CodeGuru
Detector Library
Python detectors (117/117)
Improper privilege managementResource leakTensorflow redundant softmaxAWS insecure transmission CDKSpawning a process without main modulePublic method parameter validationInteger overflowTime zone aware datetimesCatch and swallow exceptionPytorch control sources of randomnessDeadlocks caused by improper multiprocessing API usageUnauthenticated LDAP requestsLow maintainability with low class cohesionUntrusted AMI imagesNotebook invalid execution orderConfusion between equality and identity in conditional expressionPytorch sigmoid before bcelossPath traversalLoose file permissionsPytorch data loader with multiple workersPytorch avoid softmax with nlllossPytorch miss call to zero gradError prone sequence modificationBad exception handlingUse of Default Credentials CDKExposure of Sensitive Information CDKFile injectionIncorrect use of Process.terminate APIXML External EntityNotebook variable redefinitionPytorch use nondeterministic algoritmSet SNS Return Subscription ARNDo not pass generic exception ruleInsecure cryptographyTensorflow enable ops determinismOutdated subprocess module APIS3 partial encrypt CDKImproper input validationImproper authenticationCross-site scriptingMissing paginationSemaphore overflow preventionMutable objects as default arguments of functionsInsecure cookieViolation of PEP8 programming recommendationsInsecure temporary file or directorySocket connection timeoutAWS client not reused in a Lambda functionPytorch assign in place modComplex code hard to maintainLeaky subprocess timeoutUsage of an API that is not recommendedPytorch disable gradient calculationEnabling and overriding debug featureRisky use of dict get methodXPath injectionMissing authorizationDeserialization of untrusted objectUse of an inefficient or incorrect APIMultidimensional list initialization using replication is error proneSQL injectionAvoid using nondeterministic Tensorflow APIPytorch miss call to evalInefficient string concatenation inside loopImproper certificate validationURL redirection to untrusted siteMutually exclusive callInsecure hashingNotebook best practice violationStack trace exposureUsing AutoAddPolicy or WarningPolicyUse of a deprecated methodLog injectionWeak obfuscation of web requestAWS api logging disabled cdkOS command injectionAWS credentials loggedSocket close platform compatibilityZip bomb attackUnsanitized input is run as codeSensitive data stored unencrypted due to partial encryptionSynchronous publication of AWS Lambda metricsBatch request with unchecked failuresUnrestricted upload of dangerous file typePytorch redundant softmaxInefficient polling of AWS resourceHardcoded IP addressInsecure connection using unencrypted protocolUnauthenticated Amazon SNS unsubscribe requests might succeedHardcoded credentialsInsecure Socket BindInsecure CORS policyCross-site request forgeryServer-side request forgeryModule injectionUnnecessary iterationTensorflow control sources of randomnessGarbage collection prevention in multiprocessingCatch and rethrow exceptionWeak algorithm used for Password HashingMissing Authentication for Critical Function CDKMissing none check on response metadataSensitive information leakIncorrect binding of SNS publish operationsClient-side KMS reencryptionPyTorch create tensors directly on deviceInefficient new method from hashlibDangerous global variablesMultiple values in return statement is prone to errorLDAP injectionClear text credentialsOverride of reserved variable names in a Lambda functionDocker arbitrary container runMissing S3 bucket owner conditionDirect dict object modificationCatastrophic backtracking regexAWS missing encryption CDK
Medium
Showing all detectors for the Python language with medium severity.
Resource leak
Allocated resources are not released properly.
Tensorflow redundant softmax
Detects if Softmax is explicitly computed.
Spawning a process without main module
Using the
spawn or forkserver start method without importing the main module might lead to unexpected behavior (for example, it might cause a RuntimeError).Public method parameter validation
Public method parameters should be validated for nullness, unexpected values, and malicious values.
Integer overflow
An integer overflow might might cause security issues when it is used for resource management or execution control.
Pytorch control sources of randomness
Not setting seeds for the random number generators in Pytorch can lead to reproducibility issues.
Deadlocks caused by improper multiprocessing API usage
Improper multiprocessing API usage with wrong parameters might lead to deadlocks.
Untrusted AMI images
Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.
Notebook invalid execution order
Notebook has uninitialized variable usage given the execution order
Pytorch sigmoid before bceloss
The computation of the bceloss using sigmoid values as inputs can be replaced by a single BCEWithLogitsLoss which is numerically more stable.
Pytorch data loader with multiple workers
Using DataLoader with
num_workers greater than 0 can cause increased memory consumption over time when iterating over native Python objects such as list or dict.Pytorch avoid softmax with nllloss
Checks if
Softmax is used with NLLLoss function.Pytorch miss call to zero grad
Zero out the gradients before doing a backward pass
Error prone sequence modification
Sequence modification while iterating over it might cause unexpected bugs.
Notebook variable redefinition
A variable is re-defined in multiple cells with different types.
Pytorch use nondeterministic algoritm
APIs with nondeterministic algorithm are used
Tensorflow enable ops determinism
Non-deterministic ops might return different outputs when run with the same inputs.
Improper input validation
Improper input validation can enable attacks and lead to unwanted behavior.
Missing pagination
Missing pagination on a paginated call can lead to inaccurate results.
Semaphore overflow prevention
When you process and remove an item from the
JoinableQueue without calling JoinableQueue.task_done(), a semaphore overflow exception might be thrown.Insecure temporary file or directory
Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.
Socket connection timeout
Not setting the connection timeout parameter can cause a blocking socket connection.
Leaky subprocess timeout
Failure to end a child process that doesn't terminate before its timeout expires can result in leaked resources.
Pytorch disable gradient calculation
Checks if gradient calculation is disabled during evaluation.
Enabling and overriding debug feature
The Debug feature should not be enabled or overridden.
Avoid using nondeterministic Tensorflow API
Detects if nondeterministic tensorflow APIs are used.
Pytorch miss call to eval
Checks if eval() is called before validating or testing a model.
Insecure hashing
Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.
Sensitive data stored unencrypted due to partial encryption
Encryption that is dependent on conditional logic, such as an
if...then clause, might cause unencrypted sensitive data to be stored.Pytorch redundant softmax
Detects if Softmax is used with CrossEntropyLoss.
Hardcoded IP address
Hardcoding an IP address can cause security problems.
Insecure CORS policy
Cross-Origin Resource Sharing policies that are too permissive may lead to security vulnerabilities.
Tensorflow control sources of randomness
Detects if a random seed is set before random number generation.
Garbage collection prevention in multiprocessing
Passing a parent process object in a child process can prevent its garbage collection.
Missing none check on response metadata
Response metadata was not checked to verify that it is not
None.PyTorch create tensors directly on device
Creating PyTorch tensors on the CPU and then moving them to the device is inefficient.
Docker arbitrary container run
Passing an unsanitized user argument to a function call makes your code insecure.
Catastrophic backtracking regex
Inefficient regular expression patterns can lead to catastrophic backtracking.