B201
Security
Critical
A Flask app appears to be run with debug=True
BACK TO LIST
Python rules
The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.
B312
Security
Critical
Telnet-related functions are being called. Telnet is considered insecure. Use SSH or some other encrypted protocol.
B321
Security
Critical
FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
B322
Security
Critical
The input method in Python 2 will read from standard input
B401
Security
Critical
A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.
B402
Security
Critical
A FTP-related module is being imported. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
B411
Security
Critical
Using MAXINT to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities.
B413
Security
Critical
The pyCrypto library and its module SHA256 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
B501
Security
Critical
Requests call with verify=False disabling SSL certificate checks
B602
Security
Critical
subprocess call with shell=True identified
B605
Security
Critical
Starting a process with a shell
B701
Security
Critical
Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Ensure autoescape=True or use the select\_autoescape function to mitigate XSS vulnerabilities.
W0123
Security
Critical
Use of eval