B102
Detect use of exec (security issue)
The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.
Detect use of exec (security issue)
Chmod setting a permissive mask 0o755 on file (entryfile).
Possible binding to all interfaces.
Insecure usage of file or directory
A Flask app appears to be run with debug=True
Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data
Deserialization with the marshal module is possibly dangerous.
Use of insecure MD2
Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.
Use of insecure and deprecated function (mktemp).
Use of possibly insecure function - consider using safer ast.literal\_eval.
Use of mark\_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
Use of HTTPSConnection on older versions of Python prior to 2.7.9 and 3.4.3 do not provide security
Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
Telnet-related functions are being called. Telnet is considered insecure. Use SSH or some other encrypted protocol.
Using xml.etree.cElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Using xml.etree.ElementTree.iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.iterparse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Using xml.sax.make\_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make\_parser with its defusedxml equivalent function or make sure defusedxml.defuse\_stdlib() is called
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
The input method in Python 2 will read from standard input
Detect unsecure use of HTTPS connexion
Use of insecure MD4 or MD5 hash function.
A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.
A FTP-related module is being imported. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
Using MAXINT to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities.
The pyCrypto library and its module SHA256 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Requests call with verify=False disabling SSL certificate checks
Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
Possible shell injection via Paramiko call
subprocess call with shell=True identified
Starting a process with a shell
Possible SQL injection vector through string-based query construction.
Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Ensure autoescape=True or use the select\_autoescape function to mitigate XSS vulnerabilities.
Mako templates allow HTML/JS rendering by default and are inherently open to XSS attacks. Ensure variables in all templates are properly sanitized via the 'n'
Potential XSS on mark\_safe function.
Missing docstring on module, function, class or method
Module, function, class or method have an empty docstring
Detect inappropriate use of the not keyword
Missing docstring on a function
Check when valid is compared to True, False or None (and can be replaced by simpler expressions)
Check correct use of constants in comparisons.
Using type() instead of isinstance() for a typecheck.
Detect when a name contains at least one non-ASCII unicode character
Consider using enumerate instead of iterating with range and len
Consider iterating the dictionary directly instead of calling .keys()
Detect when a class method has a first argument named differently than the value specified in valid-classmethod-first-arg option
Detect when a metaclass method has a first argument named differently than the value specified in valid-classmethod-first-arg option.
Metaclass class method __new__ should have 'cls' as first argument
Ensure that __slots__ is an iterable and not a base type
Too many lines in a module
Final newline missing
Trailing newlines
More than one statement on a single line
Unnecessary parens
Bad whitespace
Mixed line endings (between LF and CRLF)
Wrong indentation
Multiple imports on one line
Wrong import order
Imports are not grouped
Import and code are mixed
Import alias is same as original package
Import not put at the top level of the file
Use len() without explicit argument
Unrecognized options
Bad option value
Use of return in init
Detect functions that already exist
break or continue used outside a loop
Return outside function
The yield keyword is used outside a function
Use of operator that does not exist
Abstract class instantiation attempt
Bad argument passed to reversed()
A nonlocal variable does not have an attached name somewhere in the parent scopes.
Method has the same name as an attribute
Access to members before they are defined
A method which should have the bound instance as first argument has no argument defined.
Method should have self as first argument
Assigning an attribute not defined in the class slots
Detect class that inherit non-classes
Value conflict with __slots__
__iter__ returns non-iterator
The special method __int__ should have 0 parameter
__repr__ does not return str
__str__ does not return str
__hash__ does not return an int
Module that cannot be imported
Attempted relative import beyond top-level package
Using variable before assignment
Undefined variable is trying to be accessed
Undefined variable name referenced in __all\__
Invalid object referenced in __all__
Invalid name in module
Attempting to unpack a non-sequence
Bad except clauses order
Raising int while only classes or instances are allowed
The raise statement is not inside an except clause
Raising a new style class which doesn't inherit from BaseException
NotImplemented raised and should raise NotImplementedError instead
Catching an exception which doesn't inherit from Exception.
Another argument than the current class is given as first argument of the super builtin
Detect members or attributes that do not exists
Object is not callable
Assigning result of a function call with no return
No value for argument in function call
Too many arguments for method call
Unexpected keyword argument in method call
Argument passed by position and keyword in method call
Missing mandatory keyword argument in function call
Sequence type is indexed with an invalid type
Assigning result of a function call that returns nothing but None.
Context manager doesn't implement __enter__ and __exit__
Unary operand is used on an object which does not support this type of operation.
Got multiple values for keyword argument in function call
Non-iterable value used in an iterating context
Non-mapping value is used in a mapping context
Value doesn't support membership test
Value is unsubscriptable
Unsupported assignment operation
Unsupported delete operation
Invalid metaclass used
Invalid iteration over dictionary items
Too many arguments for logging format string
Not enough arguments in logging call
Format string ends in middle of conversion specifier
Too many arguments for format string
Not enough arguments for format string
Incorrect format string
The argument to a str.{l,r,}strip call contains a duplicate character
Variable is accessed for non-existent member of C extension
Invalid literal comparison
Comparison with same value
Does not use self
No classmethod decorator
Class inherits from object
Cannot have defined parameters for properties
Cyclic import
Similar lines detection
Too many ancestors
Too many instance attributes
Too few public methods
Too many public methods
Too many return statements
Too many branches
Too many arguments for a function or method
Too many local variables
Too many statements, split your functions in smaller functions
Too many boolean expressions in if statement
Multiple calls of isinstance calls can be merged
Too many nested blocks
The if statement can be replaced with a return and a boolean expression
Redefining argument with local name
Unnecessary else after return
Consider using ternary operator
Misplacing comma that creates a tuple
Do not raise StopIteration in generator
Inconsistent return type in function
Useless return at end of function or method
Consider using tuple unpacking for swapping variables
Consider using str.join() for concatenating strings from an iterable
Consider using dict.get for getting values from a dict if a key is present or a default if not
Simplify chained comparison between the operands
Consider using a dictionary comprehension
Consider using a set comprehension
Conditions can be simplified
Unnecessary else after raise
Unnecessary use of a comprehension
Use sys.exit()
Unnecessary elif after break
Unnecessary elif after continue
Unreachable code
Dangerous default value as argument
Statement have no effect
String statement has no effect
Expression not assigned
Unnecessary pass statement
Lambda may not be necessary
Duplicate key in dictionary
Useless else on loop
Use of exec
Use of eval
With statement returns multiple values
Conditional statement with a constant value
Conditional statement with potentially wrong function or method call due to missing parentheses
Assigning a variable to itself
Redeclared variable in assignment
Assert statement has a string literal as its first argument and the assert will never fail.
Comparing against a callable (parenthesis needed)
return statement in finally block may swallow exception
Attribute defined outside __init__
Static method with self as first argument
Access to a protected member of a client class
Parameters differ from overridden method
Signature is different than in the implemented interface or in an overridden method
Abstract method not overriden
__init__ method from base class is not called in inherited class
Class has no __init__ method
An __init__ method is called on a class which is not in the direct ancestors for the analyzed class
Useless super delegation
Invalid overridden method
Unnecessary semicolon
Bad indentation
Use of wildcard imports
Uses of deprecated modules
Module imported twice
Module imports itself
Use TODO, not FIXME
Global variable used but not defined
Global variable used but not assigned
Using the global statement
Using the global statement at the module level
Unused import
Unused variable
Unused import from another module
Redefining name from outer scope
Redefining built-in from Python
Loop variable used outside a loop
Possible unbalanced tuple unpacking with sequence
Use variable in closure when defined in a loop
Variable defined but not used
Invalid assignment to cls or self
Not using specific exception in an except statement
Catching too general exception
Catching the same exception twice
Use the right exception when raising an exception in an except block
Operation is raising exception
Passing multiple incorrect arguments to an exception constructor
Keyword argument before variable positional arguments list
Positional arguments appear to be out of order
Argument of isinstance is not a type
Do not use lazy formatting
Do not use format() in logging function
Use %s in logging function
Invalid format string
Missing format() argument key
Unused format argument
Invalid combined format specification
Missing format attribute
Duplicate string formatting argument
Using an f-string that does not have any interpolated variables
Anomalous backslash in string
Implicit string concatenation found in list
Implicit string concatenation
Invalid file open mode
Redundant use of unit test assert
Use of deprecated method
Thread needs the target function
Invalid default value when getting the environment
Using preexec_fn keyword which may be unsafe in the presence of threads
Using subprocess.run without explicitly set `check` is not recommended.
Detect blacklisted names (toto, foo, etc)
Use a f-string
Method parameter has a different name than in the implemented interface or in an overridden method
Unused private member
Disallowed name (e.g. foo, bar, etc)
Consider iterating with .items()
Use in instead of iterating over value and using equal
Accessing only the first or last element of str.split() and should be done more efficiently.
Use implicit boolean with len()
Make use of implicit boolean
Use a sequence type when iterating over values When iterating over values, sequence types (e.g., lists, tuples, ranges) are more efficient than sets.
Consider using a decorator instead of calling staticmethod
https://vald-phoenix.github.io/pylint-errors/plerr/errors/refactoring/R1709
Consider using Python 3 style super() without arguments
Boolean expression can be simplified
Boolean value has always the same value
Consider using a generator instead for better performance
Comprehension inside of 'any' or 'all' is unnecessary. A generator would be sufficient and faster.
Using the max builtin instead of a conditional improves readability and conciseness
Consider using 'with' for resource-allocating operations
Iterating over the dictionary items (key-item pairs) and accessing the value by index lookup when the value can be accessed directly instead
Using dict() to create an empty dictionary instead of the literal {}. The literal is faster as it avoids an additional function call.
An expression is compared to NaNvalues like numpy.NaN and float('nan')
String that does not have any interpolation variables, in which case it can be either a normal string without formatting or a bug in the code.
Used when we detect a string with a u prefix. These prefixes were necessary in Python 2 to indicate a string was Unicode, but since Python 3.0 strings are Unicode by default.
Using deprecated module
Use deprecated decorator
Using open without explicitly specifying an encoding
Use the min builtin instead of using an if condition
'await' should be used within an async function
__future__ import is not the first non docstring statement
Assert called on a 2-item-tuple.
Iterated dict is being modified inside for loop body, iterate through a copy of it instead.
Unnecessarily calls dunder method %s. %s.
Lambda expression assigned to a variable. Define a function using the "def" keyword instead.
Leaving functions creating breakpoints in production code is not recommended.
Contains control characters that can permit obfuscated code executed differently than displayed.
Useless option value.
Unnecessary list index lookup, use '%s' instead.
Unknown option value.
Super call without brackets.
Unnecessary ellipsis constant.
Comparison between constants has a constant value
cache will keep all method args alive indefinitely, including 'self'
Name doesn't conform to naming rules associated to its type
Blacklist Python calls known to be dangerous
Potential SQL injection on extra function
Potential SQL injection on RawSQL function
Invalid unescaped character zero-width-space, use "u200B" instead.
Iterated list is being modified inside for loop body
Paramiko call with policy set to automatically trust the unknown host key.
Duplicate value in set
Import a module with non-ASCII characters
Iterated set is being modified inside for loop body, iterate through a copy of it instead.
Using deprecated class
Using deprecated method
Using deprecated module
Missing timeout argument can cause your program to hang indefinitely
Non-string value assigned
Useless parent or super() delegation
Member is unhashable