`continue` statement outside of a `while` or `for` loopFLK-F702Multiple values found for keyword argumentPYL-E1132Abstract class instantiatedPYL-E0110`init` method converted to generatorPYL-E0100Name used prior global declarationPYL-E0118Misplaced format functionPYL-E0119Method hidden by an attributePYL-E0202Method has no argumentPYL-E0211Invalid `slots` objectPYL-E0236Class has duplicate basesPYL-E0241`iter` returns a non-iteratorPYL-E0301Invalid return for `__len__`PYL-E0303Invalid object found in `__all__`PYL-E0604Attempting to unpack a non-sequence objectPYL-E0633`yield` or `yield from` statement used outside of a functionFLK-F704`break` statement used outside of a `while` or `for` loopFLK-F701Unsupported binary operationPYL-E1131`return` statement used with arguments inside a generatorFLK-F705Duplicate argument in function definitionFLK-F831Bad reversed sequencePYL-E0111Invalid slots objectPYL-E0238Inconsistent method resolution orderPYL-E0240Exception context set to something which is not an exception, nor NonePYL-E0703Object which is not a context manager used with the `with` statementPYL-E1129Dictionary key is unhashablePYL-E1140Invalid syntaxFLK-E999an undefined __future__ feature name was importedFLK-F407Bad `except` order foundPYL-E0701Object of unsupported type raisedPYL-E0702The raise statement is not inside an except clausePYL-E0704Exception caught which does not inherit from `Exception`PYL-E0712Assigning result of a function call, where the function has no returnPYL-E1111Missing argument in function callPYL-E1120Too many positional arguments in function callPYL-E1121Unexpected keyword argument in function callPYL-E1123Argument passed both by position and keyword in function callPYL-E1124Missing mandatory keyword argument in function callPYL-E1125Non-iterable value used in an iterating contextPYL-E1133Logging format string contains too many argumentsPYL-E1205Logging format string contains too few argumentsPYL-E1206Invalid format characterPYL-E1300Not enough arguments in format stringPYL-E1306Exception to catch is the result of a binary operationPYL-W0711Loop variable used outside the loopPYL-W0631`return` statement used outside of a function or methodFLK-F706File opened without the `with` statementPTC-W0010Format string contains excess argumentsPYL-E1305Debugger activation detectedPTC-W0014Unary operand used on an unsupported objectPYL-E1130Two or more starred expressions in an assignment (a, *b, *c = d)FLK-F622`return` found in `__init__`PYL-E0101`return` used outside of a functionPYL-E0104`yield` used outside of functionPYL-E0105Statement not reachable on executionPYL-W0101Dangerous default argumentPYL-W0102`assert` called on tuplePYL-W0199Catching previously caught exceptionPYL-W0705Except handler raises immediatelyPYL-W0706Invalid operation on exceptionsPYL-W0716Flask app detected with DEBUG mode enabledPTC-W0029Inheritance is not from a classPYL-E0239Variable used before assignmentPYL-E0601Undefined name detectedPYL-E0602Undefined name detected in `__all__`PYL-E0603`global` variable is undefinedPYL-W0601Class variable conflicts with slotsPYL-E0242not-async-context-managerPYL-E1701Set size changed during iterationPTC-W0055Assigning to an attribute not defined in class `__slots__`PY-W0076Audit required: Insecure cipherBAN-W1004Audit required: Insecure hash functionBAN-W1003Debugger import detectedPTC-W0013Type hint for with statement is unreliableTYP-036Invalid star assignment targetPYL-E0113Use of an insecure `expatreader` methodBAN-B315import module shadowed by loop variableFLK-F402Dictionary key variable name repeated with different valuesFLK-F602Insecure `xmlrpclib` import detectedBAN-B411Method should have `self` as the first argumentPYL-E0213New column added in database with a default valuePYL-W5198raising `NotImplemented` is not allowedFLK-F901Redundant `content_type` parameter for `JsonResponse()` detectedPYL-R5103Use of `reload` built-in detectedPYL-W1626Accessed a removed attribute on the operator modulePYL-W1657Name defined is both `nonlocal` and `global`PYL-E0115Too many expressions in an assignment with star-unpackingFLK-F621Method used has been deprecatedPYL-W1505Combined specification detected for format stringPYL-W1305Use of `apply` built-in detectedPYL-W1601Invalid value passed to access env variablePYL-E1507Consider merging `isinstance` callsPYL-R1701Use of `cmp` built-in detectedPYL-W1604Accessed a removed attribute on the `sys` modulePYL-W1660Cyclic import foundPYL-R0401`except:` is not the last exception handlerFLK-F707Undefined format string keyPYL-E1304Use of `execfile` built-in detectedPYL-W1606Built-in function `len` used as conditionPYL-C1802Mixed format stringPYL-E1302Format needs mappingPYL-E1303`HttpResponse()` returns `application/json` content typePYL-R5102Invalid format indexPYL-W1307Use of `_create_unverified_context` detectedBAN-B323No return value expectedTYP-002Assignment to a new keywordPYL-W0111Re-definition found for builtin functionPYL-W0622Keyword argument defined before variable positional argumentsPYL-W1113Use of `global` at module levelPYL-W0604Assigning result of a function call, where the function returns `None`PYL-E1128Value is not a mappingPYL-E1134Bad string format typePYL-E1307`print` statement detectedPYL-E1601Parameter unpacking detectedPYL-E1602Old `raise` syntax detetedPYL-E1604Comparison with itselfPYL-R0124No `@classmethod` decoratorPYL-R0202No `@staticmethod` decoratorPYL-R0203Argument redefined from localPYL-R1704Statement has no effectPYL-W0104Use of `coerce` built-in detectedPYL-W1605Use of `file` built-in detectedPYL-W1607Use of `long` built-in detectedPYL-W1608Use of `reduce` built-in detectedPYL-W1610use of `standarderror` built-in detectedPYL-W1611Use of `cmp` argument detectedPYL-W1640`message` attribute accessed on ExceptionPYL-W1645Use of deprecated `sys.maxint` detectedPYL-W1647Assignment to `self` or `cls` detectedPYL-W0642Deprecated form of raising exception detectedFLK-W602`async` and `await` are reserved keywords starting with Python 3.7FLK-W606Use `tuple` unpacking to swap variablesPYL-R1712Bad Python 3 importPYL-W1648Use of a deprecated `itertools` functionPYL-W1651Use of a deprecated `types` fieldPYL-W1652Accessed a removed attribute on the `urllib` modulePYL-W1658Accessed the removed xreadlines attributePYL-W1659`exclude` used in a `ModelForm`PYL-W5104Unsafe parameter given to `subprocess.Popen`PYL-W1509Use `items()` to iterate over a dictionaryPTC-W0011Unnecessary generatorPTC-W0015Audit required: Use of insecure cipherBAN-B304Audit required: Use of insecure cipher modeBAN-B305Defining equality for a class without also defining hashabilityPYL-W1641Module imports itselfPYL-W0406Audit required: Insecure cipher modeBAN-W1005Audit required: Insecure hash functionPTC-W1003Use of `unicode` built-in detectedPYL-W1612`HttpResponse` used to return JSON responsePYL-R5101Use `get()` method to access values from a dictionaryPYL-R1715Use of `tempnam` detectedBAN-B325I/O operation on a closed file detectedPTC-W0021Exception might be lostPYL-W0150Multiple imports for an import name detectedPYL-W0404Duplicate string formatting argument foundPYL-W1308Unnecessary comprehensionPTC-W0016Assert statement used outside of testsBAN-B101Thread has no target functionPYL-W1506Insecure permissions set on a fileBAN-B103Use of deprecated function: `mktemp`BAN-B306Redundant callPTC-W0017Use of an insecure method from `xml.etree.ElementTree` detectedBAN-B314Telnet related module importedBAN-B401No certificate validation detected for HTTP requestBAN-B501Illegal operation on filePTC-W0022Missing host key validation in SSHBAN-B507Possible shell injection via Paramiko callBAN-B601Expected an indented blockFLK-E112Test for membership should be 'not in'FLK-E713Use of an unneeded `not` detectedPYL-C0113Consider iterating dictionaryPYL-C0201Bad classmethod argumentPYL-C0202Bad metaclass-method argumentPYL-C0203Slots are recommended to be an iterable, simple string detectedPYL-C0205Import alias same as original package namePYL-C0414Misplaced comparison constantPYL-C2201Unnecessary `else` / `elif` used after `return`PYL-R1705`StopIteration` detected in a generatorPYL-R1708Consider using `join`PYL-R1713Consider using `in`PYL-R1714Consider using a dictionary comprehensionPYL-R1717Consider using a set comprehensionPYL-R1718Unnecessary lambda expressionPYL-W0108Duplicate dictionary keysPYL-W0109Useless else clause detected on the loopPYL-W0120`as` with another context manager looks like a tuplePYL-W0124Conditional statement used with a constant valuePYL-W0125Comparison with callable detectedPYL-W0143Bad `staticmethod` argument detectedPYL-W0211Signature differs in overridden methodPYL-W0222Abstract method not overriddenPYL-W0223Future import(s) name after other statementsPYL-W0410Global variable is declared but not usedPYL-W0602Unused variable foundPYL-W0612Function contains unused argumentPYL-W0613Re-defined variable from outer scopePYL-W0621Exception caught is very generalPYL-W0703Missing format argument keyPYL-W1303Missing format attributePYL-W1306Implicit string concatenation detected in the sequencePYL-W1403Bad open mode for filePYL-W1501Shallow copy of `os.environ` detectedPYL-W1507Unexpected return valueTYP-007Invalid return `type hint` for async generator functionTYP-010`Final[...]` shall have at most one type argumentTYP-029Incompatible redefinition detectedTYP-053Inconsistent type signatureTYP-025Invalid assignation to class variableTYP-075Consider using `any`PY-W0074Invalid property overrideTYP-017Invalid type comment detectedTYP-035Formatted string used as docstringPTC-W0033Wrong implementation of `overload`TYP-023Wrong implementation of `final` decoratorTYP-024Unexpected return type foundTYP-005Found `yield` statement inside a comprehensionPTC-W0025Found `yield` statement inside a generator expressionPTC-W0026Explicit exception raised in the assert messagePTC-W0032Format string key is not a stringPYL-W1300Function or method is being redefinedPYL-E0102Unnecessary `else` / `elif` used after `break`PYL-R1723Unnecessary `elif` / `else` block after `continue`PYL-R1724Variable redeclared during assignmentPYL-W0128Inconsistent overridden methodPYL-W0236Missing `return` statementTYP-003Missing return valueTYP-006Cell variable defined in loopPYL-W0640Exceptions are overlappingPYL-W0714Assignment target contains multiple star expressionsPYL-E0112Missing `.items()`PYL-E1141`yield from` inside an `async` functionPYL-E1700Property defined with parametersPYL-R0206`if` statement can be simplifiedPYL-R1703Unnecessary use of comprehensionPYL-R1721Use of `exit()` or `quit()` detectedPYL-R1722Missing parentheses for a call in testPYL-W0126Useless super delegationPYL-W0235Format string is not validPYL-W1302`datetime.time` used in a boolean contextPYL-W1502Implicit enumerate calls foundPTC-W0060Consider using `all`PY-W0075Private attribute declared but not usedPTC-W0037Private method declared but not usedPTC-W0038Imported name is not used anywhere in the modulePY-W2000Private nested class declared but not usedPTC-W0064Consider using identity comparison with singletonPTC-W0068Consider removing the commented out code blockPY-W0069Appending to list immediately following its definitionPY-W0070Adding to set immediately following its definitionPY-W0071Appending to dictionary immediately following its definitionPY-W0072Anomalous backslash detectedPY-W0073Logical operators used when combining SQL column expressionsPY-W0800Unnecessary use of `json.dumps()` for file dataPY-W0079Unnecessary use of `json.loads()` for file dataPY-W0078Use of `sys.maxint` detectedPTC-W0067Consider merging `startswith`/`endswith` checksPY-W0077Prefer `list.extend(x)` over `list.append(*x)`PY-W0080No newline at end of fileFLK-W292`if` expression used can be simplifiedPYL-R1719Blank line contains whitespaceFLK-W293Consider using an `if` expressionPYL-R1706Consider using literal syntax to create the data structurePTC-W0019Test for object identity should be 'is not'FLK-E714List comprehension redefines nameFLK-F812Used a variable that was bound inside a comprehensionPYL-W1662Audit required: Potential SQL injection on `RawSQL` functionBAN-B611Audit required: Use of `md5`BAN-B303Insecure `lxml` import detectedBAN-B410Bad `type` operand placementPTC-W0024Useless `return` detectedPYL-R1711Unnecessary `else`/`elif` used after `raise`PYL-R1720Protected member accessed from outside the classPYL-W0212Mismatched parameters in overridden methodPYL-W0221Bad comparison testPTC-W0023Logging format string terminated in between conversion specifierPYL-E1201New-style class raised which doesn't inherit from `BaseException`PYL-E0710Local variable name referenced before assignmentFLK-F823Deletion attempted with unsupported objectPYL-E1138Bad first argument given in `super()` callPYL-E1003Missing argument in `super()` callPYL-E1004Invalid sequence index foundPYL-E1126A non-callable object is being calledPYL-E1102Unsupported format character used in the logging format stringPYL-E1200Use of insecure `input` method detectedPTC-W1002Invalid slice index foundPYL-E1127Use of jinja2 templates with `autoescape=False` detectedBAN-B701`list` object used during set creationPTC-W0058Dictionary size changed during iterationPTC-W0056`yield` would not work as expected in the magic methodPTC-W0059Unguarded next inside generatorPTC-W0063Django app detected with DEBUG mode enabledPY-S0900Use of a non-existent operator detectedPYL-E0107Explicitly declared types are required for all `Protocol` membersTYP-031Consider decorating method with `@staticmethod`PYL-R0201Trying to declare type of a type variableTYP-034Invalid metaclassPYL-E1139Invalid type for `__all__`TYP-056Uexpected type hintTYP-040Missing parameter in `Literal[...]` type hintTYP-042Invalid `Literal[...]` type hintTYP-041Unsupported generic type annotationTYP-044Do not define functions named 'l', 'O', or 'I'FLK-E743Detected calls to FTP-related functionsBAN-B321Unused format string argumentPYL-W1304Invalid definition of generic aliasTYP-073Invalid return `type hint` for generator functionTYP-009Deprecated type hint usedTYP-038Format string truncatedPYL-E1301Audit required: Use of `eval`PYL-W0123Incompatible type detectedTYP-050Use of `raw_input` built-in detectedPYL-W1609Do not define classes named 'l', 'O', or 'I'FLK-E742Unexpected indentationFLK-E113Redundant `cast` detectedTYP-071`TypeVar` value is not compatibleTYP-057Invalid type hint for `ClassVar`TYP-047Useless inheritance from `object`PYL-R0205`nonlocal` name found without bindingPYL-E0117Use of an insecure method from `xml.dom.pulldom` detectedBAN-B319Special method defined with an invalid signaturePYL-E0302Use of a deprecated module detectedPYL-W0402Use of an insecure method from `xml.dom.minidom` detectedBAN-B318Invalid string codec detectedPYL-W1646Starting a process with a shell detectedBAN-B605Bad metaclass-classmethod argumentPYL-C0204Insecure library importedBAN-B413Unbalanced tuple unpackingPYL-W0632Invalid use of `TypeVar` foundTYP-058Type is not indexbleTYP-062Indentation contains mixed spaces and tabsFLK-E101Invalid `type hint`TYP-008`__init__` method from the base class not calledPYL-W0231Invalid star expressionPYL-E0114Multiple statements on one line (def)FLK-E704Use of an insecure `expatbuilder` methodBAN-B316Expression not assignedPYL-W0106Trailing comma tuple detectedPYL-R1707Can not assign to name without explicit type anotationTYP-064Comparing to literalPYL-R0123Invalid type hint parameterTYP-011Indentation is not a multiple of fourFLK-E111`from module import *` is only allowed at module levelFLK-F406Bad string strip callPYL-E1310Unsupported `Type` declarationTYP-032Unpacking in `except`PYL-E1603Model's `__unicode__` is not callablePYL-E5101Exception arguments suggest string formatting might be intendedPYL-W0715Inconsistent number or arguments detected for type hintTYP-046Use of `buffer` built-in detectedPYL-W1603Invalid type detected for type castTYP-037Use of an insecure method from `xml.sax` detectedBAN-B317Audit: Binding to all interfaces detected with hardcoded valuesBAN-B104Unused import from wildcard import foundPYL-W0614Backticks are deprecated, use `repr()`PYL-E1605Use of long suffixPYL-E1606Old inequality operator usedPYL-E1607Use of old octal literalPYL-E1608Non ascii bytes literals detectedPYL-E1610Logging is not lazyPYL-W1201Use of `basestring` built-in detectedPYL-W1602Use of deprecated `string` function detectedPYL-W1649Used an exception object that was bound by an except handlerPYL-W1661Audit required: Use of `marshal` moduleBAN-B302Audit required: Risk of possible SQL injection vector through string-based query constructionBAN-B608Audit required: Possible wildcard injection in call: `subprocess.Popen`BAN-B609Multiple statements detected on one lineFLK-E701Insecure `pycryptodome` library importedBAN-B414Use of `xrange` built-in detectedPYL-W1613Model has `__unicode__` methodPYL-W5102Use of an insecure method from `lxml.etree`BAN-B320Audit required: Use of `exec`PYL-W0122Audit required: Use of `pickle` moduleBAN-B301Audit required: Use of `mark_safe` detectedBAN-B308Audit required: Use of an insecure method method from `urllib` detectedBAN-B310Audit required: Use of telnet detectedBAN-B312Audit required: Insecure cipherPTC-W1004Hardcoded temporary directory detectedBAN-B108Use of `HTTPSConnection` may not be secure in Python versions < 2.7.9BAN-B309Use of an insecure method from `xml.etree.cElementTree` detectedBAN-B313File Transfer Protocol (FTP) related module importedBAN-B402Detected use of a bad version of `SSL`BAN-B502Detected use of a weak cryptographic keyBAN-B505Unsafe usage of `yaml.load` function detectedBAN-B506Detected subprocess `popen` call with shell equals `True`BAN-B602Function call with `shell=True` parameter identifiedBAN-B604Use of insecure `mako` templates detectedBAN-B702Use of insecure cipher modePTC-W1005Invalid encoded dataPYL-W0512Invalid `envvar` defaultPYL-W1508Pythagorean calculation detected with sub-optimal numericsPTC-W0028Type error while assignmentTYP-014Unsupported type applicationTYP-019Untyped function called in typed contextTYP-061Unsupported type provided to operandTYP-052Incompatible types detectedTYP-060Inconsistent number of argument for type aliasTYP-069Invalid type used for tuple indexTYP-054Use of invalid type detectedTYP-059Invalid parameter given to `Literal`TYP-066Empty module foundPTC-W0030Invalid return detected in callableTYP-055Invalid type comment or type annotation detectedTYP-043Invalid target for type aliasTYP-074Type variable is bound by an outer classTYP-070Invalid use of type variableTYP-018Inconsistent use of `type annotation` and `type comment`TYP-021Unexpected type definition detectedTYP-033Invalid type hintTYP-020Wrong use of `Final` typeTYP-045Type variable is not used in type contextTYP-065Invalid number of type parameters detectedTYP-067Unexpected argument given to type variableTYP-072`f-string` used without any expressionPTC-W0027Missing free `type variable`TYP-063`_promote` expects type as first argumentTYP-039Can not subclass value of type `Any`TYP-028Unnecessary use of `getattr`PTC-W0034Missing type parameterTYP-022Duplicate type variables detectedTYP-026Can not omit type hint in `Final[...]`TYP-030`hasattr` used to check if the object is callablePTC-W0035All type variables should be listed hereTYP-027Invalid type of decorator constructorTYP-013Audit required: Sensitive data might be exposedPTC-W1006Use of a method on dictionary's `get` method detectedPTC-W0031Simplify boolean expressionPYL-R1709Consider using `max` builtinPTC-W0042Consider using `min` builtinPTC-W0041Format string contains unused keyPYL-W1301Using deprecated method `assertEquals`PTC-W0040Constant passed to unittest `assert<Bool>`PYL-W1503Use of `len(seq) - 1` to get last element of an iterablePTC-W0044Unnecessary `delete` statement in a local scopePTC-W0043Admin class not in app's `admin.py`PTC-W0903Abstract method does not raise `NotImplementedError`PTC-W0053Consider using `TextField` instead of `CharField`PTC-W0904Unit test class with no testsPTC-W0046Branches of the `if` statement have similar implementationPTC-W0051String field is nullablePTC-W0901Set declaration has duplicate elementsPTC-W0050Audit required: Server hostname may not be verifiedPTC-W6002Function/method with an empty bodyPTC-W0049Sequence value overwritten unconditionallyPTC-W0057Field allows null but not blankPTC-W0906Special method should return `NotImplemented`PTC-W0054Audit required: Server certificate may not be verifiedPTC-W6001Empty block of code foundPTC-W0047Bad async magic methodPTC-W0045`if` statements can be mergedPTC-W0048`with` statements can be mergedPTC-W0062Unused nested function or class detectedPTC-W0065Use of deprecated `NullBooleanField`PTC-W0900Primary key is not uniquePTC-W0902Nullable `ManyToManyField` foundPTC-W0905Missing backward migrationPTC-W0910Security middleware not activatedPY-S0909Use of both safe and unsafe HTTP methods for a viewPY-S6007Setting loose POSIX file permissions is security-sensitivePY-S6008Insecure use of `format_html` detectedPY-S0901Docstring is over-indentedFLK-D208Tab after comma detectedFLK-E242Continuation line over-indented for hanging indentFLK-E126Indentation is not a multiple of four in commentsFLK-E114Visually indented line with same indent as next logical lineFLK-E129Unnecessary `pass` statementPYL-W0107Docstring should be indented with spaces, not tabsFLK-D206Unexpected indentation in commentsFLK-E116Doc line too longFLK-W505Use r”“” if any backslashes in a docstringFLK-D301Docstring is under-indentedFLK-D207Continuation line with same indent as next logical lineFLK-E125Multiple spaces found after operatorFLK-E222Multiple spaces before keywordFLK-E272Indentation contains tabsFLK-W191Multiple spaces after ','FLK-E241Too many leading `#` for block commentFLK-E266Missing type annotation for callableTYP-051Closing bracket does not match indentation of opening bracket's lineFLK-E123Missing whitespace around operatorFLK-E225Model missing `__unicode__` methodPYL-W5101Missing whitespace after keywordFLK-E275Inline comment should start with `# `FLK-E262Unnecessary suppression of type checking issueTYP-001Trailing whitespace detectedFLK-W291Named lambda expression detectedFLK-E731Tab found after operatorFLK-E224Tab before keyword detectedFLK-E274Expected 1 blank lineFLK-E301Expected 2 blank linesFLK-E302Module level import not at the top of the fileFLK-E402Too many blank lines foundFLK-E303At least two spaces before inline commentFLK-E261Tab after keyword detectedFLK-E273Unexpected line ending format foundPYL-C0328Missing whitespace around arithmetic operatorFLK-E226Whitespace after opening parenthesis detectedFLK-E201Continuation line missing indentation or outdentedFLK-E122Continuation line unaligned for hanging indentFLK-E131Use of single quote detected in docstringFLK-D300The backslash is redundant between bracketsFLK-E502Missing whitespace around modulo operatorFLK-E228Multiple imports on one lineFLK-E401Expected an indented block in commentsFLK-E115Continuation line over-indented for visual indentFLK-E127Multiple spaces found before operatorFLK-E221Tab found before operatorFLK-E223Continuation line is under-indented for hanging indentFLK-E121Blank lines found after function decoratorFLK-E304Unnecessary literalPTC-W0018Continuation line under-indented for visual indentFLK-E128Unexpected spaces around keyword / parameter equalsFLK-E251Multiple spaces after keywordFLK-E271Closing bracket does not match visual indentationFLK-E124Expected 1 blank line before a nested definitionFLK-E306Line too longFLK-E501Statement ends with a semicolonFLK-E703Whitespace before opening parenthesisFLK-E211Multiple statements detected on one lineFLK-E702Mixed line endings foundPYL-C0327Bad indentation detectedPYL-W0311Whitespace before closing parenthesisFLK-E202Expected 2 blank lines after end of function or classFLK-E305Do not use variables named 'l', 'O', or 'I'FLK-E741Multiple blank lines detected at end of the fileFLK-W391Unnecessary typecastPTC-W0020Inconsistent return statementsPYL-R1710Chained comparison detectedPYL-R1716Attribute defined outside `__init__`PYL-W0201Use of `FIXME`/`XXX`/`TODO` encounteredPYL-W0511Line break before binary operatorFLK-W503Unnecessary semicolonPYL-W0301`global` statement detectedPYL-W0603One-line docstring should fit on one line with quotesFLK-D200Model does not explicitly define `__unicode__`PYL-W5103Do not use bare `except`, specify exception insteadFLK-E722Missing whitespace around bitwise or shift operatorFLK-E227Audit required: Starting a subprocessBAN-B606Unnecessary parentheses after keywordPYL-C0325Audit: Starting a process with a partial executable pathBAN-B607Audit required: Potential SQL injection on `extra` functionBAN-B610Import of method(s) from `xml.etree` detectedBAN-B405SSL used with bad defaultsBAN-B503SSL used with no version specifiedBAN-B504Missing whitespace after `,`, `;`, or `:`FLK-E231Block comment should start with `# `FLK-E265Imports from same package are not groupedPYL-C0412Invalid type alias detectedTYP-048Missing type hintTYP-068Uninferred `lambda expression` typeTYP-012Missing class docstringPY-D0002Variable assigned to itselfPYL-W0127Subprocess run with ignored non-zero exitPYL-W1510Missing module docstringPY-D0001No blank lines allowed before class docstringFLK-D211Multi-line docstring closing quotes should be on a separate lineFLK-D2091 blank line required after class docstringFLK-D204No whitespaces allowed surrounding docstring textFLK-D210Unnecessary `None` provided as defaultPTC-W0039Missing module/function docstringPY-D0003No blank lines allowed after function docstringFLK-D202Unassigned string statementPYL-W0105First line should not be the function’s “signature”FLK-D402Redundant `default=None` for a model fieldPTC-W0907No blank lines allowed before function docstringFLK-D201Use of `=+` / `=-` looks ambiguousPTC-W0066Field duplicates the name of its containing classPTC-W0052Audit required: Sensitive cookie without `secure` attributePTC-W6003Audit required: Sensitive cookie without `httponly` attributePY-A6004Use of `unique_for` constrant foundPTC-W0908Ambiguous augmented assignmentPTC-W0061Audit required: External control of file name or pathPTC-W6004Audit required: Configuring loggers can be security-sensitivePY-A6006Redundant list comprehension can be replaced using generatorPYL-R1728Consider using f-stringsPYL-C0209Positional arguments are out of orderPYL-W1114Lazy formatting of message string passed to logging modulePYL-W1202Formatted string passed to logging modulePYL-W1203Function with cyclomatic complexity higher than thresholdPY-R1000
Python logoPython/
BAN-B607

Audit: Starting a process with a partial executable pathBAN-B607

Minor severityMinor
Security categorySecurity
a03, owasp-top-10

Python possesses many mechanisms to invoke an external executable. If the desired executable path is not fully qualified relative to the filesystem root then this may present a potential security risk.

In POSIX environments, the PATH environment variable is used to specify a set of standard locations that will be searched for the first matching named executable. While convenient, this behavior may allow a malicious actor to exert control over a system. If they are able to adjust the contents of the PATH variable, or manipulate the file system, then a bogus executable may be discovered in place of the desired one. This executable will be invoked with the user privileges of the Python process that spawned it, potentially a highly privileged user.

This test will scan the parameters of all configured Python methods, looking for paths that do not start at the filesystem root, that is, do not have a leading ‘/’ character.

Bad practice

import subprocess

subprocess.run(['calculator', '-u', 'critical', msg], check=True) # Sensitive, Path not qualified from root

import subprocess

subprocess.run(['/usr/bin/calculator', '-u', 'critical', msg], check=True) # Path qualified from root

References: