facebook pixelPython Static Analysis Rules
BACK TO LIST

Python rules

The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.

      B102

      Security
      High

      Detect use of exec (security issue)

      Learn more

      B103

      Security
      High

      Chmod setting a permissive mask 0o755 on file (entryfile).

      B104

      Security
      High

      Possible binding to all interfaces.

      B108

      Security
      High

      Insecure usage of file or directory

      B201

      Security
      Critical

      A Flask app appears to be run with debug=True

      B301

      Security
      High

      Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data

      B302

      Security
      High

      Deserialization with the marshal module is possibly dangerous.

      B305

      Security
      High

      Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.

      B306

      Security
      High

      Use of insecure and deprecated function (mktemp).

      B307

      Security
      High

      Use of possibly insecure function - consider using safer ast.literal\_eval.

      B308

      Security
      High

      Use of mark\_safe() may expose cross-site scripting vulnerabilities and should be reviewed.

      B309

      Security
      High

      Use of HTTPSConnection on older versions of Python prior to 2.7.9 and 3.4.3 do not provide security

      B310

      Security
      High

      Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

      B312

      Security
      Critical

      Telnet-related functions are being called. Telnet is considered insecure. Use SSH or some other encrypted protocol.

      B313

      Security
      High

      Using xml.etree.cElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

      B314

      Security
      High

      Using xml.etree.ElementTree.iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.iterparse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

      B317

      Security
      High

      Using xml.sax.make\_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make\_parser with its defusedxml equivalent function or make sure defusedxml.defuse\_stdlib() is called

      B318

      Security
      High

      Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

      B320

      Security
      High

      Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

      B321

      Security
      Critical

      FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.

      B322

      Security
      Critical

      The input method in Python 2 will read from standard input

      B323

      Security
      High

      Detect unsecure use of HTTPS connexion

      B324

      Security
      High

      Use of insecure MD4 or MD5 hash function.

      B401

      Security
      Critical

      A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.

      B402

      Security
      Critical

      A FTP-related module is being imported. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.

      B411

      Security
      Critical

      Using MAXINT to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities.

      B413

      Security
      Critical

      The pyCrypto library and its module SHA256 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.

      B501

      Security
      Critical

      Requests call with verify=False disabling SSL certificate checks

      B506

      Security
      High

      Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().

      B601

      Security
      High

      Possible shell injection via Paramiko call

      B602

      Security
      Critical

      subprocess call with shell=True identified

      B605

      Security
      Critical

      Starting a process with a shell

      B608

      Security
      High

      Possible SQL injection vector through string-based query construction.

      B701

      Security
      Critical

      Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Ensure autoescape=True or use the select\_autoescape function to mitigate XSS vulnerabilities.

      B702

      Security
      High

      Mako templates allow HTML/JS rendering by default and are inherently open to XSS attacks. Ensure variables in all templates are properly sanitized via the 'n'

      B703

      Security
      High

      Potential XSS on mark\_safe function.

      C0111

      Documentation
      Minor

      Missing docstring on module, function, class or method

      C0112

      Code style
      Minor

      Module, function, class or method have an empty docstring

      C0113

      Best practice
      Minor

      Detect inappropriate use of the not keyword

      C0116

      Documentation
      Minor

      Missing docstring on a function

      C0121

      Best practice
      Minor

      Check when valid is compared to True, False or None (and can be replaced by simpler expressions)

      C0122

      Code style
      Medium

      Check correct use of constants in comparisons.

      C0123

      Best practice
      Medium

      Using type() instead of isinstance() for a typecheck.

      C0144

      Best practice
      Minor

      Detect when a name contains at least one non-ASCII unicode character

      C0200

      Best practice
      Medium

      Consider using enumerate instead of iterating with range and len

      C0201

      Best practice
      Medium

      Consider iterating the dictionary directly instead of calling .keys()

      C0202

      Code style
      Minor

      Detect when a class method has a first argument named differently than the value specified in valid-classmethod-first-arg option

      C0203

      Code style
      Minor

      Detect when a metaclass method has a first argument named differently than the value specified in valid-classmethod-first-arg option.

      C0204

      Code style
      Minor

      Metaclass class method __new__ should have 'cls' as first argument

      C0205

      Best practice
      High

      Ensure that __slots__ is an iterable and not a base type

      C0302

      Code style
      Minor

      Too many lines in a module

      C0304

      Code style
      Minor

      Final newline missing

      C0305

      Best practice
      Minor

      Trailing newlines

      C0321

      Error prone
      High

      More than one statement on a single line

      C0327

      Code style
      Minor

      Mixed line endings (between LF and CRLF)

      C0410

      Best practice
      Medium

      Multiple imports on one line

      C0411

      Best practice
      Medium

      Wrong import order

      C0412

      Best practice
      Minor

      Imports are not grouped

      C0413

      Best practice
      Minor

      Import and code are mixed

      C0414

      Best practice
      Minor

      Import alias is same as original package

      C0415

      Best practice
      Medium

      Import not put at the top level of the file

      C1801

      Error prone
      High

      Use len() without explicit argument

      E0012

      Unknown
      High

      Bad option value

      E0101

      Code style
      High

      Use of return in init

      E0102

      Error prone
      High

      Detect functions that already exist

      E0103

      Error prone
      High

      break or continue used outside a loop

      E0104

      Error prone
      High

      Return outside function

      E0105

      Error prone
      High

      The yield keyword is used outside a function

      E0107

      Error prone
      High

      Use of operator that does not exist

      E0110

      Error prone
      High

      Abstract class instantiation attempt

      E0111

      Error prone
      High

      Bad argument passed to reversed()

      E0117

      Error prone
      High

      A nonlocal variable does not have an attached name somewhere in the parent scopes.

      E0202

      Safety
      High

      Method has the same name as an attribute

      E0203

      Safety
      High

      Access to members before they are defined

      E0211

      Code style
      High

      A method which should have the bound instance as first argument has no argument defined.

      E0213

      Code style
      High

      Method should have self as first argument

      E0237

      Error prone
      High

      Assigning an attribute not defined in the class slots

      E0239

      Error prone
      High

      Detect class that inherit non-classes

      E0242

      Error prone
      High

      Value conflict with __slots__

      E0301

      Error prone
      High

      __iter__ returns non-iterator

      E0302

      Error prone
      High

      The special method __int__ should have 0 parameter

      E0306

      Safety
      High

      __repr__ does not return str

      E0307

      Safety
      Critical

      __str__ does not return str

      E0309

      Safety
      Critical

      __hash__ does not return an int

      E0401

      Safety
      High

      Module that cannot be imported

      E0402

      Safety
      High

      Attempted relative import beyond top-level package

      E0601

      Safety
      Critical

      Using variable before assignment

      E0602

      Code style
      High

      Undefined variable is trying to be accessed

      E0603

      Error prone
      High

      Undefined variable name referenced in __all\__

      E0604

      Error prone
      High

      Invalid object referenced in __all__

      E0611

      Code style
      Critical

      Invalid name in module

      E0633

      Error prone
      High

      Attempting to unpack a non-sequence

      E0701

      Safety
      Medium

      Bad except clauses order

      E0702

      Safety
      High

      Raising int while only classes or instances are allowed

      E0704

      Error prone
      High

      The raise statement is not inside an except clause

      E0710

      Error prone
      High

      Raising a new style class which doesn't inherit from BaseException

      E0711

      Error prone
      High

      NotImplemented raised and should raise NotImplementedError instead

      E0712

      Safety
      Critical

      Catching an exception which doesn't inherit from Exception.

      E1003

      Error prone
      High

      Another argument than the current class is given as first argument of the super builtin

      E1101

      Safety
      Critical

      Detect members or attributes that do not exists

      E1102

      Error prone
      Critical

      Object is not callable

      E1111

      Safety
      Critical

      Assigning result of a function call with no return

      E1120

      Safety
      Critical

      No value for argument in function call

      E1121

      Error prone
      Critical

      Too many arguments for method call

      E1123

      Error prone
      Critical

      Unexpected keyword argument in method call

      E1124

      Error prone
      Critical

      Argument passed by position and keyword in method call

      E1125

      Error prone
      High

      Missing mandatory keyword argument in function call

      E1126

      Error prone
      High

      Sequence type is indexed with an invalid type

      E1128

      Safety
      Critical

      Assigning result of a function call that returns nothing but None.

      E1129

      Error prone
      High

      Context manager doesn't implement __enter__ and __exit__

      E1130

      Error prone
      High

      Unary operand is used on an object which does not support this type of operation.

      E1132

      Error prone
      High

      Got multiple values for keyword argument in function call

      E1133

      Error prone
      Critical

      Non-iterable value used in an iterating context

      E1134

      Error prone
      High

      Non-mapping value is used in a mapping context

      E1135

      Error prone
      Critical

      Value doesn't support membership test

      E1136

      Error prone
      High

      Value is unsubscriptable

      E1137

      Safety
      Critical

      Unsupported assignment operation

      E1138

      Safety
      Critical

      Unsupported delete operation

      E1139

      Error prone
      High

      Invalid metaclass used

      E1141

      Error prone
      Critical

      Invalid iteration over dictionary items

      E1205

      Error prone
      Critical

      Too many arguments for logging format string

      E1206

      Error prone
      Critical

      Not enough arguments in logging call

      E1301

      Code style
      High

      Format string ends in middle of conversion specifier

      E1305

      Error prone
      Medium

      Too many arguments for format string

      E1306

      Error prone
      Critical

      Not enough arguments for format string

      E1307

      Error prone
      High

      Incorrect format string

      E1310

      Error prone
      High

      The argument to a str.{l,r,}strip call contains a duplicate character

      I1101

      Error prone
      Medium

      Variable is accessed for non-existent member of C extension

      R0123

      Error prone
      High

      Invalid literal comparison

      R0124

      Design
      Medium

      Comparison with same value

      R0202

      Design
      Medium

      No classmethod decorator

      R0205

      Design
      Minor

      Class inherits from object

      R0206

      Design
      Minor

      Cannot have defined parameters for properties

      R0902

      Design
      Minor

      Too many instance attributes

      R0911

      Design
      Minor

      Too many return statements

      R0913

      Design
      Minor

      Too many arguments for a function or method

      R0914

      Design
      Medium

      Too many local variables

      R0915

      Design
      Medium

      Too many statements, split your functions in smaller functions

      R0916

      Design
      Medium

      Too many boolean expressions in if statement

      R1701

      Design
      Minor

      Multiple calls of isinstance calls can be merged

      R1703

      Design
      Medium

      The if statement can be replaced with a return and a boolean expression

      R1704

      Design
      Minor

      Redefining argument with local name

      R1705

      Design
      Medium

      Unnecessary else after return

      R1706

      Design
      Minor

      Consider using ternary operator

      R1707

      Error prone
      High

      Misplacing comma that creates a tuple

      R1708

      Design
      High

      Do not raise StopIteration in generator

      R1710

      Design
      High

      Inconsistent return type in function

      R1711

      Design
      Minor

      Useless return at end of function or method

      R1712

      Best practice
      High

      Consider using tuple unpacking for swapping variables

      R1713

      Best practice
      High

      Consider using str.join() for concatenating strings from an iterable

      R1715

      Best practice
      High

      Consider using dict.get for getting values from a dict if a key is present or a default if not

      R1716

      Design
      Medium

      Simplify chained comparison between the operands

      R1717

      Design
      Minor

      Consider using a dictionary comprehension

      R1718

      Design
      Minor

      Consider using a set comprehension

      R1719

      Design
      High

      Conditions can be simplified

      R1720

      Design
      Medium

      Unnecessary else after raise

      R1721

      Design
      Medium

      Unnecessary use of a comprehension

      R1723

      Design
      Medium

      Unnecessary elif after break

      R1724

      Design
      Medium

      Unnecessary elif after continue

      W0101

      Error prone
      Critical

      Unreachable code

      W0102

      Safety
      High

      Dangerous default value as argument

      W0104

      Error prone
      High

      Statement have no effect

      W0105

      Performance
      High

      String statement has no effect

      W0106

      Performance
      High

      Expression not assigned

      W0107

      Design
      Medium

      Unnecessary pass statement

      W0108

      Design
      High

      Lambda may not be necessary

      W0109

      Error prone
      Critical

      Duplicate key in dictionary

      W0124

      Error prone
      High

      With statement returns multiple values

      W0125

      Design
      Medium

      Conditional statement with a constant value

      W0126

      Error prone
      High

      Conditional statement with potentially wrong function or method call due to missing parentheses

      W0127

      Design
      High

      Assigning a variable to itself

      W0128

      Safety
      High

      Redeclared variable in assignment

      W0129

      Error prone
      Medium

      Assert statement has a string literal as its first argument and the assert will never fail.

      W0143

      Error prone
      Medium

      Comparing against a callable (parenthesis needed)

      W0150

      Design
      Medium

      return statement in finally block may swallow exception

      W0201

      Design
      High

      Attribute defined outside __init__

      W0211

      Design
      High

      Static method with self as first argument

      W0212

      Design
      Medium

      Access to a protected member of a client class

      W0221

      Design
      High

      Parameters differ from overridden method

      W0222

      Design
      Medium

      Signature is different than in the implemented interface or in an overridden method

      W0223

      Design
      High

      Abstract method not overriden

      W0231

      Design
      Medium

      __init__ method from base class is not called in inherited class

      W0232

      Code style
      Medium

      Class has no __init__ method

      W0233

      Design
      High

      An __init__ method is called on a class which is not in the direct ancestors for the analyzed class

      W0235

      Design
      Medium

      Useless super delegation

      W0236

      Design
      High

      Invalid overridden method

      W0301

      Code style
      Medium

      Unnecessary semicolon

      W0401

      Best practice
      Medium

      Use of wildcard imports

      W0402

      Best practice
      High

      Uses of deprecated modules

      W0404

      Best practice
      Medium

      Module imported twice

      W0511

      Best practice
      Minor

      Use TODO, not FIXME

      W0601

      Safety
      High

      Global variable used but not defined

      W0602

      Error prone
      Medium

      Global variable used but not assigned

      W0603

      Best practice
      Medium

      Using the global statement

      W0604

      Design
      High

      Using the global statement at the module level

      W0614

      Error prone
      Medium

      Unused import from another module

      W0621

      Design
      High

      Redefining name from outer scope

      W0622

      Design
      High

      Redefining built-in from Python

      W0631

      Safety
      High

      Loop variable used outside a loop

      W0632

      Error prone
      High

      Possible unbalanced tuple unpacking with sequence

      W0640

      Design
      High

      Use variable in closure when defined in a loop

      W0641

      Error prone
      Medium

      Variable defined but not used

      W0642

      Design
      Medium

      Invalid assignment to cls or self

      W0702

      Design
      High

      Not using specific exception in an except statement

      W0703

      Design
      High

      Catching too general exception

      W0705

      Design
      High

      Catching the same exception twice

      W0706

      Design
      High

      Use the right exception when raising an exception in an except block

      W0711

      Safety
      Critical

      Operation is raising exception

      W0715

      Best practice
      High

      Passing multiple incorrect arguments to an exception constructor

      W1113

      Design
      Medium

      Keyword argument before variable positional arguments list

      W1114

      Design
      Medium

      Positional arguments appear to be out of order

      W1116

      Error prone
      High

      Argument of isinstance is not a type

      W1201

      Best practice
      Medium

      Do not use lazy formatting

      W1202

      Best practice
      Medium

      Do not use format() in logging function

      W1203

      Best practice
      High

      Use %s in logging function

      W1302

      Error prone
      High

      Invalid format string

      W1303

      Error prone
      High

      Missing format() argument key

      W1304

      Best practice
      High

      Unused format argument

      W1305

      Error prone
      Medium

      Invalid combined format specification

      W1306

      Best practice
      Medium

      Missing format attribute

      W1308

      Best practice
      Medium

      Duplicate string formatting argument

      W1309

      Best practice
      High

      Using an f-string that does not have any interpolated variables

      W1401

      Best practice
      Medium

      Anomalous backslash in string

      W1403

      Error prone
      High

      Implicit string concatenation found in list

      W1404

      Safety
      High

      Implicit string concatenation

      W1501

      Best practice
      High

      Invalid file open mode

      W1503

      Best practice
      Medium

      Redundant use of unit test assert

      W1505

      Best practice
      Medium

      Use of deprecated method

      W1506

      Best practice
      Medium

      Thread needs the target function

      W1508

      Safety
      High

      Invalid default value when getting the environment

      W1509

      Safety
      Medium

      Using preexec_fn keyword which may be unsafe in the presence of threads

      W1510

      Security
      High

      Using subprocess.run without explicitly set `check` is not recommended.

      C0102

      Code style
      Minor

      Detect blacklisted names (toto, foo, etc)

      W0237

      Best practice
      High

      Method parameter has a different name than in the implemented interface or in an overridden method

      W0238

      Error prone
      Medium

      Unused private member

      C0104

      Best practice
      High

      Disallowed name (e.g. foo, bar, etc)

      C0206

      Best practice
      Medium

      Consider iterating with .items()

      R1714

      Best practice
      High

      Use in instead of iterating over value and using equal

      C0207

      Best practice
      Medium

      Accessing only the first or last element of str.split() and should be done more efficiently.

      C1802

      Best practice
      Medium

      Use implicit boolean with len()

      C1803

      Error prone
      Medium

      Make use of implicit boolean

      C0208

      Best practice
      Medium

      Use a sequence type when iterating over values When iterating over values, sequence types (e.g., lists, tuples, ranges) are more efficient than sets.

      R0203

      Best practice
      Medium

      Consider using a decorator instead of calling staticmethod

      R1709

      Design
      Medium

      https://vald-phoenix.github.io/pylint-errors/plerr/errors/refactoring/R1709

      R1725

      Best practice
      Medium

      Consider using Python 3 style super() without arguments

      R1726

      Design
      Medium

      Boolean expression can be simplified

      R1727

      Error prone
      High

      Boolean value has always the same value

      R1728

      Performance
      Medium

      Consider using a generator instead for better performance

      R1729

      Performance
      Medium

      Comprehension inside of 'any' or 'all' is unnecessary. A generator would be sufficient and faster.

      R1731

      Best practice
      Minor

      Using the max builtin instead of a conditional improves readability and conciseness

      R1732

      Best practice
      Medium

      Consider using 'with' for resource-allocating operations

      R1733

      Performance
      Medium

      Iterating over the dictionary items (key-item pairs) and accessing the value by index lookup when the value can be accessed directly instead

      R1735

      Best practice
      Minor

      Using dict() to create an empty dictionary instead of the literal {}. The literal is faster as it avoids an additional function call.

      W0177

      Best practice
      Medium

      An expression is compared to NaNvalues like numpy.NaN and float('nan')

      W1310

      Error prone
      Minor

      String that does not have any interpolation variables, in which case it can be either a normal string without formatting or a bug in the code.

      W1406

      Best practice
      Medium

      Used when we detect a string with a u prefix. These prefixes were necessary in Python 2 to indicate a string was Unicode, but since Python 3.0 strings are Unicode by default.

      W1512

      Best practice
      Medium

      Using deprecated module

      W1513

      Best practice
      Medium

      Use deprecated decorator

      W1514

      Error prone
      Medium

      Using open without explicitly specifying an encoding

      R1730

      Error prone
      Medium

      Use the min builtin instead of using an if condition

      E1142

      Best practice
      High

      'await' should be used within an async function

      E1131

      Error prone
      High

      Emitted when a binary arithmetic operation between two operands is not supported.

      W0410

      Code style
      Minor

      __future__ import is not the first non docstring statement

      W0199

      Error prone
      Medium

      Assert called on a 2-item-tuple.

      E4702

      Safety
      High

      Iterated dict is being modified inside for loop body, iterate through a copy of it instead.

      C2801

      Best practice
      Medium

      Unnecessarily calls dunder method %s. %s.

      C3001

      Error prone
      Medium

      Lambda expression assigned to a variable. Define a function using the "def" keyword instead.

      W1515

      Best practice
      Medium

      Leaving functions creating breakpoints in production code is not recommended.

      E2502

      Best practice
      Minor

      Contains control characters that can permit obfuscated code executed differently than displayed.

      R0022

      Error prone
      Medium

      Useless option value.

      R1736

      Best practice
      Medium

      Unnecessary list index lookup, use '%s' instead.

      W0012

      Error prone
      Medium

      Unknown option value.

      W0245

      Error prone
      Critical

      Super call without brackets.

      W2301

      Documentation
      Medium

      Unnecessary ellipsis constant.

      R0133

      Performance
      Critical

      Comparison between constants has a constant value

      W1518

      Best practice
      Medium

      cache will keep all method args alive indefinitely, including 'self'

      C0105

      Code style
      Minor

      Name doesn't conform to naming rules associated to its type