facebook pixelPython Static Analysis Rules
BACK TO LIST

Python rules

The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.

B102

Security
High

Detect use of exec (security issue)

Learn more

B103

Security
High

Chmod setting a permissive mask 0o755 on file (entryfile).

B104

Security
High

Possible binding to all interfaces.

B108

Security
High

Insecure usage of file or directory

B201

Security
Critical

A Flask app appears to be run with debug=True

B301

Security
High

Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data

B302

Security
High

Deserialization with the marshal module is possibly dangerous.

B305

Security
High

Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.

B306

Security
High

Use of insecure and deprecated function (mktemp).

B307

Security
High

Use of possibly insecure function - consider using safer ast.literal\_eval.

B308

Security
High

Use of mark\_safe() may expose cross-site scripting vulnerabilities and should be reviewed.

B309

Security
High

Use of HTTPSConnection on older versions of Python prior to 2.7.9 and 3.4.3 do not provide security

B310

Security
High

Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

B312

Security
Critical

Telnet-related functions are being called. Telnet is considered insecure. Use SSH or some other encrypted protocol.

B313

Security
High

Using xml.etree.cElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

B314

Security
High

Using xml.etree.ElementTree.iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.iterparse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

B317

Security
High

Using xml.sax.make\_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make\_parser with its defusedxml equivalent function or make sure defusedxml.defuse\_stdlib() is called

B318

Security
High

Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

B320

Security
High

Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

B321

Security
Critical

FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.

B322

Security
Critical

The input method in Python 2 will read from standard input

B323

Security
High

Detect unsecure use of HTTPS connexion

B324

Security
High

Use of insecure MD4 or MD5 hash function.

B401

Security
Critical

A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.

B402

Security
Critical

A FTP-related module is being imported. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.

B411

Security
Critical

Using MAXINT to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities.

B413

Security
Critical

The pyCrypto library and its module SHA256 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.

B501

Security
Critical

Requests call with verify=False disabling SSL certificate checks

B506

Security
High

Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().

B601

Security
High

Possible shell injection via Paramiko call

B602

Security
Critical

subprocess call with shell=True identified

B605

Security
Critical

Starting a process with a shell

B608

Security
High

Possible SQL injection vector through string-based query construction.

B701

Security
Critical

Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Ensure autoescape=True or use the select\_autoescape function to mitigate XSS vulnerabilities.

B702

Security
High

Mako templates allow HTML/JS rendering by default and are inherently open to XSS attacks. Ensure variables in all templates are properly sanitized via the 'n'

B703

Security
High

Potential XSS on mark\_safe function.

C0111

Documentation
Minor

Missing docstring on module, function, class or method

C0112

Code style
Minor

Module, function, class or method have an empty docstring

C0113

Best practice
Minor

Detect inappropriate use of the not keyword

C0116

Documentation
Minor

Missing docstring on a function

C0121

Best practice
Minor

Check when valid is compared to True, False or None (and can be replaced by simpler expressions)

C0122

Code style
Medium

Check correct use of constants in comparisons.

C0123

Best practice
Medium

Using type() instead of isinstance() for a typecheck.

C0144

Best practice
Minor

Detect when a name contains at least one non-ASCII unicode character

C0200

Best practice
Medium

Consider using enumerate instead of iterating with range and len

C0201

Best practice
Medium

Consider iterating the dictionary directly instead of calling .keys()

C0202

Code style
Minor

Detect when a class method has a first argument named differently than the value specified in valid-classmethod-first-arg option

C0203

Code style
Minor

Detect when a metaclass method has a first argument named differently than the value specified in valid-classmethod-first-arg option.

C0204

Code style
Minor

Metaclass class method __new__ should have 'cls' as first argument

C0205

Best practice
High

Ensure that __slots__ is an iterable and not a base type

C0302

Code style
Minor

Too many lines in a module

C0304

Code style
Minor

Final newline missing

C0305

Best practice
Minor

Trailing newlines

C0321

Error prone
High

More than one statement on a single line

C0327

Code style
Minor

Mixed line endings (between LF and CRLF)

C0410

Best practice
Medium

Multiple imports on one line

C0411

Best practice
Medium

Wrong import order

C0412

Best practice
Minor

Imports are not grouped

C0413

Best practice
Minor

Import and code are mixed

C0414

Best practice
Minor

Import alias is same as original package

C0415

Best practice
Medium

Import not put at the top level of the file

C1801

Error prone
High

Use len() without explicit argument

E0012

Unknown
High

Bad option value

E0101

Code style
High

Use of return in init

E0102

Error prone
High

Detect functions that already exist

E0103

Error prone
High

break or continue used outside a loop

E0104

Error prone
High

Return outside function

E0105

Error prone
High

The yield keyword is used outside a function

E0107

Error prone
High

Use of operator that does not exist

E0110

Error prone
High

Abstract class instantiation attempt

E0111

Error prone
High

Bad argument passed to reversed()

E0117

Error prone
High

A nonlocal variable does not have an attached name somewhere in the parent scopes.

E0202

Safety
High

Method has the same name as an attribute

E0203

Safety
High

Access to members before they are defined

E0211

Code style
High

A method which should have the bound instance as first argument has no argument defined.

E0213

Code style
High

Method should have self as first argument

E0237

Error prone
High

Assigning an attribute not defined in the class slots

E0239

Error prone
High

Detect class that inherit non-classes

E0242

Error prone
High

Value conflict with __slots__

E0301

Error prone
High

__iter__ returns non-iterator

E0302

Error prone
High

The special method __int__ should have 0 parameter

E0306

Safety
High

__repr__ does not return str

E0307

Safety
Critical

__str__ does not return str

E0309

Safety
Critical

__hash__ does not return an int

E0401

Safety
High

Module that cannot be imported

E0402

Safety
High

Attempted relative import beyond top-level package

E0601

Safety
Critical

Using variable before assignment

E0602

Code style
High

Undefined variable is trying to be accessed

E0603

Error prone
High

Undefined variable name referenced in __all\__

E0604

Error prone
High

Invalid object referenced in __all__

E0611

Code style
Critical

Invalid name in module

E0633

Error prone
High

Attempting to unpack a non-sequence

E0701

Safety
Medium

Bad except clauses order

E0702

Safety
High

Raising int while only classes or instances are allowed

E0704

Error prone
High

The raise statement is not inside an except clause

E0710

Error prone
High

Raising a new style class which doesn't inherit from BaseException

E0711

Error prone
High

NotImplemented raised and should raise NotImplementedError instead

E0712

Safety
Critical

Catching an exception which doesn't inherit from Exception.

E1003

Error prone
High

Another argument than the current class is given as first argument of the super builtin

E1101

Safety
Critical

Detect members or attributes that do not exists

E1102

Error prone
Critical

Object is not callable

E1111

Safety
Critical

Assigning result of a function call with no return

E1120

Safety
Critical

No value for argument in function call

E1121

Error prone
Critical

Too many arguments for method call

E1123

Error prone
Critical

Unexpected keyword argument in method call

E1124

Error prone
Critical

Argument passed by position and keyword in method call

E1125

Error prone
High

Missing mandatory keyword argument in function call

E1126

Error prone
High

Sequence type is indexed with an invalid type

E1128

Safety
Critical

Assigning result of a function call that returns nothing but None.

E1129

Error prone
High

Context manager doesn't implement __enter__ and __exit__

E1130

Error prone
High

Unary operand is used on an object which does not support this type of operation.

E1132

Error prone
High

Got multiple values for keyword argument in function call

E1133

Error prone
Critical

Non-iterable value used in an iterating context

E1134

Error prone
High

Non-mapping value is used in a mapping context

E1135

Error prone
Critical

Value doesn't support membership test

E1136

Error prone
High

Value is unsubscriptable

E1137

Safety
Critical

Unsupported assignment operation

E1138

Safety
Critical

Unsupported delete operation

E1139

Error prone
High

Invalid metaclass used

E1141

Error prone
Critical

Invalid iteration over dictionary items

E1205

Error prone
Critical

Too many arguments for logging format string

E1206

Error prone
Critical

Not enough arguments in logging call

E1301

Code style
High

Format string ends in middle of conversion specifier

E1305

Error prone
Medium

Too many arguments for format string

E1306

Error prone
Critical

Not enough arguments for format string

E1307

Error prone
High

Incorrect format string

E1310

Error prone
High

The argument to a str.{l,r,}strip call contains a duplicate character

I1101

Error prone
Medium

Variable is accessed for non-existent member of C extension

R0123

Error prone
High

Invalid literal comparison

R0124

Design
Medium

Comparison with same value

R0202

Design
Medium

No classmethod decorator

R0205

Design
Minor

Class inherits from object

R0206

Design
Minor

Cannot have defined parameters for properties

R0902

Design
Minor

Too many instance attributes

R0911

Design
Minor

Too many return statements

R0913

Design
Minor

Too many arguments for a function or method

R0914

Design
Medium

Too many local variables

R0915

Design
Medium

Too many statements, split your functions in smaller functions

R0916

Design
Medium

Too many boolean expressions in if statement

R1701

Design
Minor

Multiple calls of isinstance calls can be merged

R1703

Design
Medium

The if statement can be replaced with a return and a boolean expression

R1704

Design
Minor

Redefining argument with local name

R1705

Design
Medium

Unnecessary else after return

R1706

Design
Minor

Consider using ternary operator

R1707

Error prone
High

Misplacing comma that creates a tuple

R1708

Design
High

Do not raise StopIteration in generator

R1710

Design
High

Inconsistent return type in function

R1711

Design
Minor

Useless return at end of function or method

R1712

Best practice
High

Consider using tuple unpacking for swapping variables

R1713

Best practice
High

Consider using str.join() for concatenating strings from an iterable

R1715

Best practice
High

Consider using dict.get for getting values from a dict if a key is present or a default if not

R1716

Design
Medium

Simplify chained comparison between the operands

R1717

Design
Minor

Consider using a dictionary comprehension

R1718

Design
Minor

Consider using a set comprehension

R1719

Design
High

Conditions can be simplified

R1720

Design
Medium

Unnecessary else after raise

R1721

Design
Medium

Unnecessary use of a comprehension

R1723

Design
Medium

Unnecessary elif after break

R1724

Design
Medium

Unnecessary elif after continue

W0101

Error prone
Critical

Unreachable code

W0102

Safety
High

Dangerous default value as argument

W0104

Error prone
High

Statement have no effect

W0105

Performance
High

String statement has no effect

W0106

Performance
High

Expression not assigned

W0107

Design
Medium

Unnecessary pass statement

W0108

Design
High

Lambda may not be necessary

W0109

Error prone
Critical

Duplicate key in dictionary

W0124

Error prone
High

With statement returns multiple values

W0125

Design
Medium

Conditional statement with a constant value

W0126

Error prone
High

Conditional statement with potentially wrong function or method call due to missing parentheses

W0127

Design
High

Assigning a variable to itself

W0128

Safety
High

Redeclared variable in assignment

W0129

Error prone
Medium

Assert statement has a string literal as its first argument and the assert will never fail.

W0143

Error prone
Medium

Comparing against a callable (parenthesis needed)

W0150

Design
Medium

return statement in finally block may swallow exception

W0201

Design
High

Attribute defined outside __init__

W0211

Design
High

Static method with self as first argument

W0212

Design
Medium

Access to a protected member of a client class

W0221

Design
High

Parameters differ from overridden method

W0222

Design
Medium

Signature is different than in the implemented interface or in an overridden method

W0223

Design
High

Abstract method not overriden

W0231

Design
Medium

__init__ method from base class is not called in inherited class

W0232

Code style
Medium

Class has no __init__ method

W0233

Design
High

An __init__ method is called on a class which is not in the direct ancestors for the analyzed class

W0235

Design
Medium

Useless super delegation

W0236

Design
High

Invalid overridden method

W0301

Code style
Medium

Unnecessary semicolon

W0401

Best practice
Medium

Use of wildcard imports

W0402

Best practice
High

Uses of deprecated modules

W0404

Best practice
Medium

Module imported twice

W0511

Best practice
Minor

Use TODO, not FIXME

W0601

Safety
High

Global variable used but not defined

W0602

Error prone
Medium

Global variable used but not assigned

W0603

Best practice
Medium

Using the global statement

W0604

Design
High

Using the global statement at the module level

W0614

Error prone
Medium

Unused import from another module

W0621

Design
High

Redefining name from outer scope

W0622

Design
High

Redefining built-in from Python

W0631

Safety
High

Loop variable used outside a loop

W0632

Error prone
High

Possible unbalanced tuple unpacking with sequence

W0640

Design
High

Use variable in closure when defined in a loop

W0641

Error prone
Medium

Variable defined but not used

W0642

Design
Medium

Invalid assignment to cls or self

W0702

Design
High

Not using specific exception in an except statement

W0703

Design
High

Catching too general exception

W0705

Design
High

Catching the same exception twice

W0706

Design
High

Use the right exception when raising an exception in an except block

W0711

Safety
Critical

Operation is raising exception

W0715

Best practice
High

Passing multiple incorrect arguments to an exception constructor

W1113

Design
Medium

Keyword argument before variable positional arguments list

W1114

Design
Medium

Positional arguments appear to be out of order

W1116

Error prone
High

Argument of isinstance is not a type

W1201

Best practice
Medium

Do not use lazy formatting

W1202

Best practice
Medium

Do not use format() in logging function

W1203

Best practice
High

Use %s in logging function

W1302

Error prone
High

Invalid format string

W1303

Error prone
High

Missing format() argument key

W1304

Best practice
High

Unused format argument

W1305

Error prone
Medium

Invalid combined format specification

W1306

Best practice
Medium

Missing format attribute

W1308

Best practice
Medium

Duplicate string formatting argument

W1309

Best practice
High

Using an f-string that does not have any interpolated variables

W1401

Best practice
Medium

Anomalous backslash in string

W1403

Error prone
High

Implicit string concatenation found in list

W1404

Safety
High

Implicit string concatenation

W1501

Best practice
High

Invalid file open mode

W1503

Best practice
Medium

Redundant use of unit test assert

W1505

Best practice
Medium

Use of deprecated method

W1506

Best practice
Medium

Thread needs the target function

W1508

Safety
High

Invalid default value when getting the environment

W1509

Safety
Medium

Using preexec_fn keyword which may be unsafe in the presence of threads

W1510

Security
High

Using subprocess.run without explicitly set `check` is not recommended.

C0102

Code style
Minor

Detect blacklisted names (toto, foo, etc)

W0237

Best practice
High

Method parameter has a different name than in the implemented interface or in an overridden method

W0238

Error prone
Medium

Unused private member

C0104

Best practice
High

Disallowed name (e.g. foo, bar, etc)

C0206

Best practice
Medium

Consider iterating with .items()

R1714

Best practice
High

Use in instead of iterating over value and using equal

C0207

Best practice
Medium

Accessing only the first or last element of str.split() and should be done more efficiently.

C1802

Best practice
Medium

Use implicit boolean with len()

C1803

Error prone
Medium

Make use of implicit boolean

C0208

Best practice
Medium

Use a sequence type when iterating over values When iterating over values, sequence types (e.g., lists, tuples, ranges) are more efficient than sets.

R0203

Best practice
Medium

Consider using a decorator instead of calling staticmethod

R1709

Design
Medium

https://vald-phoenix.github.io/pylint-errors/plerr/errors/refactoring/R1709

R1725

Best practice
Medium

Consider using Python 3 style super() without arguments

R1726

Design
Medium

Boolean expression can be simplified

R1727

Error prone
High

Boolean value has always the same value

R1728

Performance
Medium

Consider using a generator instead for better performance

R1729

Performance
Medium

Comprehension inside of 'any' or 'all' is unnecessary. A generator would be sufficient and faster.

R1731

Best practice
Minor

Using the max builtin instead of a conditional improves readability and conciseness

R1732

Best practice
Medium

Consider using 'with' for resource-allocating operations

R1733

Performance
Medium

Iterating over the dictionary items (key-item pairs) and accessing the value by index lookup when the value can be accessed directly instead

R1735

Best practice
Minor

Using dict() to create an empty dictionary instead of the literal {}. The literal is faster as it avoids an additional function call.

W0177

Best practice
Medium

An expression is compared to NaNvalues like numpy.NaN and float('nan')

W1310

Error prone
Minor

String that does not have any interpolation variables, in which case it can be either a normal string without formatting or a bug in the code.

W1406

Best practice
Medium

Used when we detect a string with a u prefix. These prefixes were necessary in Python 2 to indicate a string was Unicode, but since Python 3.0 strings are Unicode by default.

W1512

Best practice
Medium

Using deprecated module

W1513

Best practice
Medium

Use deprecated decorator

W1514

Error prone
Medium

Using open without explicitly specifying an encoding

R1730

Error prone
Medium

Use the min builtin instead of using an if condition

E1142

Best practice
High

'await' should be used within an async function

W0410

Code style
Minor

__future__ import is not the first non docstring statement

W0199

Error prone
Medium

Assert called on a 2-item-tuple.

E4702

Safety
High

Iterated dict is being modified inside for loop body, iterate through a copy of it instead.

C2801

Best practice
Medium

Unnecessarily calls dunder method %s. %s.

C3001

Error prone
Medium

Lambda expression assigned to a variable. Define a function using the "def" keyword instead.

W1515

Best practice
Medium

Leaving functions creating breakpoints in production code is not recommended.

E2502

Best practice
Minor

Contains control characters that can permit obfuscated code executed differently than displayed.

R0022

Error prone
Medium

Useless option value.

R1736

Best practice
Medium

Unnecessary list index lookup, use '%s' instead.

W0012

Error prone
Medium

Unknown option value.

W0245

Error prone
Critical

Super call without brackets.

W2301

Documentation
Medium

Unnecessary ellipsis constant.

R0133

Performance
Critical

Comparison between constants has a constant value

W1518

Best practice
Medium

cache will keep all method args alive indefinitely, including 'self'

C0105

Code style
Minor

Name doesn't conform to naming rules associated to its type

B319

Security
High

Blacklist Python calls known to be dangerous

B610

Security
High

Potential SQL injection on extra function

B611

Security
High

Potential SQL injection on RawSQL function

E2515

Security
Medium

Invalid unescaped character zero-width-space, use "u200B" instead.

W4701

Safety
Critical

Iterated list is being modified inside for loop body

B507

Security
High

Paramiko call with policy set to automatically trust the unknown host key.

W0130

Best practice
Medium

Duplicate value in set

C2403

Error prone
Medium

Import a module with non-ASCII characters

E4703

Safety
Critical

Iterated set is being modified inside for loop body, iterate through a copy of it instead.