CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • GitHub Enterprise
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
      • Airflow
      • Attr
      • Aws-lambda
      • Bokeh
      • Boto3
      • Cassandra
      • Click
      • Correctness
      • Couchbase
      • Cryptography
      • Distributed
      • Django
      • Docker
      • Elasticsearch
      • Fastapi
      • Flask
        • Ai
        • Best practice
        • Caching
        • Code
        • Correctness
        • Db
        • Debug
        • Deserialization
        • File
        • Flask-hardcoded-database-password-uri
        • Log
        • Maintainability
        • Net
        • Os
        • Regex
        • Security
        • Security
          • Audit
          • Audit
          • Injection
          • Xss
        • Web
        • Xml
      • Jinja2
      • Jwt
      • Lang
      • Ldap3
      • Mariadb
      • Mysql
      • Mysqlclient
      • Neo4j
      • Openai
      • Peewee
      • Pg8000
      • Psycopg2
      • Pycryptodome
      • Pyjwt
      • Pymongo
      • Pymssql
      • Pymysql
      • Pyramid
      • Redis
      • Requests
      • Sh
      • Sqlalchemy
      • Tormysql
      • Urllib3
      • Webrepl
      • Wtforms
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Injection

nan-injection

Found user input going directly into typecast for bool(), float(), or complex(). This allows an attacker to inject Python’s not-a-number (NaN) into the typecast. This results in undefind behavior, particularly when doing comparisons. Either cast to a different type, or add a guard checking for all capitalizations of the string ‘nan’.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-704: Incorrect Type Conversion or Cast

exec-injection

Detected user data flowing into exec. This is code injection and should be avoided.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection

tainted-url-host

User data flows into the host portion of this manually-constructed URL. This could allow an attacker to send data to their own server, potentially exposing sensitive data such as cookies or authorization information sent with this request. They could also probe internal servers or other resources that the server runnig this code can access. (This is called server-side request forgery, or SSRF.) Do not allow arbitrary hosts. Instead, create an allowlist for approved hosts hardcode the correct host.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)

subprocess-injection

Detected user input entering a subprocess call unsafely. This could result in a command injection vulnerability. An attacker could use this vulnerability to execute arbitrary commands on the host, which allows them to download malware, scan sensitive data, or run any command they wish on the server. Do not let users choose the command to run. In general, prefer to use Python API versions of system commands. If you must use subprocess, use a dictionary to allowlist a set of commands.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

tainted-sql-string

Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction could accidentally result in a SQL injection. An attacker could use a SQL injection to steal or modify contents of the database. Instead, use a parameterized query which is available by default in most database engines. Alternatively, consider using an object-relational mapper (ORM) such as SQLAlchemy which will protect your queries.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-704: Incorrect Type Conversion or Cast
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

ssrf-requests

Data from request object is passed to a new server-side request. This could lead to a server-side request forgery (SSRF). To mitigate, ensure that schemes and hosts are validated against an allowlist, do not forward the response to the user, and ensure proper authentication and transport-layer security in the proxied request.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)

eval-injection

Detected user data flowing into eval. This is code injection and should be avoided.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection

csv-writer-injection

Detected user input into a generated CSV file using the built-in csv module. If user data is used to generate the data in this file, it is possible that an attacker could inject a formula when the CSV is imported into a spreadsheet application that runs an attacker script, which could steal data from the importing user or, at worst, install malware on the user’s computer. defusedcsv is a drop-in replacement with the same API that will attempt to mitigate formula injection attempts. You can use defusedcsv instead of csv to safely generate CSVs.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-1236: Improper Neutralization of Formula Elements in a CSV File
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

path-traversal-open

Found request data in a call to ‘open’. Ensure the request data is validated or sanitized, otherwise it could result in path traversal attacks.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

os-system-injection

User data detected in os.system. This could be vulnerable to a command injection and should be avoided. If this must be done, use the ‘subprocess’ module instead and pass the arguments as a list.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection

raw-html-format

Detected user input flowing into a manually constructed HTML string. You may be accidentally bypassing secure methods of rendering HTML by manually constructing HTML and this could create a cross-site scripting vulnerability, which could let attackers steal sensitive user data. To be sure this is safe, check that the HTML is rendered safely. Otherwise, use templates (flask.render_template) which will safely render HTML instead.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
XssAudit
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.