Medium

Showing all detectors for the Python language with medium severity.

Spawning a process without main module

Using the spawn or forkserver start method without importing the main module might lead to unexpected behavior (for example, it might cause a RuntimeError).

Integer overflow

An integer overflow might might cause security issues when it is used for resource management or execution control.

Pytorch use nondeterministic algoritm

APIs with nondeterministic algorithm are used

Tensorflow enable ops determinism

Non-deterministic ops might return different outputs when run with the same inputs.

Improper input validation

Improper input validation can enable attacks and lead to unwanted behavior.

Missing pagination

Missing pagination on a paginated call can lead to inaccurate results.

Semaphore overflow prevention

When you process and remove an item from the JoinableQueue without calling JoinableQueue.task_done(), a semaphore overflow exception might be thrown.

Socket connection timeout

Not setting the connection timeout parameter can cause a blocking socket connection.

Leaky subprocess timeout

Failure to end a child process that doesn't terminate before its timeout expires can result in leaked resources.

Pytorch disable gradient calculation

Checks if gradient calculation is disabled during evaluation.

Pytorch miss call to eval

Checks if eval() is called before validating or testing a model.

Sensitive data stored unencrypted due to partial encryption

Encryption that is dependent on conditional logic, such as an if...then clause, might cause unencrypted sensitive data to be stored.

Pytorch redundant softmax

Detects if Softmax is used with CrossEntropyLoss.

Insecure CORS policy

Cross-Origin Resource Sharing policies that are too permissive may lead to security vulnerabilities.

Garbage collection prevention in multiprocessing

Passing a parent process object in a child process can prevent its garbage collection.

Missing none check on response metadata

Response metadata was not checked to verify that it is not None.

Docker arbitrary container run

Passing an unsanitized user argument to a function call makes your code insecure.

Catastrophic backtracking regex

Inefficient regular expression patterns can lead to catastrophic backtracking.

Resource leak

Allocated resources are not released properly.

Tensorflow redundant softmax

Detects if Softmax is explicitly computed.

Public method parameter validation

Public method parameters should be validated for nullness, unexpected values, and malicious values.

Pytorch control sources of randomness

Not setting seeds for the random number generators in Pytorch can lead to reproducibility issues.

Deadlocks caused by improper multiprocessing API usage

Improper multiprocessing API usage with wrong parameters might lead to deadlocks.

Untrusted AMI images

Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.

Notebook invalid execution order

Notebook has uninitialized variable usage given the execution order

Pytorch sigmoid before bceloss

The computation of the bceloss using sigmoid values as inputs can be replaced by a single BCEWithLogitsLoss which is numerically more stable.

Pytorch data loader with multiple workers

Using DataLoader with num_workers greater than 0 can cause increased memory consumption over time when iterating over native Python objects such as list or dict.

Pytorch avoid softmax with nllloss

Checks if Softmax is used with NLLLoss function.

Pytorch miss call to zero grad

Zero out the gradients before doing a backward pass

Error prone sequence modification

Sequence modification while iterating over it might cause unexpected bugs.

Notebook variable redefinition

A variable is re-defined in multiple cells with different types.

Insecure temporary file or directory

Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.

Enabling and overriding debug feature

The Debug feature should not be enabled or overridden.

Avoid using nondeterministic Tensorflow API

Detects if nondeterministic tensorflow APIs are used.

Insecure hashing

Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.

Hardcoded interface binding

Binding to all network interfaces can open a service up to traffic on interfaces that are not properly documented or secured.

Hardcoded IP address

Hardcoding an IP address can cause security problems.

Tensorflow control sources of randomness

Detects if a random seed is set before random number generation.

Usage of an API that is not recommended - Medium Severity

APIs that are not recommended were found - Medium Severity.

PyTorch create tensors directly on device

Creating PyTorch tensors on the CPU and then moving them to the device is inefficient.