Medium
Showing all detectors for the Python language with medium severity.
Allocated resources are not released properly.
Inefficient string concatenation inside loops results in new object creation which adds quadratic runtime cost.
An integer overflow might might cause security issues when it is used for resource management or execution control.
Catching and re-throwing an exception without further actions is redundant and wasteful.
Using naive datetime objects might cause time zone related issues.
Improper input validation can enable attacks and lead to unwanted behavior.
Swallowing exceptions, without re-throwing or logging them, is a bad practice.
Response metadata was not checked to verify that it is not None
.
Using AutoAddPolicy
or WarningPolicy
can allow a malicious server to impersonate a trusted server.
Stack traces can be hard to use for debugging.
This code uses deprecated methods, which suggests that it has not been recently reviewed or maintained.
Default values in Python are created exactly once, when the function is defined. If that object is changed, subsequent calls to the function will refer to the changed object, leading to confusion.
Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.
Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.
Recreating AWS clients in each Lambda function invocation is expensive.
Confusion between equality ==
, !=
and identity is
in conditional expressions can lead to unintended behavior.
Global variables can be dangerous and cause bugs because they can be simultaneously accessed from multiple sections of a program.
The Debug feature should not be enabled or overridden.
Using the get
method from the dict
class without default values can cause runtime exceptions.
Methods that return multiple values can be difficult to read and prone to error.
Not checking which items have failed can lead to loss of data.
Throwing a base or generic exception might cause important error information to be lost. This can make your code difficult to maintain.
Passing an unsanitized user argument to a function call makes your code insecure.
Hardcoding an IP address can cause security problems.
Cross-Origin Resource Sharing policies that are too permissive may lead to security vulnerabilities.