CodeGuru Reviewer
Detector Library
Python detectors (80/80)
Improper privilege managementResource leakInefficient string concatenation inside loopSet SNS Return Subscription ARNModule injectionUnnecessary iterationImproper error handlingInsecure cryptographyImproper certificate validationOutdated subprocess module APIGarbage collection prevention in multiprocessingInteger overflowCatch and rethrow exceptionMutually exclusive callTime zone aware datetimesImproper input validationImproper authenticationCatch and swallow exceptionInsecure hashingCross-site scriptingMissing none check on response metadataMissing paginationUsing AutoAddPolicy or WarningPolicyStack trace exposureUse of a deprecated methodSemaphore overflow preventionLog injectionMutable objects as default arguments of functionsWeak obfuscation of web requestDeadlocks caused by improper multiprocessing API usageInsecure cookieViolation of PEP8 programming recommendationsInsecure temporary file or directoryOS command injectionUnauthenticated LDAP requestsIncorrect binding of SNS publish operationsClient-side KMS reencryptionUntrusted AMI imagesAWS client not reused in a Lambda functionSocket connection timeoutComplex code hard to maintainConfusion between equality and identity in conditional expressionInefficient new method from hashlibLeaky subprocess timeoutUsage of an API that is not recommendedDangerous global variablesAWS credentials loggedPath traversalEnabling and overriding debug featureLoose file permissionsRisky use of dict get methodSocket close platform compatibilityMultiple values in return statement is prone to errorZip bomb attackUnsanitized input is run as codeLDAP injectionXPath injectionError prone sequence modificationBatch request with unchecked failuresClear text credentialsBad exception handlingUnrestricted upload of dangerous file typeDeserialization of untrusted objectUse of an inefficient or incorrect APIMultidimensional list initialization using replication is error proneInefficient polling of AWS resourceOverride of reserved variable names in a Lambda functionSQL injectionDocker arbitrary container runHardcoded IP addressMissing S3 bucket owner conditionInsecure connection using unencrypted protocolDirect dict object modificationIncorrect use of Process.terminate APIUnauthenticated Amazon SNS unsubscribe requests might succeedHardcoded credentialsInsecure Socket BindInsecure CORS policyCross-site request forgeryXML External Entity
Code Quality detectors
Inefficient string concatenation inside loop
Inefficient string concatenation inside loops results in new object creation which adds quadratic runtime cost.
Set SNS Return Subscription ARN
To always return the subscription ARN, set the
ReturnSubscriptionArn argument to True.Unnecessary iteration
Iteration when only one item is needed from a list is inefficient.
Outdated subprocess module API
Using outdated multiprocessing API calls and parameters is not recommended.
Catch and rethrow exception
Catching and re-throwing an exception without further actions is redundant and wasteful.
Catch and swallow exception
Swallowing exceptions, without re-throwing or logging them, is a bad practice.
Use of a deprecated method
This code uses deprecated methods, which suggests that it has not been recently reviewed or maintained.
Mutable objects as default arguments of functions
Default values in Python are created exactly once, when the function is defined. If that object is changed, subsequent calls to the function will refer to the changed object, leading to confusion.
Violation of PEP8 programming recommendations
Violating PEP8 programming recommendations might make code difficult to read and can introduce ambiguity.
Complex code hard to maintain
Complex code can be difficult to read and hard to maintain.
Confusion between equality and identity in conditional expression
Confusion between equality
==, != and identity is in conditional expressions can lead to unintended behavior.Inefficient new method from hashlib
The constructors for the
hashlib module are faster than new()Dangerous global variables
Global variables can be dangerous and cause bugs because they can be simultaneously accessed from multiple sections of a program.
Enabling and overriding debug feature
The Debug feature should not be enabled or overridden.
Risky use of dict get method
Using the
get method from the dict class without default values can cause runtime exceptions.Socket close platform compatibility
The
os.close() does not work on some platforms.Multiple values in return statement is prone to error
Methods that return multiple values can be difficult to read and prone to error.
Bad exception handling
Throwing a base or generic exception might cause important error information to be lost. This can make your code difficult to maintain.
Use of an inefficient or incorrect API
Incorrect use of API leads to ambiguity and inconsistency
Multidimensional list initialization using replication is error prone
list replication using replication operator creates references to the existing objects, not copies, which could introduce bugs.Inefficient polling of AWS resource
Custom polling can be inefficient and prone to error. Consider using AWS waiters instead.
Direct dict object modification
Directly modifying the dict object might cause undesirable behavior due to symbol table modification.
Incorrect use of Process.terminate API
The
Process.terminate API might cause data corruption of shared resources.