B201
A Flask app appears to be run with debug=True
The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.
A Flask app appears to be run with debug=True
Telnet-related functions are being called. Telnet is considered insecure. Use SSH or some other encrypted protocol.
FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
The input method in Python 2 will read from standard input
A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.
A FTP-related module is being imported. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
Using MAXINT to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities.
The pyCrypto library and its module SHA256 are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
Requests call with verify=False disabling SSL certificate checks
subprocess call with shell=True identified
Starting a process with a shell
Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Ensure autoescape=True or use the select\_autoescape function to mitigate XSS vulnerabilities.
Use of eval