B102
Security
High
Detect use of exec (security issue)
BACK TO LIST
Python rules
The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.
B103
Security
High
Chmod setting a permissive mask 0o755 on file (entryfile).
B104
Security
High
Possible binding to all interfaces.
B108
Security
High
Insecure usage of file or directory
B201
Security
Critical
A Flask app appears to be run with debug=True
B301
Security
High
Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data
B302
Security
High
Deserialization with the marshal module is possibly dangerous.
B303
Security
High
Use of insecure MD2
B305
Security
High
Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.
B306
Security
High
Use of insecure and deprecated function (mktemp).
B307
Security
High
Use of possibly insecure function - consider using safer ast.literal\_eval.
B308
Security
High
Use of mark\_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
B309
Security
High
Use of HTTPSConnection on older versions of Python prior to 2.7.9 and 3.4.3 do not provide security
B310
Security
High
Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
B312
Security
Critical
Telnet-related functions are being called. Telnet is considered insecure. Use SSH or some other encrypted protocol.
B313
Security
High
Using xml.etree.cElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
B314
Security
High
Using xml.etree.ElementTree.iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.iterparse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
B317
Security
High
Using xml.sax.make\_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make\_parser with its defusedxml equivalent function or make sure defusedxml.defuse\_stdlib() is called
B318
Security
High
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
B320
Security
High
Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
B321
Security
Critical
FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
B322
Security
Critical
The input method in Python 2 will read from standard input
B323
Security
High
Detect unsecure use of HTTPS connexion
B324
Security
High
Use of insecure MD4 or MD5 hash function.
B401
Security
Critical
A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.
B402
Security
Critical
A FTP-related module is being imported. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
B411
Security
Critical
Using MAXINT to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities.
B413
Security
Critical
The pyCrypto library and its module SHA256 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
B501
Security
Critical
Requests call with verify=False disabling SSL certificate checks
B506
Security
High
Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
B601
Security
High
Possible shell injection via Paramiko call
B602
Security
Critical
subprocess call with shell=True identified
B605
Security
Critical
Starting a process with a shell
B608
Security
High
Possible SQL injection vector through string-based query construction.
B701
Security
Critical
Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Ensure autoescape=True or use the select\_autoescape function to mitigate XSS vulnerabilities.
B702
Security
High
Mako templates allow HTML/JS rendering by default and are inherently open to XSS attacks. Ensure variables in all templates are properly sanitized via the 'n'
B703
Security
High
Potential XSS on mark\_safe function.
C0111
Documentation
Minor
Missing docstring on module, function, class or method
C0112
Code style
Minor
Module, function, class or method have an empty docstring
C0113
Best practice
Minor
Detect inappropriate use of the not keyword
C0116
Documentation
Minor
Missing docstring on a function
C0121
Best practice
Minor
Check when valid is compared to True, False or None (and can be replaced by simpler expressions)
C0122
Code style
Medium
Check correct use of constants in comparisons.
C0123
Best practice
Medium
Using type() instead of isinstance() for a typecheck.
C0144
Best practice
Minor
Detect when a name contains at least one non-ASCII unicode character
C0200
Best practice
Medium
Consider using enumerate instead of iterating with range and len
C0201
Best practice
Medium
Consider iterating the dictionary directly instead of calling .keys()
C0202
Code style
Minor
Detect when a class method has a first argument named differently than the value specified in valid-classmethod-first-arg option
C0203
Code style
Minor
Detect when a metaclass method has a first argument named differently than the value specified in valid-classmethod-first-arg option.
C0204
Code style
Minor
Metaclass class method __new__ should have 'cls' as first argument
C0205
Best practice
High
Ensure that __slots__ is an iterable and not a base type
C0302
Code style
Minor
Too many lines in a module
C0304
Code style
Minor
Final newline missing
C0305
Best practice
Minor
Trailing newlines
C0321
Error prone
High
More than one statement on a single line
C0325
Code style
Medium
Unnecessary parens
C0326
Code style
Minor
Bad whitespace
C0327
Code style
Minor
Mixed line endings (between LF and CRLF)
C0330
Code style
Minor
Wrong indentation
C0410
Best practice
Medium
Multiple imports on one line
C0411
Best practice
Medium
Wrong import order
C0412
Best practice
Minor
Imports are not grouped
C0413
Best practice
Minor
Import and code are mixed
C0414
Best practice
Minor
Import alias is same as original package
C0415
Best practice
Medium
Import not put at the top level of the file
C1801
Error prone
High
Use len() without explicit argument
E0011
Code style
High
Unrecognized options
E0012
Unknown
High
Bad option value
E0101
Code style
High
Use of return in init
E0102
Error prone
High
Detect functions that already exist
E0103
Error prone
High
break or continue used outside a loop
E0104
Error prone
High
Return outside function
E0105
Error prone
High
The yield keyword is used outside a function
E0107
Error prone
High
Use of operator that does not exist
E0110
Error prone
High
Abstract class instantiation attempt
E0111
Error prone
High
Bad argument passed to reversed()
E0117
Error prone
High
A nonlocal variable does not have an attached name somewhere in the parent scopes.
E0202
Safety
High
Method has the same name as an attribute
E0203
Safety
High
Access to members before they are defined
E0211
Code style
High
A method which should have the bound instance as first argument has no argument defined.
E0213
Code style
High
Method should have self as first argument
E0237
Error prone
High
Assigning an attribute not defined in the class slots
E0239
Error prone
High
Detect class that inherit non-classes
E0242
Error prone
High
Value conflict with __slots__
E0301
Error prone
High
__iter__ returns non-iterator
E0302
Error prone
High
The special method __int__ should have 0 parameter
E0306
Safety
High
__repr__ does not return str
E0307
Safety
Critical
__str__ does not return str
E0309
Safety
Critical
__hash__ does not return an int
E0401
Safety
High
Module that cannot be imported
E0402
Safety
High
Attempted relative import beyond top-level package
E0601
Safety
Critical
Using variable before assignment
E0602
Code style
High
Undefined variable is trying to be accessed
E0603
Error prone
High
Undefined variable name referenced in __all\__
E0604
Error prone
High
Invalid object referenced in __all__
E0611
Code style
Critical
Invalid name in module
E0633
Error prone
High
Attempting to unpack a non-sequence
E0701
Safety
Medium
Bad except clauses order
E0702
Safety
High
Raising int while only classes or instances are allowed
E0704
Error prone
High
The raise statement is not inside an except clause
E0710
Error prone
High
Raising a new style class which doesn't inherit from BaseException
E0711
Error prone
High
NotImplemented raised and should raise NotImplementedError instead
E0712
Safety
Critical
Catching an exception which doesn't inherit from Exception.
E1003
Error prone
High
Another argument than the current class is given as first argument of the super builtin
E1101
Safety
Critical
Detect members or attributes that do not exists
E1102
Error prone
Critical
Object is not callable
E1111
Safety
Critical
Assigning result of a function call with no return
E1120
Safety
Critical
No value for argument in function call
E1121
Error prone
Critical
Too many arguments for method call
E1123
Error prone
Critical
Unexpected keyword argument in method call
E1124
Error prone
Critical
Argument passed by position and keyword in method call
E1125
Error prone
High
Missing mandatory keyword argument in function call
E1126
Error prone
High
Sequence type is indexed with an invalid type
E1128
Safety
Critical
Assigning result of a function call that returns nothing but None.
E1129
Error prone
High
Context manager doesn't implement __enter__ and __exit__
E1130
Error prone
High
Unary operand is used on an object which does not support this type of operation.
E1132
Error prone
High
Got multiple values for keyword argument in function call
E1133
Error prone
Critical
Non-iterable value used in an iterating context
E1134
Error prone
High
Non-mapping value is used in a mapping context
E1135
Error prone
Critical
Value doesn't support membership test
E1136
Error prone
High
Value is unsubscriptable
E1137
Safety
Critical
Unsupported assignment operation
E1138
Safety
Critical
Unsupported delete operation
E1139
Error prone
High
Invalid metaclass used
E1141
Error prone
Critical
Invalid iteration over dictionary items
E1205
Error prone
Critical
Too many arguments for logging format string
E1206
Error prone
Critical
Not enough arguments in logging call
E1301
Code style
High
Format string ends in middle of conversion specifier
E1305
Error prone
Medium
Too many arguments for format string
E1306
Error prone
Critical
Not enough arguments for format string
E1307
Error prone
High
Incorrect format string
E1310
Error prone
High
The argument to a str.{l,r,}strip call contains a duplicate character
I1101
Error prone
Medium
Variable is accessed for non-existent member of C extension
R0123
Error prone
High
Invalid literal comparison
R0124
Design
Medium
Comparison with same value
R0201
Design
Minor
Does not use self
R0202
Design
Medium
No classmethod decorator
R0205
Design
Minor
Class inherits from object
R0206
Design
Minor
Cannot have defined parameters for properties
R0401
Design
Minor
Cyclic import
R0801
Design
Minor
Similar lines detection
R0901
Design
Minor
Too many ancestors
R0902
Design
Minor
Too many instance attributes
R0903
Design
Minor
Too few public methods
R0904
Design
Minor
Too many public methods
R0911
Design
Minor
Too many return statements
R0912
Design
Minor
Too many branches
R0913
Design
Minor
Too many arguments for a function or method
R0914
Design
Medium
Too many local variables
R0915
Design
Medium
Too many statements, split your functions in smaller functions
R0916
Design
Medium
Too many boolean expressions in if statement
R1701
Design
Minor
Multiple calls of isinstance calls can be merged
R1702
Design
Medium
Too many nested blocks
R1703
Design
Medium
The if statement can be replaced with a return and a boolean expression
R1704
Design
Minor
Redefining argument with local name
R1705
Design
Medium
Unnecessary else after return
R1706
Design
Minor
Consider using ternary operator
R1707
Error prone
High
Misplacing comma that creates a tuple
R1708
Design
High
Do not raise StopIteration in generator
R1710
Design
High
Inconsistent return type in function
R1711
Design
Minor
Useless return at end of function or method
R1712
Best practice
High
Consider using tuple unpacking for swapping variables
R1713
Best practice
High
Consider using str.join() for concatenating strings from an iterable
R1715
Best practice
High
Consider using dict.get for getting values from a dict if a key is present or a default if not
R1716
Design
Medium
Simplify chained comparison between the operands
R1717
Design
Minor
Consider using a dictionary comprehension
R1718
Design
Minor
Consider using a set comprehension
R1719
Design
High
Conditions can be simplified
R1720
Design
Medium
Unnecessary else after raise
R1721
Design
Medium
Unnecessary use of a comprehension
R1722
Best practice
Minor
Use sys.exit()
R1723
Design
Medium
Unnecessary elif after break
R1724
Design
Medium
Unnecessary elif after continue
W0101
Error prone
Critical
Unreachable code
W0102
Safety
High
Dangerous default value as argument
W0104
Error prone
High
Statement have no effect
W0105
Performance
High
String statement has no effect
W0106
Performance
High
Expression not assigned
W0107
Design
Medium
Unnecessary pass statement
W0108
Design
High
Lambda may not be necessary
W0109
Error prone
Critical
Duplicate key in dictionary
W0120
Design
High
Useless else on loop
W0122
Security
High
Use of exec
W0123
Security
Critical
Use of eval
W0124
Error prone
High
With statement returns multiple values
W0125
Design
Medium
Conditional statement with a constant value
W0126
Error prone
High
Conditional statement with potentially wrong function or method call due to missing parentheses
W0127
Design
High
Assigning a variable to itself
W0128
Safety
High
Redeclared variable in assignment
W0129
Error prone
Medium
Assert statement has a string literal as its first argument and the assert will never fail.
W0143
Error prone
Medium
Comparing against a callable (parenthesis needed)
W0150
Design
Medium
return statement in finally block may swallow exception
W0201
Design
High
Attribute defined outside __init__
W0211
Design
High
Static method with self as first argument
W0212
Design
Medium
Access to a protected member of a client class
W0221
Design
High
Parameters differ from overridden method
W0222
Design
Medium
Signature is different than in the implemented interface or in an overridden method
W0223
Design
High
Abstract method not overriden
W0231
Design
Medium
__init__ method from base class is not called in inherited class
W0232
Code style
Medium
Class has no __init__ method
W0233
Design
High
An __init__ method is called on a class which is not in the direct ancestors for the analyzed class
W0235
Design
Medium
Useless super delegation
W0236
Design
High
Invalid overridden method
W0301
Code style
Medium
Unnecessary semicolon
W0311
Code style
Medium
Bad indentation
W0401
Best practice
Medium
Use of wildcard imports
W0402
Best practice
High
Uses of deprecated modules
W0404
Best practice
Medium
Module imported twice
W0406
Design
Medium
Module imports itself
W0511
Best practice
Minor
Use TODO, not FIXME
W0601
Safety
High
Global variable used but not defined
W0602
Error prone
Medium
Global variable used but not assigned
W0603
Best practice
Medium
Using the global statement
W0604
Design
High
Using the global statement at the module level
W0611
Best practice
Medium
Unused import
W0612
Best practice
Medium
Unused variable
W0614
Error prone
Medium
Unused import from another module
W0621
Design
High
Redefining name from outer scope
W0622
Design
High
Redefining built-in from Python
W0631
Safety
High
Loop variable used outside a loop
W0632
Error prone
High
Possible unbalanced tuple unpacking with sequence
W0640
Design
High
Use variable in closure when defined in a loop
W0641
Error prone
Medium
Variable defined but not used
W0642
Design
Medium
Invalid assignment to cls or self
W0702
Design
High
Not using specific exception in an except statement
W0703
Design
High
Catching too general exception
W0705
Design
High
Catching the same exception twice
W0706
Design
High
Use the right exception when raising an exception in an except block
W0711
Safety
Critical
Operation is raising exception
W0715
Best practice
High
Passing multiple incorrect arguments to an exception constructor
W1113
Design
Medium
Keyword argument before variable positional arguments list
W1114
Design
Medium
Positional arguments appear to be out of order
W1116
Error prone
High
Argument of isinstance is not a type
W1201
Best practice
Medium
Do not use lazy formatting
W1202
Best practice
Medium
Do not use format() in logging function
W1203
Best practice
High
Use %s in logging function
W1302
Error prone
High
Invalid format string
W1303
Error prone
High
Missing format() argument key
W1304
Best practice
High
Unused format argument
W1305
Error prone
Medium
Invalid combined format specification
W1306
Best practice
Medium
Missing format attribute
W1308
Best practice
Medium
Duplicate string formatting argument
W1309
Best practice
High
Using an f-string that does not have any interpolated variables
W1401
Best practice
Medium
Anomalous backslash in string
W1403
Error prone
High
Implicit string concatenation found in list
W1404
Safety
High
Implicit string concatenation
W1501
Best practice
High
Invalid file open mode
W1503
Best practice
Medium
Redundant use of unit test assert
W1505
Best practice
Medium
Use of deprecated method
W1506
Best practice
Medium
Thread needs the target function
W1508
Safety
High
Invalid default value when getting the environment
W1509
Safety
Medium
Using preexec_fn keyword which may be unsafe in the presence of threads
W1510
Security
High
Using subprocess.run without explicitly set `check` is not recommended.
C0102
Code style
Minor
Detect blacklisted names (toto, foo, etc)
C0209
Code style
Minor
Use a f-string
W0237
Best practice
High
Method parameter has a different name than in the implemented interface or in an overridden method
W0238
Error prone
Medium
Unused private member
C0104
Best practice
High
Disallowed name (e.g. foo, bar, etc)
C0206
Best practice
Medium
Consider iterating with .items()
R1714
Best practice
High
Use in instead of iterating over value and using equal
C0207
Best practice
Medium
Accessing only the first or last element of str.split() and should be done more efficiently.
C1802
Best practice
Medium
Use implicit boolean with len()
C1803
Error prone
Medium
Make use of implicit boolean
C0208
Best practice
Medium
Use a sequence type when iterating over values When iterating over values, sequence types (e.g., lists, tuples, ranges) are more efficient than sets.
R0203
Best practice
Medium
Consider using a decorator instead of calling staticmethod
R1709
Design
Medium
https://vald-phoenix.github.io/pylint-errors/plerr/errors/refactoring/R1709
R1725
Best practice
Medium
Consider using Python 3 style super() without arguments
R1726
Design
Medium
Boolean expression can be simplified
R1727
Error prone
High
Boolean value has always the same value
R1728
Performance
Medium
Consider using a generator instead for better performance
R1729
Performance
Medium
Comprehension inside of 'any' or 'all' is unnecessary. A generator would be sufficient and faster.
R1731
Best practice
Minor
Using the max builtin instead of a conditional improves readability and conciseness
R1732
Best practice
Medium
Consider using 'with' for resource-allocating operations
R1733
Performance
Medium
Iterating over the dictionary items (key-item pairs) and accessing the value by index lookup when the value can be accessed directly instead
R1735
Best practice
Minor
Using dict() to create an empty dictionary instead of the literal {}. The literal is faster as it avoids an additional function call.
W0177
Best practice
Medium
An expression is compared to NaNvalues like numpy.NaN and float('nan')
W1310
Error prone
Minor
String that does not have any interpolation variables, in which case it can be either a normal string without formatting or a bug in the code.
W1406
Best practice
Medium
Used when we detect a string with a u prefix. These prefixes were necessary in Python 2 to indicate a string was Unicode, but since Python 3.0 strings are Unicode by default.
W1512
Best practice
Medium
Using deprecated module
W1513
Best practice
Medium
Use deprecated decorator
W1514
Error prone
Medium
Using open without explicitly specifying an encoding
R1730
Error prone
Medium
Use the min builtin instead of using an if condition
E1142
Best practice
High
'await' should be used within an async function
W0410
Code style
Minor
__future__ import is not the first non docstring statement
W0199
Error prone
Medium
Assert called on a 2-item-tuple.
E4702
Safety
High
Iterated dict is being modified inside for loop body, iterate through a copy of it instead.
C2801
Best practice
Medium
Unnecessarily calls dunder method %s. %s.
C3001
Error prone
Medium
Lambda expression assigned to a variable. Define a function using the "def" keyword instead.
W1515
Best practice
Medium
Leaving functions creating breakpoints in production code is not recommended.
E2502
Best practice
Minor
Contains control characters that can permit obfuscated code executed differently than displayed.
R0022
Error prone
Medium
Useless option value.
R1736
Best practice
Medium
Unnecessary list index lookup, use '%s' instead.
W0012
Error prone
Medium
Unknown option value.
W0245
Error prone
Critical
Super call without brackets.
W2301
Documentation
Medium
Unnecessary ellipsis constant.
R0133
Performance
Critical
Comparison between constants has a constant value
W1518
Best practice
Medium
cache will keep all method args alive indefinitely, including 'self'
C0105
Code style
Minor
Name doesn't conform to naming rules associated to its type
B319
Security
High
Blacklist Python calls known to be dangerous
B610
Security
High
Potential SQL injection on extra function
B611
Security
High
Potential SQL injection on RawSQL function
E2515
Security
Medium
Invalid unescaped character zero-width-space, use "u200B" instead.
W4701
Safety
Critical
Iterated list is being modified inside for loop body
B507
Security
High
Paramiko call with policy set to automatically trust the unknown host key.
W0130
Best practice
Medium
Duplicate value in set
C2403
Error prone
Medium
Import a module with non-ASCII characters
E4703
Safety
Critical
Iterated set is being modified inside for loop body, iterate through a copy of it instead.