Amazon CodeGuruDetector Library Sign in to CodeGuru Reviewer

CodeGuru

Detector Library

Python detectors (86/86)

Improper privilege management Resource leak Inefficient string concatenation inside loop Spawning a process without main module Improper sanitization of wildcards or matching symbols Improper certificate validation URL redirection to untrusted site Integer overflow Mutually exclusive call Time zone aware datetimes Catch and swallow exception Insecure hashing Stack trace exposure Using AutoAddPolicy or WarningPolicy Use of a deprecated method Log injection Weak obfuscation of web request Deadlocks caused by improper multiprocessing API usage OS command injection Unauthenticated LDAP requests Low maintainability with low class cohesion Untrusted AMI images Confusion between equality and identity in conditional expression Path traversal AWS credentials logged Loose file permissions Socket close platform compatibility Zip bomb attack Unsanitized input is run as code Sensitive data stored unencrypted due to partial encryption Synchronous publication of AWS Lambda metrics Error prone sequence modification Batch request with unchecked failures Bad exception handling Unrestricted upload of dangerous file type Inefficient polling of AWS resource Hardcoded IP address Insecure connection using unencrypted protocol Incorrect use of Process.terminate API Unauthenticated Amazon SNS unsubscribe requests might succeed Hardcoded credentials Insecure Socket Bind XML External Entity Insecure CORS policy Cross-site request forgery Set SNS Return Subscription ARN Do not pass generic exception rule Unnecessary iteration Insecure cryptography Outdated subprocess module API Garbage collection prevention in multiprocessing Catch and rethrow exception Improper input validation Improper authentication Cross-site scripting Missing none check on response metadata Missing pagination Semaphore overflow prevention Mutable objects as default arguments of functions Insecure cookie Violation of PEP8 programming recommendations Insecure temporary file or directory Incorrect binding of SNS publish operations Client-side KMS reencryption Socket connection timeout AWS client not reused in a Lambda function Complex code hard to maintain Inefficient new method from hashlib Leaky subprocess timeout Usage of an API that is not recommended Dangerous global variables Enabling and overriding debug feature Risky use of dict get method Multiple values in return statement is prone to error LDAP injection XPath injection Clear text credentials Deserialization of untrusted object Use of an inefficient or incorrect API Multidimensional list initialization using replication is error prone Override of reserved variable names in a Lambda function SQL injection Docker arbitrary container run Missing S3 bucket owner condition Direct dict object modification Catastrophic backtracking regex

Tag: networking

Socket close platform compatibility

The os.close() does not work on some platforms.

Hardcoded IP address

Hardcoding an IP address can cause security problems.

Insecure connection using unencrypted protocol

Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.

Socket connection timeout

Not setting the connection timeout parameter can cause a blocking socket connection.