AWS CloudFormation Linter

`continue` statement outside of a `while` or `for` loopFLK-F702 Multiple values found for keyword argumentPYL-E1132 Abstract class instantiatedPYL-E0110 `init` method converted to generatorPYL-E0100 Name used prior global declarationPYL-E0118 Misplaced format functionPYL-E0119 Method hidden by an attributePYL-E0202 Method has no argumentPYL-E0211 Invalid `slots` objectPYL-E0236 Class has duplicate basesPYL-E0241 `iter` returns a non-iteratorPYL-E0301 Invalid return for `__len__`PYL-E0303 Invalid object found in `__all__`PYL-E0604 Attempting to unpack a non-sequence objectPYL-E0633 `yield` or `yield from` statement used outside of a functionFLK-F704 `break` statement used outside of a `while` or `for` loopFLK-F701 Unsupported binary operationPYL-E1131 `return` statement used with arguments inside a generatorFLK-F705 Duplicate argument in function definitionFLK-F831 Bad reversed sequencePYL-E0111 Invalid slots objectPYL-E0238 Inconsistent method resolution orderPYL-E0240 Exception context set to something which is not an exception, nor NonePYL-E0703 Object which is not a context manager used with the `with` statementPYL-E1129 Dictionary key is unhashablePYL-E1140 Invalid syntaxFLK-E999 an undefined __future__ feature name was importedFLK-F407 Bad `except` order foundPYL-E0701 Object of unsupported type raisedPYL-E0702 The raise statement is not inside an except clausePYL-E0704 Exception caught which does not inherit from `Exception`PYL-E0712 Assigning result of a function call, where the function has no returnPYL-E1111 Missing argument in function callPYL-E1120 Too many positional arguments in function callPYL-E1121 Unexpected keyword argument in function callPYL-E1123 Argument passed both by position and keyword in function callPYL-E1124 Missing mandatory keyword argument in function callPYL-E1125 Non-iterable value used in an iterating contextPYL-E1133 Logging format string contains too many argumentsPYL-E1205 Logging format string contains too few argumentsPYL-E1206 Invalid format characterPYL-E1300 Not enough arguments in format stringPYL-E1306 Exception to catch is the result of a binary operationPYL-W0711 Loop variable used outside the loopPYL-W0631 `return` statement used outside of a function or methodFLK-F706 File opened without the `with` statementPTC-W0010 Format string contains excess argumentsPYL-E1305 Debugger activation detectedPTC-W0014 Unary operand used on an unsupported objectPYL-E1130 Two or more starred expressions in an assignment (a, *b, *c = d)FLK-F622 `return` found in `__init__`PYL-E0101 `return` used outside of a functionPYL-E0104 `yield` used outside of functionPYL-E0105 Statement not reachable on executionPYL-W0101 Dangerous default argumentPYL-W0102 `assert` called on tuplePYL-W0199 Catching previously caught exceptionPYL-W0705 Except handler raises immediatelyPYL-W0706 Invalid operation on exceptionsPYL-W0716 Flask app detected with DEBUG mode enabledPTC-W0029 Inheritance is not from a classPYL-E0239 Variable used before assignmentPYL-E0601 Undefined name detectedPYL-E0602 Undefined name detected in `__all__`PYL-E0603 `global` variable is undefinedPYL-W0601 Class variable conflicts with slotsPYL-E0242 not-async-context-managerPYL-E1701 Set size changed during iterationPTC-W0055 Assigning to an attribute not defined in class `__slots__`PY-W0076 Audit required: Insecure cipherBAN-W1004 Audit required: Insecure hash functionBAN-W1003 Debugger import detectedPTC-W0013 Type hint for with statement is unreliableTYP-036 Invalid star assignment targetPYL-E0113 Use of an insecure `expatreader` methodBAN-B315 import module shadowed by loop variableFLK-F402 Dictionary key variable name repeated with different valuesFLK-F602 Insecure `xmlrpclib` import detectedBAN-B411 Method should have `self` as the first argumentPYL-E0213 New column added in database with a default valuePYL-W5198 raising `NotImplemented` is not allowedFLK-F901 Redundant `content_type` parameter for `JsonResponse()` detectedPYL-R5103 Use of `reload` built-in detectedPYL-W1626 Accessed a removed attribute on the operator modulePYL-W1657 Name defined is both `nonlocal` and `global`PYL-E0115 Too many expressions in an assignment with star-unpackingFLK-F621 Method used has been deprecatedPYL-W1505 Combined specification detected for format stringPYL-W1305 Use of `apply` built-in detectedPYL-W1601 Invalid value passed to access env variablePYL-E1507 Consider merging `isinstance` callsPYL-R1701 Use of `cmp` built-in detectedPYL-W1604 Accessed a removed attribute on the `sys` modulePYL-W1660 Cyclic import foundPYL-R0401 `except:` is not the last exception handlerFLK-F707 Undefined format string keyPYL-E1304 Use of `execfile` built-in detectedPYL-W1606 Built-in function `len` used as conditionPYL-C1802 Mixed format stringPYL-E1302 Format needs mappingPYL-E1303 `HttpResponse()` returns `application/json` content typePYL-R5102 Invalid format indexPYL-W1307 Use of `_create_unverified_context` detectedBAN-B323 No return value expectedTYP-002 Assignment to a new keywordPYL-W0111 Re-definition found for builtin functionPYL-W0622 Keyword argument defined before variable positional argumentsPYL-W1113 Use of `global` at module levelPYL-W0604 Assigning result of a function call, where the function returns `None`PYL-E1128 Value is not a mappingPYL-E1134 Bad string format typePYL-E1307 `print` statement detectedPYL-E1601 Parameter unpacking detectedPYL-E1602 Old `raise` syntax detetedPYL-E1604 Comparison with itselfPYL-R0124 No `@classmethod` decoratorPYL-R0202 No `@staticmethod` decoratorPYL-R0203 Argument redefined from localPYL-R1704 Statement has no effectPYL-W0104 Use of `coerce` built-in detectedPYL-W1605 Use of `file` built-in detectedPYL-W1607 Use of `long` built-in detectedPYL-W1608 Use of `reduce` built-in detectedPYL-W1610 use of `standarderror` built-in detectedPYL-W1611 Use of `cmp` argument detectedPYL-W1640 `message` attribute accessed on ExceptionPYL-W1645 Use of deprecated `sys.maxint` detectedPYL-W1647 Assignment to `self` or `cls` detectedPYL-W0642 Deprecated form of raising exception detectedFLK-W602 `async` and `await` are reserved keywords starting with Python 3.7FLK-W606 Use `tuple` unpacking to swap variablesPYL-R1712 Bad Python 3 importPYL-W1648 Use of a deprecated `itertools` functionPYL-W1651 Use of a deprecated `types` fieldPYL-W1652 Accessed a removed attribute on the `urllib` modulePYL-W1658 Accessed the removed xreadlines attributePYL-W1659 `exclude` used in a `ModelForm`PYL-W5104 Unsafe parameter given to `subprocess.Popen`PYL-W1509 Use `items()` to iterate over a dictionaryPTC-W0011 Unnecessary generatorPTC-W0015 Audit required: Use of insecure cipherBAN-B304 Audit required: Use of insecure cipher modeBAN-B305 Defining equality for a class without also defining hashabilityPYL-W1641 Module imports itselfPYL-W0406 Audit required: Insecure cipher modeBAN-W1005 Audit required: Insecure hash functionPTC-W1003 Use of `unicode` built-in detectedPYL-W1612 `HttpResponse` used to return JSON responsePYL-R5101 Use `get()` method to access values from a dictionaryPYL-R1715 Use of `tempnam` detectedBAN-B325 I/O operation on a closed file detectedPTC-W0021 Exception might be lostPYL-W0150 Multiple imports for an import name detectedPYL-W0404 Duplicate string formatting argument foundPYL-W1308 Unnecessary comprehensionPTC-W0016 Assert statement used outside of testsBAN-B101 Thread has no target functionPYL-W1506 Insecure permissions set on a fileBAN-B103 Use of deprecated function: `mktemp`BAN-B306 Redundant callPTC-W0017 Use of an insecure method from `xml.etree.ElementTree` detectedBAN-B314 Telnet related module importedBAN-B401 No certificate validation detected for HTTP requestBAN-B501 Illegal operation on filePTC-W0022 Missing host key validation in SSHBAN-B507 Possible shell injection via Paramiko callBAN-B601 Expected an indented blockFLK-E112 Test for membership should be 'not in'FLK-E713 Use of an unneeded `not` detectedPYL-C0113 Consider iterating dictionaryPYL-C0201 Bad classmethod argumentPYL-C0202 Bad metaclass-method argumentPYL-C0203 Slots are recommended to be an iterable, simple string detectedPYL-C0205 Import alias same as original package namePYL-C0414 Misplaced comparison constantPYL-C2201 Unnecessary `else` / `elif` used after `return`PYL-R1705 `StopIteration` detected in a generatorPYL-R1708 Consider using `join`PYL-R1713 Consider using `in`PYL-R1714 Consider using a dictionary comprehensionPYL-R1717 Consider using a set comprehensionPYL-R1718 Unnecessary lambda expressionPYL-W0108 Duplicate dictionary keysPYL-W0109 Useless else clause detected on the loopPYL-W0120 `as` with another context manager looks like a tuplePYL-W0124 Conditional statement used with a constant valuePYL-W0125 Comparison with callable detectedPYL-W0143 Bad `staticmethod` argument detectedPYL-W0211 Signature differs in overridden methodPYL-W0222 Abstract method not overriddenPYL-W0223 Future import(s) name after other statementsPYL-W0410 Global variable is declared but not usedPYL-W0602 Unused variable foundPYL-W0612 Function contains unused argumentPYL-W0613 Re-defined variable from outer scopePYL-W0621 Exception caught is very generalPYL-W0703 Missing format argument keyPYL-W1303 Missing format attributePYL-W1306 Implicit string concatenation detected in the sequencePYL-W1403 Bad open mode for filePYL-W1501 Shallow copy of `os.environ` detectedPYL-W1507 Unexpected return valueTYP-007 Invalid return `type hint` for async generator functionTYP-010 `Final[...]` shall have at most one type argumentTYP-029 Incompatible redefinition detectedTYP-053 Inconsistent type signatureTYP-025 Invalid assignation to class variableTYP-075 Consider using `any`PY-W0074 Invalid property overrideTYP-017 Invalid type comment detectedTYP-035 Formatted string used as docstringPTC-W0033 Wrong implementation of `overload`TYP-023 Wrong implementation of `final` decoratorTYP-024 Unexpected return type foundTYP-005 Found `yield` statement inside a comprehensionPTC-W0025 Found `yield` statement inside a generator expressionPTC-W0026 Explicit exception raised in the assert messagePTC-W0032 Format string key is not a stringPYL-W1300 Function or method is being redefinedPYL-E0102 Unnecessary `else` / `elif` used after `break`PYL-R1723 Unnecessary `elif` / `else` block after `continue`PYL-R1724 Variable redeclared during assignmentPYL-W0128 Inconsistent overridden methodPYL-W0236 Missing `return` statementTYP-003 Missing return valueTYP-006 Cell variable defined in loopPYL-W0640 Exceptions are overlappingPYL-W0714 Assignment target contains multiple star expressionsPYL-E0112 Missing `.items()`PYL-E1141 `yield from` inside an `async` functionPYL-E1700 Property defined with parametersPYL-R0206 `if` statement can be simplifiedPYL-R1703 Unnecessary use of comprehensionPYL-R1721 Use of `exit()` or `quit()` detectedPYL-R1722 Missing parentheses for a call in testPYL-W0126 Useless super delegationPYL-W0235 Format string is not validPYL-W1302 `datetime.time` used in a boolean contextPYL-W1502 Implicit enumerate calls foundPTC-W0060 Consider using `all`PY-W0075 Private attribute declared but not usedPTC-W0037 Private method declared but not usedPTC-W0038 Imported name is not used anywhere in the modulePY-W2000 Private nested class declared but not usedPTC-W0064 Consider using identity comparison with singletonPTC-W0068 Consider removing the commented out code blockPY-W0069 Appending to list immediately following its definitionPY-W0070 Adding to set immediately following its definitionPY-W0071 Appending to dictionary immediately following its definitionPY-W0072 Anomalous backslash detectedPY-W0073 Logical operators used when combining SQL column expressionsPY-W0800 Unnecessary use of `json.dumps()` for file dataPY-W0079 Unnecessary use of `json.loads()` for file dataPY-W0078 Use of `sys.maxint` detectedPTC-W0067 Consider merging `startswith`/`endswith` checksPY-W0077 Prefer `list.extend(x)` over `list.append(*x)`PY-W0080 No newline at end of fileFLK-W292 `if` expression used can be simplifiedPYL-R1719 Blank line contains whitespaceFLK-W293 Consider using an `if` expressionPYL-R1706 Consider using literal syntax to create the data structurePTC-W0019 Test for object identity should be 'is not'FLK-E714 List comprehension redefines nameFLK-F812 Used a variable that was bound inside a comprehensionPYL-W1662 Audit required: Potential SQL injection on `RawSQL` functionBAN-B611 Audit required: Use of `md5`BAN-B303 Insecure `lxml` import detectedBAN-B410 Bad `type` operand placementPTC-W0024 Useless `return` detectedPYL-R1711 Unnecessary `else`/`elif` used after `raise`PYL-R1720 Protected member accessed from outside the classPYL-W0212 Mismatched parameters in overridden methodPYL-W0221 Bad comparison testPTC-W0023 Logging format string terminated in between conversion specifierPYL-E1201 New-style class raised which doesn't inherit from `BaseException`PYL-E0710 Local variable name referenced before assignmentFLK-F823 Deletion attempted with unsupported objectPYL-E1138 Bad first argument given in `super()` callPYL-E1003 Missing argument in `super()` callPYL-E1004 Invalid sequence index foundPYL-E1126 A non-callable object is being calledPYL-E1102 Unsupported format character used in the logging format stringPYL-E1200 Use of insecure `input` method detectedPTC-W1002 Invalid slice index foundPYL-E1127 Use of jinja2 templates with `autoescape=False` detectedBAN-B701 `list` object used during set creationPTC-W0058 Dictionary size changed during iterationPTC-W0056 `yield` would not work as expected in the magic methodPTC-W0059 Unguarded next inside generatorPTC-W0063 Django app detected with DEBUG mode enabledPY-S0900 Use of a non-existent operator detectedPYL-E0107 Explicitly declared types are required for all `Protocol` membersTYP-031 Consider decorating method with `@staticmethod`PYL-R0201 Trying to declare type of a type variableTYP-034 Invalid metaclassPYL-E1139 Invalid type for `__all__`TYP-056 Uexpected type hintTYP-040 Missing parameter in `Literal[...]` type hintTYP-042 Invalid `Literal[...]` type hintTYP-041 Unsupported generic type annotationTYP-044 Do not define functions named 'l', 'O', or 'I'FLK-E743 Detected calls to FTP-related functionsBAN-B321 Unused format string argumentPYL-W1304 Invalid definition of generic aliasTYP-073 Invalid return `type hint` for generator functionTYP-009 Deprecated type hint usedTYP-038 Format string truncatedPYL-E1301 Audit required: Use of `eval`PYL-W0123 Incompatible type detectedTYP-050 Use of `raw_input` built-in detectedPYL-W1609 Do not define classes named 'l', 'O', or 'I'FLK-E742 Unexpected indentationFLK-E113 Redundant `cast` detectedTYP-071 `TypeVar` value is not compatibleTYP-057 Invalid type hint for `ClassVar`TYP-047 Useless inheritance from `object`PYL-R0205 `nonlocal` name found without bindingPYL-E0117 Use of an insecure method from `xml.dom.pulldom` detectedBAN-B319 Special method defined with an invalid signaturePYL-E0302 Use of a deprecated module detectedPYL-W0402 Use of an insecure method from `xml.dom.minidom` detectedBAN-B318 Invalid string codec detectedPYL-W1646 Starting a process with a shell detectedBAN-B605 Bad metaclass-classmethod argumentPYL-C0204 Insecure library importedBAN-B413 Unbalanced tuple unpackingPYL-W0632 Invalid use of `TypeVar` foundTYP-058 Type is not indexbleTYP-062 Indentation contains mixed spaces and tabsFLK-E101 Invalid `type hint`TYP-008 `__init__` method from the base class not calledPYL-W0231 Invalid star expressionPYL-E0114 Multiple statements on one line (def)FLK-E704 Use of an insecure `expatbuilder` methodBAN-B316 Expression not assignedPYL-W0106 Trailing comma tuple detectedPYL-R1707 Can not assign to name without explicit type anotationTYP-064 Comparing to literalPYL-R0123 Invalid type hint parameterTYP-011 Indentation is not a multiple of fourFLK-E111 `from module import *` is only allowed at module levelFLK-F406 Bad string strip callPYL-E1310 Unsupported `Type` declarationTYP-032 Unpacking in `except`PYL-E1603 Model's `__unicode__` is not callablePYL-E5101 Exception arguments suggest string formatting might be intendedPYL-W0715 Inconsistent number or arguments detected for type hintTYP-046 Use of `buffer` built-in detectedPYL-W1603 Invalid type detected for type castTYP-037 Use of an insecure method from `xml.sax` detectedBAN-B317 Audit: Binding to all interfaces detected with hardcoded valuesBAN-B104 Unused import from wildcard import foundPYL-W0614 Backticks are deprecated, use `repr()`PYL-E1605 Use of long suffixPYL-E1606 Old inequality operator usedPYL-E1607 Use of old octal literalPYL-E1608 Non ascii bytes literals detectedPYL-E1610 Logging is not lazyPYL-W1201 Use of `basestring` built-in detectedPYL-W1602 Use of deprecated `string` function detectedPYL-W1649 Used an exception object that was bound by an except handlerPYL-W1661 Audit required: Use of `marshal` moduleBAN-B302 Audit required: Risk of possible SQL injection vector through string-based query constructionBAN-B608 Audit required: Possible wildcard injection in call: `subprocess.Popen`BAN-B609 Multiple statements detected on one lineFLK-E701 Insecure `pycryptodome` library importedBAN-B414 Use of `xrange` built-in detectedPYL-W1613 Model has `__unicode__` methodPYL-W5102 Use of an insecure method from `lxml.etree`BAN-B320 Audit required: Use of `exec`PYL-W0122 Audit required: Use of `pickle` moduleBAN-B301 Audit required: Use of `mark_safe` detectedBAN-B308 Audit required: Use of an insecure method method from `urllib` detectedBAN-B310 Audit required: Use of telnet detectedBAN-B312 Audit required: Insecure cipherPTC-W1004 Hardcoded temporary directory detectedBAN-B108 Use of `HTTPSConnection` may not be secure in Python versions < 2.7.9BAN-B309 Use of an insecure method from `xml.etree.cElementTree` detectedBAN-B313 File Transfer Protocol (FTP) related module importedBAN-B402 Detected use of a bad version of `SSL`BAN-B502 Detected use of a weak cryptographic keyBAN-B505 Unsafe usage of `yaml.load` function detectedBAN-B506 Detected subprocess `popen` call with shell equals `True`BAN-B602 Function call with `shell=True` parameter identifiedBAN-B604 Use of insecure `mako` templates detectedBAN-B702 Use of insecure cipher modePTC-W1005 Invalid encoded dataPYL-W0512 Invalid `envvar` defaultPYL-W1508 Pythagorean calculation detected with sub-optimal numericsPTC-W0028 Type error while assignmentTYP-014 Unsupported type applicationTYP-019 Untyped function called in typed contextTYP-061 Unsupported type provided to operandTYP-052 Incompatible types detectedTYP-060 Inconsistent number of argument for type aliasTYP-069 Invalid type used for tuple indexTYP-054 Use of invalid type detectedTYP-059 Invalid parameter given to `Literal`TYP-066 Empty module foundPTC-W0030 Invalid return detected in callableTYP-055 Invalid type comment or type annotation detectedTYP-043 Invalid target for type aliasTYP-074 Type variable is bound by an outer classTYP-070 Invalid use of type variableTYP-018 Inconsistent use of `type annotation` and `type comment`TYP-021 Unexpected type definition detectedTYP-033 Invalid type hintTYP-020 Wrong use of `Final` typeTYP-045 Type variable is not used in type contextTYP-065 Invalid number of type parameters detectedTYP-067 Unexpected argument given to type variableTYP-072 `f-string` used without any expressionPTC-W0027 Missing free `type variable`TYP-063 `_promote` expects type as first argumentTYP-039 Can not subclass value of type `Any`TYP-028 Unnecessary use of `getattr`PTC-W0034 Missing type parameterTYP-022 Duplicate type variables detectedTYP-026 Can not omit type hint in `Final[...]`TYP-030 `hasattr` used to check if the object is callablePTC-W0035 All type variables should be listed hereTYP-027 Invalid type of decorator constructorTYP-013 Audit required: Sensitive data might be exposedPTC-W1006 Use of a method on dictionary's `get` method detectedPTC-W0031 Simplify boolean expressionPYL-R1709 Consider using `max` builtinPTC-W0042 Consider using `min` builtinPTC-W0041 Format string contains unused keyPYL-W1301 Using deprecated method `assertEquals`PTC-W0040 Constant passed to unittest `assert<Bool>`PYL-W1503 Use of `len(seq) - 1` to get last element of an iterablePTC-W0044 Unnecessary `delete` statement in a local scopePTC-W0043 Admin class not in app's `admin.py`PTC-W0903 Abstract method does not raise `NotImplementedError`PTC-W0053 Consider using `TextField` instead of `CharField`PTC-W0904 Unit test class with no testsPTC-W0046 Branches of the `if` statement have similar implementationPTC-W0051 String field is nullablePTC-W0901 Set declaration has duplicate elementsPTC-W0050 Audit required: Server hostname may not be verifiedPTC-W6002 Function/method with an empty bodyPTC-W0049 Sequence value overwritten unconditionallyPTC-W0057 Field allows null but not blankPTC-W0906 Special method should return `NotImplemented`PTC-W0054 Audit required: Server certificate may not be verifiedPTC-W6001 Empty block of code foundPTC-W0047 Bad async magic methodPTC-W0045 `if` statements can be mergedPTC-W0048 `with` statements can be mergedPTC-W0062 Unused nested function or class detectedPTC-W0065 Use of deprecated `NullBooleanField`PTC-W0900 Primary key is not uniquePTC-W0902 Nullable `ManyToManyField` foundPTC-W0905 Missing backward migrationPTC-W0910 Security middleware not activatedPY-S0909 Use of both safe and unsafe HTTP methods for a viewPY-S6007 Setting loose POSIX file permissions is security-sensitivePY-S6008 Insecure use of `format_html` detectedPY-S0901 Docstring is over-indentedFLK-D208 Tab after comma detectedFLK-E242 Continuation line over-indented for hanging indentFLK-E126 Indentation is not a multiple of four in commentsFLK-E114 Visually indented line with same indent as next logical lineFLK-E129 Unnecessary `pass` statementPYL-W0107 Docstring should be indented with spaces, not tabsFLK-D206 Unexpected indentation in commentsFLK-E116 Doc line too longFLK-W505 Use r”“” if any backslashes in a docstringFLK-D301 Docstring is under-indentedFLK-D207 Continuation line with same indent as next logical lineFLK-E125 Multiple spaces found after operatorFLK-E222 Multiple spaces before keywordFLK-E272 Indentation contains tabsFLK-W191 Multiple spaces after ','FLK-E241 Too many leading `#` for block commentFLK-E266 Missing type annotation for callableTYP-051 Closing bracket does not match indentation of opening bracket's lineFLK-E123 Missing whitespace around operatorFLK-E225 Model missing `__unicode__` methodPYL-W5101 Missing whitespace after keywordFLK-E275 Inline comment should start with `# `FLK-E262 Unnecessary suppression of type checking issueTYP-001 Trailing whitespace detectedFLK-W291 Named lambda expression detectedFLK-E731 Tab found after operatorFLK-E224 Tab before keyword detectedFLK-E274 Expected 1 blank lineFLK-E301 Expected 2 blank linesFLK-E302 Module level import not at the top of the fileFLK-E402 Too many blank lines foundFLK-E303 At least two spaces before inline commentFLK-E261 Tab after keyword detectedFLK-E273 Unexpected line ending format foundPYL-C0328 Missing whitespace around arithmetic operatorFLK-E226 Whitespace after opening parenthesis detectedFLK-E201 Continuation line missing indentation or outdentedFLK-E122 Continuation line unaligned for hanging indentFLK-E131 Use of single quote detected in docstringFLK-D300 The backslash is redundant between bracketsFLK-E502 Missing whitespace around modulo operatorFLK-E228 Multiple imports on one lineFLK-E401 Expected an indented block in commentsFLK-E115 Continuation line over-indented for visual indentFLK-E127 Multiple spaces found before operatorFLK-E221 Tab found before operatorFLK-E223 Continuation line is under-indented for hanging indentFLK-E121 Blank lines found after function decoratorFLK-E304 Unnecessary literalPTC-W0018 Continuation line under-indented for visual indentFLK-E128 Unexpected spaces around keyword / parameter equalsFLK-E251 Multiple spaces after keywordFLK-E271 Closing bracket does not match visual indentationFLK-E124 Expected 1 blank line before a nested definitionFLK-E306 Line too longFLK-E501 Statement ends with a semicolonFLK-E703 Whitespace before opening parenthesisFLK-E211 Multiple statements detected on one lineFLK-E702 Mixed line endings foundPYL-C0327 Bad indentation detectedPYL-W0311 Whitespace before closing parenthesisFLK-E202 Expected 2 blank lines after end of function or classFLK-E305 Do not use variables named 'l', 'O', or 'I'FLK-E741 Multiple blank lines detected at end of the fileFLK-W391 Unnecessary typecastPTC-W0020 Inconsistent return statementsPYL-R1710 Chained comparison detectedPYL-R1716 Attribute defined outside `__init__`PYL-W0201 Use of `FIXME`/`XXX`/`TODO` encounteredPYL-W0511 Line break before binary operatorFLK-W503 Unnecessary semicolonPYL-W0301 `global` statement detectedPYL-W0603 One-line docstring should fit on one line with quotesFLK-D200 Model does not explicitly define `__unicode__`PYL-W5103 Do not use bare `except`, specify exception insteadFLK-E722 Missing whitespace around bitwise or shift operatorFLK-E227 Audit required: Starting a subprocessBAN-B606 Unnecessary parentheses after keywordPYL-C0325 Audit: Starting a process with a partial executable pathBAN-B607 Audit required: Potential SQL injection on `extra` functionBAN-B610 Import of method(s) from `xml.etree` detectedBAN-B405 SSL used with bad defaultsBAN-B503 SSL used with no version specifiedBAN-B504 Missing whitespace after `,`, `;`, or `:`FLK-E231 Block comment should start with `# `FLK-E265 Imports from same package are not groupedPYL-C0412 Invalid type alias detectedTYP-048 Missing type hintTYP-068 Uninferred `lambda expression` typeTYP-012 Missing class docstringPY-D0002 Variable assigned to itselfPYL-W0127 Subprocess run with ignored non-zero exitPYL-W1510 Missing module docstringPY-D0001 No blank lines allowed before class docstringFLK-D211 Multi-line docstring closing quotes should be on a separate lineFLK-D209 1 blank line required after class docstringFLK-D204 No whitespaces allowed surrounding docstring textFLK-D210 Unnecessary `None` provided as defaultPTC-W0039 Missing module/function docstringPY-D0003 No blank lines allowed after function docstringFLK-D202 Unassigned string statementPYL-W0105 First line should not be the function’s “signature”FLK-D402 Redundant `default=None` for a model fieldPTC-W0907 No blank lines allowed before function docstringFLK-D201 Use of `=+` / `=-` looks ambiguousPTC-W0066 Field duplicates the name of its containing classPTC-W0052 Audit required: Sensitive cookie without `secure` attributePTC-W6003 Audit required: Sensitive cookie without `httponly` attributePY-A6004 Use of `unique_for` constrant foundPTC-W0908 Ambiguous augmented assignmentPTC-W0061 Audit required: External control of file name or pathPTC-W6004 Audit required: Configuring loggers can be security-sensitivePY-A6006 Redundant list comprehension can be replaced using generatorPYL-R1728 Consider using f-stringsPYL-C0209 Positional arguments are out of orderPYL-W1114 Lazy formatting of message string passed to logging modulePYL-W1202 Formatted string passed to logging modulePYL-W1203 Function with cyclomatic complexity higher than thresholdPY-R1000

BAN-B310

Audit required: Use of an insecure method method from `urllib` detectedBAN-B310

Major

Security

cwe, a10, cwe-918, owasp-top-10

urllib not only opens http:// or https:// URLs, but also ftp:// and file://. With this, it might be possible to open local files on the executing machine which might be a security risk if the URL to open can be manipulated by an external user.

The urllib.request module defines functions and classes which help in opening URLs. urllib.request.open can open ftp:// and file:// URLs. This is usually not intended and makes the application vulnerable to Server Side Request Forgery attack. Performing requests from user-provided data could allow attackers to make requests on the internal network or change, retrieve or delete sensitive information. You are yourself responsible for validating the URL before opening it with urllib.

It is recommended to validate the user-provided data, such as the URL and headers used to construct the request.

Since this is an audit issue, some occurrences may be harmless here. The goal is to bring the issue in attention. Please make sure that the url is trusted. If the occurrences doesn't seem to be valid, please feel free to ignore them.

Bad practice

req = urllib.Request.request(url)
resp = urllib.request.urlopen(req)

Recommended

# Validate URL before opening it
if url.lower().startswith('http'):
  req = urllib.Request.request(url)
else:
  raise ValueError from None

with urllib.request.urlopen(req) as resp:
  [...]

## References:
- OWASP Top 10 2021 Category A10 - [Server Side Request Forgery](https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/)
- [CWE-918](https://cwe.mitre.org/data/definitions/918.html) - Server-Side Request Forgery (SSRF)