Error
Detect unsecure use of HTTPS connexion
B324
Security
Error
Use of insecure MD4 or MD5 hash function.
B401
Security
Critical
A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.
B402
Security
Critical
A FTP-related module is being imported. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
B411
Security
Critical
Using MAXINT to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities.
B413
Security
Critical
The pyCrypto library and its module SHA256 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
B501
Security
Critical
Requests call with verify=False disabling SSL certificate checks
B506
Security
Error
Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
B601
Security
Error
Possible shell injection via Paramiko call
B602
Security
Critical
subprocess call with shell=True identified
B605
Security
Critical
Starting a process with a shell
B608
Security
Error
Possible SQL injection vector through string-based query construction.
B701
Security
Critical
Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Ensure autoescape=True or use the select\_autoescape function to mitigate XSS vulnerabilities.
B702
Security
Error
Mako templates allow HTML/JS rendering by default and are inherently open to XSS attacks. Ensure variables in all templates are properly sanitized via the 'n'
B703
Security
Error
Potential XSS on mark\_safe function.
C0111
Documentation
Informational
Missing docstring on module, function, class or method
C0112
Code style
Informational
Module, function, class or method have an empty docstring
C0113
Best practice
Informational
Detect inappropriate use of the not keyword
C0116
Documentation
Informational
Missing docstring on a function
C0121
Best practice
Informational
Check when valid is compared to True, False or None (and can be replaced by simpler expressions)
C0122
Code style
Warning
Check correct use of constants in comparisons.
C0123
Best practice
Warning
Using type() instead of isinstance() for a typecheck.
C0144
Best practice
Informational
Detect when a name contains at least one non-ASCII unicode character
C0200
Best practice
Warning
Consider using enumerate instead of iterating with range and len
C0201
Best practice
Warning
Consider iterating the dictionary directly instead of calling .keys()
C0202
Code style
Informational
Detect when a class method has a first argument named differently than the value specified in valid-classmethod-first-arg option
C0203
Code style
Informational
Detect when a metaclass method has a first argument named differently than the value specified in valid-classmethod-first-arg option.
C0204
Code style
Informational
Metaclass class method __new__ should have 'cls' as first argument
C0205
Best practice
Error
Ensure that __slots__ is an iterable and not a base type
C0302
Code style
Informational
Too many lines in a module
C0304
Code style
Informational
Final newline missing
C0305
Best practice
Informational
Trailing newlines
C0321
Error prone
Error
More than one statement on a single line
C0325
Code style
Warning
Unnecessary parens
C0326
Code style
Informational
Bad whitespace
C0327
Code style
Informational
Mixed line endings (between LF and CRLF)
C0330
Code style
Informational
Wrong indentation
C0410
Best practice
Warning
Multiple imports on one line
C0411
Best practice
Warning
Wrong import order
C0412
Best practice
Informational
Imports are not grouped
C0413
Best practice
Informational
Import and code are mixed
C0414
Best practice
Informational
Import alias is same as original package
C0415
Best practice
Warning
Import not put at the top level of the file
C1801
Error prone
Error
Use len() without explicit argument
E0011
Code style
Error
Unrecognized options
E0012
Unknown
Error
Bad option value
E0101
Code style
Error
Use of return in init
E0102
Error prone
Error
Detect functions that already exist
E0103
Error prone
Error
break or continue used outside a loop
E0104
Error prone
Error
Return outside function
E0105
Error prone
Error
The yield keyword is used outside a function
E0107
Error prone
Error
Use of operator that does not exist
E0110
Error prone
Error
Abstract class instantiation attempt
E0111
Error prone
Error
Bad argument passed to reversed()
E0117
Error prone
Error
A nonlocal variable does not have an attached name somewhere in the parent scopes.
E0202
Safety
Error
Method has the same name as an attribute
E0203
Safety
Error
Access to members before they are defined
E0211
Code style
Error
A method which should have the bound instance as first argument has no argument defined.
E0213
Code style
Error
Method should have self as first argument
E0237
Error prone
Error
Assigning an attribute not defined in the class slots
E0239
Error prone
Error
Detect class that inherit non-classes
E0242
Error prone
Error
Value conflict with __slots__
E0301
Error prone
Error
__iter__ returns non-iterator
E0302
Error prone
Error
The special method __int__ should have 0 parameter
E0306
Safety
Error
__repr__ does not return str
E0307
Safety
Critical
__str__ does not return str
E0309
Safety
Critical
__hash__ does not return an int
E0401
Safety
Error
Module that cannot be imported
E0402
Safety
Error
Attempted relative import beyond top-level package
E0601
Safety
Critical
Using variable before assignment
E0602
Code style
Error
Undefined variable is trying to be accessed
E0603
Error prone
Error
Undefined variable name referenced in __all\__
E0604
Error prone
Error
Invalid object referenced in __all__
E0611
Code style
Critical
Invalid name in module
E0633
Error prone
Error
Attempting to unpack a non-sequence
E0701
Safety
Warning
Bad except clauses order
E0702
Safety
Error
Raising int while only classes or instances are allowed
E0704
Error prone
Error
The raise statement is not inside an except clause
E0710
Error prone
Error
Raising a new style class which doesn't inherit from BaseException
E0711
Error prone
Error
NotImplemented raised and should raise NotImplementedError instead
E0712
Safety
Critical
Catching an exception which doesn't inherit from Exception.
E1003
Error prone
Error
Another argument than the current class is given as first argument of the super builtin
E1101
Safety
Critical
Detect members or attributes that do not exists
E1102
Error prone
Critical
Object is not callable
E1111
Safety
Critical
Assigning result of a function call with no return
E1120
Safety
Critical
No value for argument in function call
E1121
Error prone
Critical
Too many arguments for method call
E1123
Error prone
Critical
Unexpected keyword argument in method call
E1124
Error prone
Critical
Argument passed by position and keyword in method call
E1125
Error prone
Error
Missing mandatory keyword argument in function call
E1126
Error prone
Error
Sequence type is indexed with an invalid type
E1128
Safety
Critical
Assigning result of a function call that returns nothing but None.
E1129
Error prone
Error
Context manager doesn't implement __enter__ and __exit__
E1130
Error prone
Error
Unary operand is used on an object which does not support this type of operation.
E1132
Error prone
Error
Got multiple values for keyword argument in function call
E1133
Error prone
Critical
Non-iterable value used in an iterating context
E1134
Error prone
Error
Non-mapping value is used in a mapping context
E1135
Error prone
Critical
Value doesn't support membership test
E1136
Error prone
Error
Value is unsubscriptable
E1137
Safety
Critical
Unsupported assignment operation
E1138
Safety
Critical
Unsupported delete operation
E1139
Error prone
Error
Invalid metaclass used
E1141
Error prone
Critical
Invalid iteration over dictionary items
E1205
Error prone
Critical
Too many arguments for logging format string
E1206
Error prone
Critical
Not enough arguments in logging call
E1301
Code style
Error
Format string ends in middle of conversion specifier
E1305
Error prone
Warning
Too many arguments for format string
E1306
Error prone
Critical
Not enough arguments for format string
E1307
Error prone
Error
Incorrect format string
E1310
Error prone
Error
The argument to a str.{l,r,}strip call contains a duplicate character
I1101
Error prone
Warning
Variable is accessed for non-existent member of C extension
R0123
Error prone
Error
Invalid literal comparison
R0124
Design
Warning
Comparison with same value
R0201
Design
Informational
Does not use self
R0202
Design
Warning
No classmethod decorator
R0205
Design
Informational
Class inherits from object
R0206
Design
Informational
Cannot have defined parameters for properties
R0401
Design
Informational
Cyclic import
R0801
Design
Informational
Similar lines detection
R0901
Design
Informational
Too many ancestors
R0902
Design
Informational
Too many instance attributes
R0903
Design
Informational
Too few public methods
R0904
Design
Informational
Too many public methods
R0911
Design
Informational
Too many return statements
R0912
Design
Informational
Too many branches
R0913
Design
Informational
Too many arguments for a function or method
R0914
Design
Warning
Too many local variables
R0915
Design
Warning
Too many statements, split your functions in smaller functions
R0916
Design
Warning
Too many boolean expressions in if statement
R1701
Design
Informational
Multiple calls of isinstance calls can be merged
R1702
Design
Warning
Too many nested blocks
R1703
Design
Warning
The if statement can be replaced with a return and a boolean expression
R1704
Design
Informational
Redefining argument with local name
R1705
Design
Warning
Unnecessary else after return
R1706
Design
Informational
Consider using ternary operator
R1707
Error prone
Error
Misplacing comma that creates a tuple
R1708
Design
Error
Do not raise StopIteration in generator
R1710
Design
Error
Inconsistent return type in function
R1711
Design
Informational
Useless return at end of function or method
R1712
Best practice
Error
Consider using tuple unpacking for swapping variables
R1713
Best practice
Error
Consider using str.join() for concatenating strings from an iterable
R1715
Best practice
Error
Consider using dict.get for getting values from a dict if a key is present or a default if not
R1716
Design
Warning
Simplify chained comparison between the operands
R1717
Design
Informational
Consider using a dictionary comprehension
R1718
Design
Informational
Consider using a set comprehension
R1719
Design
Error
Conditions can be simplified
R1720
Design
Warning
Unnecessary else after raise
R1721
Design
Warning
Unnecessary use of a comprehension
R1722
Best practice
Informational
Use sys.exit()
R1723
Design
Warning
Unnecessary elif after break
R1724
Design
Warning
Unnecessary elif after continue
W0101
Error prone
Critical
Unreachable code
W0102
Safety
Error
Dangerous default value as argument
W0104
Error prone
Error
Statement have no effect
W0105
Performance
Error
String statement has no effect
W0106
Performance
Error
Expression not assigned
W0107
Design
Warning
Unnecessary pass statement
W0108
Design
Error
Lambda may not be necessary
W0109
Error prone
Critical
Duplicate key in dictionary
W0120
Design
Error
Useless else on loop
W0122
Security
Error
Use of exec
W0123
Security
Critical
Use of eval
W0124
Error prone
Error
With statement returns multiple values
W0125
Design
Warning
Conditional statement with a constant value
W0126
Error prone
Error
Conditional statement with potentially wrong function or method call due to missing parentheses
W0127
Design
Error
Assigning a variable to itself
W0128
Safety
Error
Redeclared variable in assignment
W0129
Error prone
Warning
Assert statement has a string literal as its first argument and the assert will never fail.
W0143
Error prone
Warning
Comparing against a callable (parenthesis needed)
W0150
Design
Warning
return statement in finally block may swallow exception
W0201
Design
Error
Attribute defined outside __init__
W0211
Design
Error
Static method with self as first argument
W0212
Design
Warning
Access to a protected member of a client class
W0221
Design
Error
Parameters differ from overridden method
W0222
Design
Warning
Signature is different than in the implemented interface or in an overridden method
W0223
Design
Error
Abstract method not overriden
W0231
Design
Warning
__init__ method from base class is not called in inherited class
W0232
Code style
Warning
Class has no __init__ method
W0233
Design
Error
An __init__ method is called on a class which is not in the direct ancestors for the analyzed class
W0235
Design
Warning
Useless super delegation
W0236
Design
Error
Invalid overridden method
W0301
Code style
Warning
Unnecessary semicolon
W0311
Code style
Warning
Bad indentation
W0401
Best practice
Warning
Use of wildcard imports
W0402
Best practice
Error
Uses of deprecated modules
W0404
Best practice
Warning
Module imported twice
W0406
Design
Warning
Module imports itself
W0511
Best practice
Informational
Use TODO, not FIXME
W0601
Safety
Error
Global variable used but not defined
W0602
Error prone
Warning
Global variable used but not assigned
W0603
Best practice
Warning
Using the global statement
W0604
Design
Error
Using the global statement at the module level
W0611
Best practice
Warning
Unused import
W0612
Best practice
Warning
Unused variable
W0614
Error prone
Warning
Unused import from another module
W0621
Design
Error
Redefining name from outer scope
W0622
Design
Error
Redefining built-in from Python
W0631
Safety
Error
Loop variable used outside a loop
W0632
Error prone
Error
Possible unbalanced tuple unpacking with sequence
W0640
Design
Error
Use variable in closure when defined in a loop
W0641
Error prone
Warning
Variable defined but not used
W0642
Design
Warning
Invalid assignment to cls or self
W0702
Design
Error
Not using specific exception in an except statement
W0703
Design
Error
Catching too general exception
W0705
Design
Error
Catching the same exception twice
W0706
Design
Error
Use the right exception when raising an exception in an except block
W0711
Safety
Critical
Operation is raising exception
W0715
Best practice
Error
Passing multiple incorrect arguments to an exception constructor
W1113
Design
Warning
Keyword argument before variable positional arguments list
W1114
Design
Warning
Positional arguments appear to be out of order
W1116
Error prone
Error
Argument of isinstance is not a type
W1201
Best practice
Warning
Do not use lazy formatting
W1202
Best practice
Warning
Do not use format() in logging function
W1203
Best practice
Error
Use %s in logging function
W1302
Error prone
Error
Invalid format string
W1303
Error prone
Error
Missing format() argument key
W1304
Best practice
Error
Unused format argument
W1305
Error prone
Warning
Invalid combined format specification
W1306
Best practice
Warning
Missing format attribute
W1308
Best practice
Warning
Duplicate string formatting argument
W1309
Best practice
Error
Using an f-string that does not have any interpolated variables
W1401
Best practice
Warning
Anomalous backslash in string
W1403
Error prone
Error
Implicit string concatenation found in list
W1404
Safety
Error
Implicit string concatenation
W1501
Best practice
Error
Invalid file open mode
W1503
Best practice
Warning
Redundant use of unit test assert
W1505
Best practice
Warning
Use of deprecated method
W1506
Best practice
Warning
Thread needs the target function
W1508
Safety
Error
Invalid default value when getting the environment
W1509
Safety
Warning
Using preexec_fn keyword which may be unsafe in the presence of threads
W1510
Security
Error
Using subprocess.run without explicitly set `check` is not recommended.
C0102
Code style
Informational
Detect blacklisted names (toto, foo, etc)
C0209
Code style
Informational
Use a f-string
W0237
Best practice
Error
Method parameter has a different name than in the implemented interface or in an overridden method
W0238
Error prone
Warning
Unused private member
C0104
Best practice
Error
Disallowed name (e.g. foo, bar, etc)
C0206
Best practice
Warning
Consider iterating with .items()
R1714
Best practice
Error
Use in instead of iterating over value and using equal
C0207
Best practice
Warning
Accessing only the first or last element of str.split() and should be done more efficiently.
C1802
Best practice
Warning
Use implicit boolean with len()
C1803
Error prone
Warning
Make use of implicit boolean
C0208
Best practice
Warning
Use a sequence type when iterating over values When iterating over values, sequence types (e.g., lists, tuples, ranges) are more efficient than sets.
R0203
Best practice
Warning
Consider using a decorator instead of calling staticmethod
R1709
Design
Warning
https://vald-phoenix.github.io/pylint-errors/plerr/errors/refactoring/R1709
R1725
Best practice
Warning
Consider using Python 3 style super() without arguments
R1726
Design
Warning
Boolean expression can be simplified
R1727
Error prone
Error
Boolean value has always the same value
R1728
Performance
Warning
Consider using a generator instead for better performance
R1729
Performance
Warning
Comprehension inside of 'any' or 'all' is unnecessary. A generator would be sufficient and faster.
R1731
Best practice
Informational
Using the max builtin instead of a conditional improves readability and conciseness
R1732
Best practice
Warning
Consider using 'with' for resource-allocating operations
R1733
Performance
Warning
Iterating over the dictionary items (key-item pairs) and accessing the value by index lookup when the value can be accessed directly instead
R1735
Best practice
Informational
Using dict() to create an empty dictionary instead of the literal {}. The literal is faster as it avoids an additional function call.
W0177
Best practice
Warning
An expression is compared to NaNvalues like numpy.NaN and float('nan')
W1310
Error prone
Informational
String that does not have any interpolation variables, in which case it can be either a normal string without formatting or a bug in the code.
W1406
Best practice
Warning
Used when we detect a string with a u prefix. These prefixes were necessary in Python 2 to indicate a string was Unicode, but since Python 3.0 strings are Unicode by default.
W1512
Best practice
Warning
Using deprecated module
W1513
Best practice
Warning
Use deprecated decorator
W1514
Error prone
Warning
Using open without explicitly specifying an encoding
R1730
Error prone
Warning
Use the min builtin instead of using an if condition
E1142
Best practice
Error
'await' should be used within an async function
W0410
Code style
Informational
__future__ import is not the first non docstring statement
W0199
Error prone
Warning
Assert called on a 2-item-tuple.
E4702
Safety
Error
Iterated dict is being modified inside for loop body, iterate through a copy of it instead.
C2801
Best practice
Warning
Unnecessarily calls dunder method %s. %s.
C3001
Error prone
Warning
Lambda expression assigned to a variable. Define a function using the "def" keyword instead.
W1515
Best practice
Warning
Leaving functions creating breakpoints in production code is not recommended.
E2502
Best practice
Informational
Contains control characters that can permit obfuscated code executed differently than displayed.
R0022
Error prone
Warning
Useless option value.
R1736
Best practice
Warning
Unnecessary list index lookup, use '%s' instead.
W0012
Error prone
Warning
Unknown option value.
W0245
Error prone
Critical
Super call without brackets.
W2301
Documentation
Warning
Unnecessary ellipsis constant.
R0133
Performance
Critical
Comparison between constants has a constant value
W1518
Best practice
Warning
cache will keep all method args alive indefinitely, including 'self'
C0105
Code style
Informational
Name doesn't conform to naming rules associated to its type
B319
Security
Error
Blacklist Python calls known to be dangerous
B610
Security
Error
Potential SQL injection on extra function
B611
Security
Error
Potential SQL injection on RawSQL function
E2515
Security
Warning
Invalid unescaped character zero-width-space, use "u200B" instead.
W4701
Safety
Critical
Iterated list is being modified inside for loop body
B507
Security
Error
Paramiko call with policy set to automatically trust the unknown host key.
W0130
Best practice
Warning
Duplicate value in set
C2403
Error prone
Warning
Import a module with non-ASCII characters
E4703
Safety
Critical
Iterated set is being modified inside for loop body, iterate through a copy of it instead.
W4904
Design
Error
Using deprecated class
W4902
Best practice
Error
Using deprecated method
W4901
Design
Error
Using deprecated module
W3101
Safety
Error
Missing timeout argument can cause your program to hang indefinitely
W1115
Safety
Error
Non-string value assigned
W0246
Design
Error
Useless parent or super() delegation
E1143
Error prone
Error
Member is unhashable