Medium
Showing all detectors for the Python language with medium severity.
Allocated resources are not released properly.
Using the spawn
or forkserver
start method without importing the main module might lead to unexpected behavior (for example, it might cause a RuntimeError
).
An integer overflow might might cause security issues when it is used for resource management or execution control.
Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.
Improper multiprocessing API usage with wrong parameters might lead to deadlocks.
Improper filtering of Amazon Machine Images (AMIs) can result in loading an untrusted image, a potential security vulnerability.
Encryption that is dependent on conditional logic, such as an if...then
clause, might cause unencrypted sensitive data to be stored.
Sequence modification while iterating over it might cause unexpected bugs.
Hardcoding an IP address can cause security problems.
Cross-Origin Resource Sharing policies that are too permissive may lead to security vulnerabilities.
Passing a parent process object in a child process can prevent its garbage collection.
Improper input validation can enable attacks and lead to unwanted behavior.
Response metadata was not checked to verify that it is not None
.
Missing pagination on a paginated call can lead to inaccurate results.
When you process and remove an item from the JoinableQueue
without calling JoinableQueue.task_done()
, a semaphore overflow exception might be thrown.
Insecure ways of creating temporary files and directories can lead to race conditions, privilege escalation, and other security vulnerabilities.
Not setting the connection timeout parameter can cause a blocking socket connection.
Failure to end a child process that doesn't terminate before its timeout expires can result in leaked resources.
The Debug feature should not be enabled or overridden.
Passing an unsanitized user argument to a function call makes your code insecure.
Inefficient regular expression patterns can lead to catastrophic backtracking.