BACK TO LIST

Python rules

The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.

B102

Security
Error

Detect use of exec (security issue)

Learn more

B103

Security
Error

Chmod setting a permissive mask 0o755 on file (entryfile).

B104

Security
Error

Possible binding to all interfaces.

B108

Security
Error

Insecure usage of file or directory

B301

Security
Error

Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data

B302

Security
Error

Deserialization with the marshal module is possibly dangerous.

B305

Security
Error

Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.

B306

Security
Error

Use of insecure and deprecated function (mktemp).

B307

Security
Error

Use of possibly insecure function - consider using safer ast.literal\_eval.

B308

Security
Error

Use of mark\_safe() may expose cross-site scripting vulnerabilities and should be reviewed.

B309

Security
Error

Use of HTTPSConnection on older versions of Python prior to 2.7.9 and 3.4.3 do not provide security

B310

Security
Error

Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

B313

Security
Error

Using xml.etree.cElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

B314

Security
Error

Using xml.etree.ElementTree.iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.iterparse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

B317

Security
Error

Using xml.sax.make\_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make\_parser with its defusedxml equivalent function or make sure defusedxml.defuse\_stdlib() is called

B318

Security
Error

Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

B320

Security
Error

Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

B323

Security
Error

Detect unsecure use of HTTPS connexion

B324

Security
Error

Use of insecure MD4 or MD5 hash function.

B506

Security
Error

Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().

B601

Security
Error

Possible shell injection via Paramiko call

B608

Security
Error

Possible SQL injection vector through string-based query construction.

B702

Security
Error

Mako templates allow HTML/JS rendering by default and are inherently open to XSS attacks. Ensure variables in all templates are properly sanitized via the 'n'

B703

Security
Error

Potential XSS on mark\_safe function.

W1510

Security
Error

Using subprocess.run without explicitly set `check` is not recommended.

B319

Security
Error

Blacklist Python calls known to be dangerous

B610

Security
Error

Potential SQL injection on extra function

B611

Security
Error

Potential SQL injection on RawSQL function

B507

Security
Error

Paramiko call with policy set to automatically trust the unknown host key.

We use cookies to improve your site experience, including analytics cookies to understand how you use our product and design better experiences. Please read our Cookie Policy.