facebook pixelPython Static Analysis Rules
BACK TO LIST

Python rules

The Codiga Static Analysis engine is powered by the best open-source tools to check your Python code. Make sure your code does not have any security issues and follow design and other best practices. Automate your code reviews today and merge with confidence with Codiga.

      B102

      Security
      High

      Detect use of exec (security issue)

      Learn more

      B103

      Security
      High

      Chmod setting a permissive mask 0o755 on file (entryfile).

      B104

      Security
      High

      Possible binding to all interfaces.

      B108

      Security
      High

      Insecure usage of file or directory

      B301

      Security
      High

      Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data

      B302

      Security
      High

      Deserialization with the marshal module is possibly dangerous.

      B305

      Security
      High

      Use of insecure cipher mode cryptography.hazmat.primitives.ciphers.modes.ECB.

      B306

      Security
      High

      Use of insecure and deprecated function (mktemp).

      B307

      Security
      High

      Use of possibly insecure function - consider using safer ast.literal\_eval.

      B308

      Security
      High

      Use of mark\_safe() may expose cross-site scripting vulnerabilities and should be reviewed.

      B309

      Security
      High

      Use of HTTPSConnection on older versions of Python prior to 2.7.9 and 3.4.3 do not provide security

      B310

      Security
      High

      Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

      B313

      Security
      High

      Using xml.etree.cElementTree.fromstring to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.cElementTree.fromstring with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

      B314

      Security
      High

      Using xml.etree.ElementTree.iterparse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.etree.ElementTree.iterparse with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

      B317

      Security
      High

      Using xml.sax.make\_parser to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.sax.make\_parser with its defusedxml equivalent function or make sure defusedxml.defuse\_stdlib() is called

      B318

      Security
      High

      Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called

      B320

      Security
      High

      Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.

      B323

      Security
      High

      Detect unsecure use of HTTPS connexion

      B324

      Security
      High

      Use of insecure MD4 or MD5 hash function.

      B506

      Security
      High

      Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().

      B601

      Security
      High

      Possible shell injection via Paramiko call

      B608

      Security
      High

      Possible SQL injection vector through string-based query construction.

      B702

      Security
      High

      Mako templates allow HTML/JS rendering by default and are inherently open to XSS attacks. Ensure variables in all templates are properly sanitized via the 'n'

      B703

      Security
      High

      Potential XSS on mark\_safe function.

      W1510

      Security
      High

      Using subprocess.run without explicitly set `check` is not recommended.