`continue` statement outside of a `while` or `for` loopFLK-F702Multiple values found for keyword argumentPYL-E1132Abstract class instantiatedPYL-E0110`init` method converted to generatorPYL-E0100Name used prior global declarationPYL-E0118Misplaced format functionPYL-E0119Method hidden by an attributePYL-E0202Method has no argumentPYL-E0211Invalid `slots` objectPYL-E0236Class has duplicate basesPYL-E0241`iter` returns a non-iteratorPYL-E0301Invalid return for `__len__`PYL-E0303Invalid object found in `__all__`PYL-E0604Attempting to unpack a non-sequence objectPYL-E0633`yield` or `yield from` statement used outside of a functionFLK-F704`break` statement used outside of a `while` or `for` loopFLK-F701Unsupported binary operationPYL-E1131`return` statement used with arguments inside a generatorFLK-F705Duplicate argument in function definitionFLK-F831Bad reversed sequencePYL-E0111Invalid slots objectPYL-E0238Inconsistent method resolution orderPYL-E0240Exception context set to something which is not an exception, nor NonePYL-E0703Object which is not a context manager used with the `with` statementPYL-E1129Dictionary key is unhashablePYL-E1140Invalid syntaxFLK-E999an undefined __future__ feature name was importedFLK-F407Bad `except` order foundPYL-E0701Object of unsupported type raisedPYL-E0702The raise statement is not inside an except clausePYL-E0704Exception caught which does not inherit from `Exception`PYL-E0712Assigning result of a function call, where the function has no returnPYL-E1111Missing argument in function callPYL-E1120Too many positional arguments in function callPYL-E1121Unexpected keyword argument in function callPYL-E1123Argument passed both by position and keyword in function callPYL-E1124Missing mandatory keyword argument in function callPYL-E1125Non-iterable value used in an iterating contextPYL-E1133Logging format string contains too many argumentsPYL-E1205Logging format string contains too few argumentsPYL-E1206Invalid format characterPYL-E1300Not enough arguments in format stringPYL-E1306Exception to catch is the result of a binary operationPYL-W0711Loop variable used outside the loopPYL-W0631`return` statement used outside of a function or methodFLK-F706File opened without the `with` statementPTC-W0010Format string contains excess argumentsPYL-E1305Debugger activation detectedPTC-W0014Unary operand used on an unsupported objectPYL-E1130Two or more starred expressions in an assignment (a, *b, *c = d)FLK-F622`return` found in `__init__`PYL-E0101`return` used outside of a functionPYL-E0104`yield` used outside of functionPYL-E0105Statement not reachable on executionPYL-W0101Dangerous default argumentPYL-W0102`assert` called on tuplePYL-W0199Catching previously caught exceptionPYL-W0705Except handler raises immediatelyPYL-W0706Invalid operation on exceptionsPYL-W0716Flask app detected with DEBUG mode enabledPTC-W0029Inheritance is not from a classPYL-E0239Variable used before assignmentPYL-E0601Undefined name detectedPYL-E0602Undefined name detected in `__all__`PYL-E0603`global` variable is undefinedPYL-W0601Class variable conflicts with slotsPYL-E0242not-async-context-managerPYL-E1701Set size changed during iterationPTC-W0055Assigning to an attribute not defined in class `__slots__`PY-W0076Audit required: Insecure cipherBAN-W1004Audit required: Insecure hash functionBAN-W1003Debugger import detectedPTC-W0013Type hint for with statement is unreliableTYP-036Invalid star assignment targetPYL-E0113Use of an insecure `expatreader` methodBAN-B315import module shadowed by loop variableFLK-F402Dictionary key variable name repeated with different valuesFLK-F602Insecure `xmlrpclib` import detectedBAN-B411Method should have `self` as the first argumentPYL-E0213New column added in database with a default valuePYL-W5198raising `NotImplemented` is not allowedFLK-F901Redundant `content_type` parameter for `JsonResponse()` detectedPYL-R5103Use of `reload` built-in detectedPYL-W1626Accessed a removed attribute on the operator modulePYL-W1657Name defined is both `nonlocal` and `global`PYL-E0115Too many expressions in an assignment with star-unpackingFLK-F621Method used has been deprecatedPYL-W1505Combined specification detected for format stringPYL-W1305Use of `apply` built-in detectedPYL-W1601Invalid value passed to access env variablePYL-E1507Consider merging `isinstance` callsPYL-R1701Use of `cmp` built-in detectedPYL-W1604Accessed a removed attribute on the `sys` modulePYL-W1660Cyclic import foundPYL-R0401`except:` is not the last exception handlerFLK-F707Undefined format string keyPYL-E1304Use of `execfile` built-in detectedPYL-W1606Built-in function `len` used as conditionPYL-C1802Mixed format stringPYL-E1302Format needs mappingPYL-E1303`HttpResponse()` returns `application/json` content typePYL-R5102Invalid format indexPYL-W1307Use of `_create_unverified_context` detectedBAN-B323No return value expectedTYP-002Assignment to a new keywordPYL-W0111Re-definition found for builtin functionPYL-W0622Keyword argument defined before variable positional argumentsPYL-W1113Use of `global` at module levelPYL-W0604Assigning result of a function call, where the function returns `None`PYL-E1128Value is not a mappingPYL-E1134Bad string format typePYL-E1307`print` statement detectedPYL-E1601Parameter unpacking detectedPYL-E1602Old `raise` syntax detetedPYL-E1604Comparison with itselfPYL-R0124No `@classmethod` decoratorPYL-R0202No `@staticmethod` decoratorPYL-R0203Argument redefined from localPYL-R1704Statement has no effectPYL-W0104Use of `coerce` built-in detectedPYL-W1605Use of `file` built-in detectedPYL-W1607Use of `long` built-in detectedPYL-W1608Use of `reduce` built-in detectedPYL-W1610use of `standarderror` built-in detectedPYL-W1611Use of `cmp` argument detectedPYL-W1640`message` attribute accessed on ExceptionPYL-W1645Use of deprecated `sys.maxint` detectedPYL-W1647Assignment to `self` or `cls` detectedPYL-W0642Deprecated form of raising exception detectedFLK-W602`async` and `await` are reserved keywords starting with Python 3.7FLK-W606Use `tuple` unpacking to swap variablesPYL-R1712Bad Python 3 importPYL-W1648Use of a deprecated `itertools` functionPYL-W1651Use of a deprecated `types` fieldPYL-W1652Accessed a removed attribute on the `urllib` modulePYL-W1658Accessed the removed xreadlines attributePYL-W1659`exclude` used in a `ModelForm`PYL-W5104Unsafe parameter given to `subprocess.Popen`PYL-W1509Use `items()` to iterate over a dictionaryPTC-W0011Unnecessary generatorPTC-W0015Audit required: Use of insecure cipherBAN-B304Audit required: Use of insecure cipher modeBAN-B305Defining equality for a class without also defining hashabilityPYL-W1641Module imports itselfPYL-W0406Audit required: Insecure cipher modeBAN-W1005Audit required: Insecure hash functionPTC-W1003Use of `unicode` built-in detectedPYL-W1612`HttpResponse` used to return JSON responsePYL-R5101Use `get()` method to access values from a dictionaryPYL-R1715Use of `tempnam` detectedBAN-B325I/O operation on a closed file detectedPTC-W0021Exception might be lostPYL-W0150Multiple imports for an import name detectedPYL-W0404Duplicate string formatting argument foundPYL-W1308Unnecessary comprehensionPTC-W0016Assert statement used outside of testsBAN-B101Thread has no target functionPYL-W1506Insecure permissions set on a fileBAN-B103Use of deprecated function: `mktemp`BAN-B306Redundant callPTC-W0017Use of an insecure method from `xml.etree.ElementTree` detectedBAN-B314Telnet related module importedBAN-B401No certificate validation detected for HTTP requestBAN-B501Illegal operation on filePTC-W0022Missing host key validation in SSHBAN-B507Possible shell injection via Paramiko callBAN-B601Expected an indented blockFLK-E112Test for membership should be 'not in'FLK-E713Use of an unneeded `not` detectedPYL-C0113Consider iterating dictionaryPYL-C0201Bad classmethod argumentPYL-C0202Bad metaclass-method argumentPYL-C0203Slots are recommended to be an iterable, simple string detectedPYL-C0205Import alias same as original package namePYL-C0414Misplaced comparison constantPYL-C2201Unnecessary `else` / `elif` used after `return`PYL-R1705`StopIteration` detected in a generatorPYL-R1708Consider using `join`PYL-R1713Consider using `in`PYL-R1714Consider using a dictionary comprehensionPYL-R1717Consider using a set comprehensionPYL-R1718Unnecessary lambda expressionPYL-W0108Duplicate dictionary keysPYL-W0109Useless else clause detected on the loopPYL-W0120`as` with another context manager looks like a tuplePYL-W0124Conditional statement used with a constant valuePYL-W0125Comparison with callable detectedPYL-W0143Bad `staticmethod` argument detectedPYL-W0211Signature differs in overridden methodPYL-W0222Abstract method not overriddenPYL-W0223Future import(s) name after other statementsPYL-W0410Global variable is declared but not usedPYL-W0602Unused variable foundPYL-W0612Function contains unused argumentPYL-W0613Re-defined variable from outer scopePYL-W0621Exception caught is very generalPYL-W0703Missing format argument keyPYL-W1303Missing format attributePYL-W1306Implicit string concatenation detected in the sequencePYL-W1403Bad open mode for filePYL-W1501Shallow copy of `os.environ` detectedPYL-W1507Unexpected return valueTYP-007Invalid return `type hint` for async generator functionTYP-010`Final[...]` shall have at most one type argumentTYP-029Incompatible redefinition detectedTYP-053Inconsistent type signatureTYP-025Invalid assignation to class variableTYP-075Consider using `any`PY-W0074Invalid property overrideTYP-017Invalid type comment detectedTYP-035Formatted string used as docstringPTC-W0033Wrong implementation of `overload`TYP-023Wrong implementation of `final` decoratorTYP-024Unexpected return type foundTYP-005Found `yield` statement inside a comprehensionPTC-W0025Found `yield` statement inside a generator expressionPTC-W0026Explicit exception raised in the assert messagePTC-W0032Format string key is not a stringPYL-W1300Function or method is being redefinedPYL-E0102Unnecessary `else` / `elif` used after `break`PYL-R1723Unnecessary `elif` / `else` block after `continue`PYL-R1724Variable redeclared during assignmentPYL-W0128Inconsistent overridden methodPYL-W0236Missing `return` statementTYP-003Missing return valueTYP-006Cell variable defined in loopPYL-W0640Exceptions are overlappingPYL-W0714Assignment target contains multiple star expressionsPYL-E0112Missing `.items()`PYL-E1141`yield from` inside an `async` functionPYL-E1700Property defined with parametersPYL-R0206`if` statement can be simplifiedPYL-R1703Unnecessary use of comprehensionPYL-R1721Use of `exit()` or `quit()` detectedPYL-R1722Missing parentheses for a call in testPYL-W0126Useless super delegationPYL-W0235Format string is not validPYL-W1302`datetime.time` used in a boolean contextPYL-W1502Implicit enumerate calls foundPTC-W0060Consider using `all`PY-W0075Private attribute declared but not usedPTC-W0037Private method declared but not usedPTC-W0038Imported name is not used anywhere in the modulePY-W2000Private nested class declared but not usedPTC-W0064Consider using identity comparison with singletonPTC-W0068Consider removing the commented out code blockPY-W0069Appending to list immediately following its definitionPY-W0070Adding to set immediately following its definitionPY-W0071Appending to dictionary immediately following its definitionPY-W0072Anomalous backslash detectedPY-W0073Logical operators used when combining SQL column expressionsPY-W0800Unnecessary use of `json.dumps()` for file dataPY-W0079Unnecessary use of `json.loads()` for file dataPY-W0078Use of `sys.maxint` detectedPTC-W0067Consider merging `startswith`/`endswith` checksPY-W0077Prefer `list.extend(x)` over `list.append(*x)`PY-W0080No newline at end of fileFLK-W292`if` expression used can be simplifiedPYL-R1719Blank line contains whitespaceFLK-W293Consider using an `if` expressionPYL-R1706Consider using literal syntax to create the data structurePTC-W0019Test for object identity should be 'is not'FLK-E714List comprehension redefines nameFLK-F812Used a variable that was bound inside a comprehensionPYL-W1662Audit required: Potential SQL injection on `RawSQL` functionBAN-B611Audit required: Use of `md5`BAN-B303Insecure `lxml` import detectedBAN-B410Bad `type` operand placementPTC-W0024Useless `return` detectedPYL-R1711Unnecessary `else`/`elif` used after `raise`PYL-R1720Protected member accessed from outside the classPYL-W0212Mismatched parameters in overridden methodPYL-W0221Bad comparison testPTC-W0023Logging format string terminated in between conversion specifierPYL-E1201New-style class raised which doesn't inherit from `BaseException`PYL-E0710Local variable name referenced before assignmentFLK-F823Deletion attempted with unsupported objectPYL-E1138Bad first argument given in `super()` callPYL-E1003Missing argument in `super()` callPYL-E1004Invalid sequence index foundPYL-E1126A non-callable object is being calledPYL-E1102Unsupported format character used in the logging format stringPYL-E1200Use of insecure `input` method detectedPTC-W1002Invalid slice index foundPYL-E1127Use of jinja2 templates with `autoescape=False` detectedBAN-B701`list` object used during set creationPTC-W0058Dictionary size changed during iterationPTC-W0056`yield` would not work as expected in the magic methodPTC-W0059Unguarded next inside generatorPTC-W0063Django app detected with DEBUG mode enabledPY-S0900Use of a non-existent operator detectedPYL-E0107Explicitly declared types are required for all `Protocol` membersTYP-031Consider decorating method with `@staticmethod`PYL-R0201Trying to declare type of a type variableTYP-034Invalid metaclassPYL-E1139Invalid type for `__all__`TYP-056Uexpected type hintTYP-040Missing parameter in `Literal[...]` type hintTYP-042Invalid `Literal[...]` type hintTYP-041Unsupported generic type annotationTYP-044Do not define functions named 'l', 'O', or 'I'FLK-E743Detected calls to FTP-related functionsBAN-B321Unused format string argumentPYL-W1304Invalid definition of generic aliasTYP-073Invalid return `type hint` for generator functionTYP-009Deprecated type hint usedTYP-038Format string truncatedPYL-E1301Audit required: Use of `eval`PYL-W0123Incompatible type detectedTYP-050Use of `raw_input` built-in detectedPYL-W1609Do not define classes named 'l', 'O', or 'I'FLK-E742Unexpected indentationFLK-E113Redundant `cast` detectedTYP-071`TypeVar` value is not compatibleTYP-057Invalid type hint for `ClassVar`TYP-047Useless inheritance from `object`PYL-R0205`nonlocal` name found without bindingPYL-E0117Use of an insecure method from `xml.dom.pulldom` detectedBAN-B319Special method defined with an invalid signaturePYL-E0302Use of a deprecated module detectedPYL-W0402Use of an insecure method from `xml.dom.minidom` detectedBAN-B318Invalid string codec detectedPYL-W1646Starting a process with a shell detectedBAN-B605Bad metaclass-classmethod argumentPYL-C0204Insecure library importedBAN-B413Unbalanced tuple unpackingPYL-W0632Invalid use of `TypeVar` foundTYP-058Type is not indexbleTYP-062Indentation contains mixed spaces and tabsFLK-E101Invalid `type hint`TYP-008`__init__` method from the base class not calledPYL-W0231Invalid star expressionPYL-E0114Multiple statements on one line (def)FLK-E704Use of an insecure `expatbuilder` methodBAN-B316Expression not assignedPYL-W0106Trailing comma tuple detectedPYL-R1707Can not assign to name without explicit type anotationTYP-064Comparing to literalPYL-R0123Invalid type hint parameterTYP-011Indentation is not a multiple of fourFLK-E111`from module import *` is only allowed at module levelFLK-F406Bad string strip callPYL-E1310Unsupported `Type` declarationTYP-032Unpacking in `except`PYL-E1603Model's `__unicode__` is not callablePYL-E5101Exception arguments suggest string formatting might be intendedPYL-W0715Inconsistent number or arguments detected for type hintTYP-046Use of `buffer` built-in detectedPYL-W1603Invalid type detected for type castTYP-037Use of an insecure method from `xml.sax` detectedBAN-B317Audit: Binding to all interfaces detected with hardcoded valuesBAN-B104Unused import from wildcard import foundPYL-W0614Backticks are deprecated, use `repr()`PYL-E1605Use of long suffixPYL-E1606Old inequality operator usedPYL-E1607Use of old octal literalPYL-E1608Non ascii bytes literals detectedPYL-E1610Logging is not lazyPYL-W1201Use of `basestring` built-in detectedPYL-W1602Use of deprecated `string` function detectedPYL-W1649Used an exception object that was bound by an except handlerPYL-W1661Audit required: Use of `marshal` moduleBAN-B302Audit required: Risk of possible SQL injection vector through string-based query constructionBAN-B608Audit required: Possible wildcard injection in call: `subprocess.Popen`BAN-B609Multiple statements detected on one lineFLK-E701Insecure `pycryptodome` library importedBAN-B414Use of `xrange` built-in detectedPYL-W1613Model has `__unicode__` methodPYL-W5102Use of an insecure method from `lxml.etree`BAN-B320Audit required: Use of `exec`PYL-W0122Audit required: Use of `pickle` moduleBAN-B301Audit required: Use of `mark_safe` detectedBAN-B308Audit required: Use of an insecure method method from `urllib` detectedBAN-B310Audit required: Use of telnet detectedBAN-B312Audit required: Insecure cipherPTC-W1004Hardcoded temporary directory detectedBAN-B108Use of `HTTPSConnection` may not be secure in Python versions < 2.7.9BAN-B309Use of an insecure method from `xml.etree.cElementTree` detectedBAN-B313File Transfer Protocol (FTP) related module importedBAN-B402Detected use of a bad version of `SSL`BAN-B502Detected use of a weak cryptographic keyBAN-B505Unsafe usage of `yaml.load` function detectedBAN-B506Detected subprocess `popen` call with shell equals `True`BAN-B602Function call with `shell=True` parameter identifiedBAN-B604Use of insecure `mako` templates detectedBAN-B702Use of insecure cipher modePTC-W1005Invalid encoded dataPYL-W0512Invalid `envvar` defaultPYL-W1508Pythagorean calculation detected with sub-optimal numericsPTC-W0028Type error while assignmentTYP-014Unsupported type applicationTYP-019Untyped function called in typed contextTYP-061Unsupported type provided to operandTYP-052Incompatible types detectedTYP-060Inconsistent number of argument for type aliasTYP-069Invalid type used for tuple indexTYP-054Use of invalid type detectedTYP-059Invalid parameter given to `Literal`TYP-066Empty module foundPTC-W0030Invalid return detected in callableTYP-055Invalid type comment or type annotation detectedTYP-043Invalid target for type aliasTYP-074Type variable is bound by an outer classTYP-070Invalid use of type variableTYP-018Inconsistent use of `type annotation` and `type comment`TYP-021Unexpected type definition detectedTYP-033Invalid type hintTYP-020Wrong use of `Final` typeTYP-045Type variable is not used in type contextTYP-065Invalid number of type parameters detectedTYP-067Unexpected argument given to type variableTYP-072`f-string` used without any expressionPTC-W0027Missing free `type variable`TYP-063`_promote` expects type as first argumentTYP-039Can not subclass value of type `Any`TYP-028Unnecessary use of `getattr`PTC-W0034Missing type parameterTYP-022Duplicate type variables detectedTYP-026Can not omit type hint in `Final[...]`TYP-030`hasattr` used to check if the object is callablePTC-W0035All type variables should be listed hereTYP-027Invalid type of decorator constructorTYP-013Audit required: Sensitive data might be exposedPTC-W1006Use of a method on dictionary's `get` method detectedPTC-W0031Simplify boolean expressionPYL-R1709Consider using `max` builtinPTC-W0042Consider using `min` builtinPTC-W0041Format string contains unused keyPYL-W1301Using deprecated method `assertEquals`PTC-W0040Constant passed to unittest `assert<Bool>`PYL-W1503Use of `len(seq) - 1` to get last element of an iterablePTC-W0044Unnecessary `delete` statement in a local scopePTC-W0043Admin class not in app's `admin.py`PTC-W0903Abstract method does not raise `NotImplementedError`PTC-W0053Consider using `TextField` instead of `CharField`PTC-W0904Unit test class with no testsPTC-W0046Branches of the `if` statement have similar implementationPTC-W0051String field is nullablePTC-W0901Set declaration has duplicate elementsPTC-W0050Audit required: Server hostname may not be verifiedPTC-W6002Function/method with an empty bodyPTC-W0049Sequence value overwritten unconditionallyPTC-W0057Field allows null but not blankPTC-W0906Special method should return `NotImplemented`PTC-W0054Audit required: Server certificate may not be verifiedPTC-W6001Empty block of code foundPTC-W0047Bad async magic methodPTC-W0045`if` statements can be mergedPTC-W0048`with` statements can be mergedPTC-W0062Unused nested function or class detectedPTC-W0065Use of deprecated `NullBooleanField`PTC-W0900Primary key is not uniquePTC-W0902Nullable `ManyToManyField` foundPTC-W0905Missing backward migrationPTC-W0910Security middleware not activatedPY-S0909Use of both safe and unsafe HTTP methods for a viewPY-S6007Setting loose POSIX file permissions is security-sensitivePY-S6008Insecure use of `format_html` detectedPY-S0901Docstring is over-indentedFLK-D208Tab after comma detectedFLK-E242Continuation line over-indented for hanging indentFLK-E126Indentation is not a multiple of four in commentsFLK-E114Visually indented line with same indent as next logical lineFLK-E129Unnecessary `pass` statementPYL-W0107Docstring should be indented with spaces, not tabsFLK-D206Unexpected indentation in commentsFLK-E116Doc line too longFLK-W505Use r”“” if any backslashes in a docstringFLK-D301Docstring is under-indentedFLK-D207Continuation line with same indent as next logical lineFLK-E125Multiple spaces found after operatorFLK-E222Multiple spaces before keywordFLK-E272Indentation contains tabsFLK-W191Multiple spaces after ','FLK-E241Too many leading `#` for block commentFLK-E266Missing type annotation for callableTYP-051Closing bracket does not match indentation of opening bracket's lineFLK-E123Missing whitespace around operatorFLK-E225Model missing `__unicode__` methodPYL-W5101Missing whitespace after keywordFLK-E275Inline comment should start with `# `FLK-E262Unnecessary suppression of type checking issueTYP-001Trailing whitespace detectedFLK-W291Named lambda expression detectedFLK-E731Tab found after operatorFLK-E224Tab before keyword detectedFLK-E274Expected 1 blank lineFLK-E301Expected 2 blank linesFLK-E302Module level import not at the top of the fileFLK-E402Too many blank lines foundFLK-E303At least two spaces before inline commentFLK-E261Tab after keyword detectedFLK-E273Unexpected line ending format foundPYL-C0328Missing whitespace around arithmetic operatorFLK-E226Whitespace after opening parenthesis detectedFLK-E201Continuation line missing indentation or outdentedFLK-E122Continuation line unaligned for hanging indentFLK-E131Use of single quote detected in docstringFLK-D300The backslash is redundant between bracketsFLK-E502Missing whitespace around modulo operatorFLK-E228Multiple imports on one lineFLK-E401Expected an indented block in commentsFLK-E115Continuation line over-indented for visual indentFLK-E127Multiple spaces found before operatorFLK-E221Tab found before operatorFLK-E223Continuation line is under-indented for hanging indentFLK-E121Blank lines found after function decoratorFLK-E304Unnecessary literalPTC-W0018Continuation line under-indented for visual indentFLK-E128Unexpected spaces around keyword / parameter equalsFLK-E251Multiple spaces after keywordFLK-E271Closing bracket does not match visual indentationFLK-E124Expected 1 blank line before a nested definitionFLK-E306Line too longFLK-E501Statement ends with a semicolonFLK-E703Whitespace before opening parenthesisFLK-E211Multiple statements detected on one lineFLK-E702Mixed line endings foundPYL-C0327Bad indentation detectedPYL-W0311Whitespace before closing parenthesisFLK-E202Expected 2 blank lines after end of function or classFLK-E305Do not use variables named 'l', 'O', or 'I'FLK-E741Multiple blank lines detected at end of the fileFLK-W391Unnecessary typecastPTC-W0020Inconsistent return statementsPYL-R1710Chained comparison detectedPYL-R1716Attribute defined outside `__init__`PYL-W0201Use of `FIXME`/`XXX`/`TODO` encounteredPYL-W0511Line break before binary operatorFLK-W503Unnecessary semicolonPYL-W0301`global` statement detectedPYL-W0603One-line docstring should fit on one line with quotesFLK-D200Model does not explicitly define `__unicode__`PYL-W5103Do not use bare `except`, specify exception insteadFLK-E722Missing whitespace around bitwise or shift operatorFLK-E227Audit required: Starting a subprocessBAN-B606Unnecessary parentheses after keywordPYL-C0325Audit: Starting a process with a partial executable pathBAN-B607Audit required: Potential SQL injection on `extra` functionBAN-B610Import of method(s) from `xml.etree` detectedBAN-B405SSL used with bad defaultsBAN-B503SSL used with no version specifiedBAN-B504Missing whitespace after `,`, `;`, or `:`FLK-E231Block comment should start with `# `FLK-E265Imports from same package are not groupedPYL-C0412Invalid type alias detectedTYP-048Missing type hintTYP-068Uninferred `lambda expression` typeTYP-012Missing class docstringPY-D0002Variable assigned to itselfPYL-W0127Subprocess run with ignored non-zero exitPYL-W1510Missing module docstringPY-D0001No blank lines allowed before class docstringFLK-D211Multi-line docstring closing quotes should be on a separate lineFLK-D2091 blank line required after class docstringFLK-D204No whitespaces allowed surrounding docstring textFLK-D210Unnecessary `None` provided as defaultPTC-W0039Missing module/function docstringPY-D0003No blank lines allowed after function docstringFLK-D202Unassigned string statementPYL-W0105First line should not be the function’s “signature”FLK-D402Redundant `default=None` for a model fieldPTC-W0907No blank lines allowed before function docstringFLK-D201Use of `=+` / `=-` looks ambiguousPTC-W0066Field duplicates the name of its containing classPTC-W0052Audit required: Sensitive cookie without `secure` attributePTC-W6003Audit required: Sensitive cookie without `httponly` attributePY-A6004Use of `unique_for` constrant foundPTC-W0908Ambiguous augmented assignmentPTC-W0061Audit required: External control of file name or pathPTC-W6004Audit required: Configuring loggers can be security-sensitivePY-A6006Redundant list comprehension can be replaced using generatorPYL-R1728Consider using f-stringsPYL-C0209Positional arguments are out of orderPYL-W1114Lazy formatting of message string passed to logging modulePYL-W1202Formatted string passed to logging modulePYL-W1203Function with cyclomatic complexity higher than thresholdPY-R1000
Python logoPython/
BAN-B610

Audit required: Potential SQL injection on `extra` functionBAN-B610

Minor severityMinor
Security categorySecurity
cwe, a03, cwe-20, sans-top-25, owasp-top-10

Use of extra in Django querysets should be audited, since unsanitized strings can open up security vulnerabilities. It makes application vulnerable to [SQL injection](SQL injection) attacks.

Sometimes, the Django query syntax by itself can’t easily express a complex WHERE clause. For these edge cases, Django provides the extra() QuerySet modifier — a hook for injecting specific clauses into the SQL generated by a QuerySet.

An SQL injection attack consists of insertion or “injection” of a SQL query via the input data given to an application. It is a very common attack vector.

One should be very careful whenever you use extra(). Use it only if you cannot express your query using other queryset methods.

Bad practice

qs.extra(
...     select={'val': "select col from sometable where othercol = %s"},
...     select_params=(someparam,),
)

Executing above code snippet is equivalent to the following raw SQL with unsatized input:

qs.annotate(val=RawSQL("select col from sometable where othercol = %s", (someparam,)))

References: