CodeGuru Reviewer
Detector Library
Python detectors (80/80)
Improper privilege managementResource leakInefficient string concatenation inside loopSet SNS Return Subscription ARNModule injectionUnnecessary iterationImproper error handlingInsecure cryptographyImproper certificate validationOutdated subprocess module APIGarbage collection prevention in multiprocessingInteger overflowCatch and rethrow exceptionMutually exclusive callTime zone aware datetimesImproper input validationImproper authenticationCatch and swallow exceptionInsecure hashingCross-site scriptingMissing none check on response metadataMissing paginationUsing AutoAddPolicy or WarningPolicyStack trace exposureUse of a deprecated methodSemaphore overflow preventionLog injectionMutable objects as default arguments of functionsWeak obfuscation of web requestDeadlocks caused by improper multiprocessing API usageInsecure cookieViolation of PEP8 programming recommendationsInsecure temporary file or directoryOS command injectionUnauthenticated LDAP requestsIncorrect binding of SNS publish operationsClient-side KMS reencryptionUntrusted AMI imagesAWS client not reused in a Lambda functionSocket connection timeoutComplex code hard to maintainConfusion between equality and identity in conditional expressionInefficient new method from hashlibLeaky subprocess timeoutUsage of an API that is not recommendedDangerous global variablesAWS credentials loggedPath traversalEnabling and overriding debug featureLoose file permissionsRisky use of dict get methodSocket close platform compatibilityMultiple values in return statement is prone to errorZip bomb attackUnsanitized input is run as codeLDAP injectionXPath injectionError prone sequence modificationBatch request with unchecked failuresClear text credentialsBad exception handlingUnrestricted upload of dangerous file typeDeserialization of untrusted objectUse of an inefficient or incorrect APIMultidimensional list initialization using replication is error proneInefficient polling of AWS resourceOverride of reserved variable names in a Lambda functionSQL injectionDocker arbitrary container runHardcoded IP addressMissing S3 bucket owner conditionInsecure connection using unencrypted protocolDirect dict object modificationIncorrect use of Process.terminate APIUnauthenticated Amazon SNS unsubscribe requests might succeedHardcoded credentialsInsecure Socket BindInsecure CORS policyCross-site request forgeryXML External Entity
Medium
Showing all detectors for the Python language with medium severity.
Resource leak
Allocated resources are not released properly.
Inefficient string concatenation inside loop
Inefficient string concatenation inside loops results in new object creation which adds quadratic runtime cost.
Integer overflow
An integer overflow might might cause security issues when it is used for resource management or execution control.
Catch and rethrow exception
Catching and re-throwing an exception without further actions is redundant and wasteful.
Time zone aware datetimes
Using naive datetime objects might cause time zone related issues.
Improper input validation
Improper input validation can enable attacks and lead to unwanted behavior.
Catch and swallow exception
Swallowing exceptions, without re-throwing or logging them, is a bad practice.
Missing none check on response metadata
Response metadata was not checked to verify that it is not
None.Using AutoAddPolicy or WarningPolicy
Using
AutoAddPolicy or WarningPolicy can allow a malicious server to impersonate a trusted server.Stack trace exposure
Stack traces can be hard to use for debugging.
Use of a deprecated method
This code uses deprecated methods, which suggests that it has not been recently reviewed or maintained.
Mutable objects as default arguments of functions
Default values in Python are created exactly once, when the function is defined. If that object is changed, subsequent calls to the function will refer to the changed object, leading to confusion.
Insecure temporary file or directory
Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.
Untrusted AMI images
Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.
AWS client not reused in a Lambda function
Recreating AWS clients in each Lambda function invocation is expensive.
Confusion between equality and identity in conditional expression
Confusion between equality
==, != and identity is in conditional expressions can lead to unintended behavior.Dangerous global variables
Global variables can be dangerous and cause bugs because they can be simultaneously accessed from multiple sections of a program.
Enabling and overriding debug feature
The Debug feature should not be enabled or overridden.
Risky use of dict get method
Using the
get method from the dict class without default values can cause runtime exceptions.Multiple values in return statement is prone to error
Methods that return multiple values can be difficult to read and prone to error.
Batch request with unchecked failures
Not checking which items have failed can lead to loss of data.
Bad exception handling
Throwing a base or generic exception might cause important error information to be lost. This can make your code difficult to maintain.
Docker arbitrary container run
Passing an unsanitized user argument to a function call makes your code insecure.
Hardcoded IP address
Hardcoding an IP address can cause security problems.
Insecure CORS policy
Cross-Origin Resource Sharing policies that are too permissive may lead to security vulnerabilities.