B102
Security
Error
Detect use of exec (security issue)
BACK TO LIST
Python rules
The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.
B103
Security
Error
Chmod setting a permissive mask 0o755 on file (entryfile).
B104
Security
Error
Possible binding to all interfaces.
B108
Security
Error
Insecure usage of file or directory
B301
Security
Error
Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data
B302
Security
Error
Deserialization with the marshal module is possibly dangerous.
B303
Security
Error
Use of insecure MD2
B305
Security
Error
Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.
B306
Security
Error
Use of insecure and deprecated function (mktemp).
B307
Security
Error
Use of possibly insecure function - consider using safer ast.literal\_eval.
B308
Security
Error
Use of mark\_safe() may expose cross-site scripting vulnerabilities and should be reviewed.
B309
Security
Error
Use of HTTPSConnection on older versions of Python prior to 2.7.9 and 3.4.3 do not provide security
B310
Security
Error
Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
B313
Security
Error
Using xml.etree.cElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
B314
Security
Error
Using xml.etree.ElementTree.iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.iterparse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
B317
Security
Error
Using xml.sax.make\_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make\_parser with its defusedxml equivalent function or make sure defusedxml.defuse\_stdlib() is called
B318
Security
Error
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
B320
Security
Error
Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.
B323
Security
Error
Detect unsecure use of HTTPS connexion
B324
Security
Error
Use of insecure MD4 or MD5 hash function.
B506
Security
Error
Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
B601
Security
Error
Possible shell injection via Paramiko call
B608
Security
Error
Possible SQL injection vector through string-based query construction.
B702
Security
Error
Mako templates allow HTML/JS rendering by default and are inherently open to XSS attacks. Ensure variables in all templates are properly sanitized via the 'n'
B703
Security
Error
Potential XSS on mark\_safe function.
W0122
Security
Error
Use of exec
W1510
Security
Error
Using subprocess.run without explicitly set `check` is not recommended.
B319
Security
Error
Blacklist Python calls known to be dangerous
B610
Security
Error
Potential SQL injection on extra function
B611
Security
Error
Potential SQL injection on RawSQL function
B507
Security
Error
Paramiko call with policy set to automatically trust the unknown host key.