PY001 |
assert |
Improper Check Using assert Function |
PY002 |
crypt — weak hash |
Reversible One Way Hash in crypt Module |
PY003 |
ftplib — cleartext |
Cleartext Transmission of Sensitive Information in the ftplib Module |
PY004 |
hashlib — weak hash |
Reversible One Way Hash in hashlib Module |
PY005 |
hmac — timing attack |
Observable Timing Discrepancy in hmac Module |
PY006 |
hmac — weak hash |
Reversible One Way Hash in hmac Module |
PY007 |
http — secret in url |
Use of HTTP Request Method With Sensitive Query Strings |
PY008 |
imaplib — cleartext |
Cleartext Transmission of Sensitive Information in the imaplib Module |
PY009 |
json — load |
Deserialization of Untrusted Data in the json Module |
PY010 |
logging — insecure listen config |
Code Injection in Logging Config |
PY011 |
marshal — load |
Deserialization of Untrusted Data in the marshal Module |
PY012 |
nntplib — cleartext |
Cleartext Transmission of Sensitive Information in the nntplib Module |
PY013 |
pickle — load |
Deserialization of Untrusted Data in pickle Module |
PY014 |
poplib — cleartext |
Cleartext Transmission of Sensitive Information in the poplib Module |
PY015 |
shelve — open |
Deserialization of Untrusted Data in the shelve Module |
PY016 |
smtplib — cleartext |
Cleartext Transmission of Sensitive Information in the smtplib Module |
PY017 |
ssl — unverified context |
Inadequate Encryption Strength Using Weak Keys in SSLContext |
PY018 |
ssl — insecure tls version |
Improper Certificate Validation Using ssl._create_unverified_context |
PY019 |
ssl — weak key |
Inadequate Encryption Strength Using Weak SSL Protocols |
PY020 |
telnetlib — cleartext |
Cleartext Transmission of Sensitive Information in the telnetlib Module |
PY021 |
tempfile — mktemp race condition |
Insecure Temporary File in the tempfile Module |
PY022 |
ftplib — unverified context |
Improper Certificate Validation Using ftplib |
PY023 |
imaplib — unverified context |
Improper Certificate Validation Using imaplib |
PY024 |
nntplib — unverified context |
Improper Certificate Validation Using nntplib |
PY025 |
poplib — unverified context |
Improper Certificate Validation Using poplib |
PY026 |
smtplib — unverified context |
Improper Certificate Validation Using smtplib |
PY027 |
argparse — sensitive info |
Invocation of Process Using Visible Sensitive Information in argparse |
PY028 |
secrets — weak token |
Insufficient Token Length |
PY029 |
socket — unrestricted bind |
Binding to an Unrestricted IP Address in socket Module |
PY030 |
socketserver — unrestricted bind |
Binding to an Unrestricted IP Address in socketserver Module |
PY031 |
http — unrestricted bind |
Binding to an Unrestricted IP Address in http.server Module |
PY032 |
xmlrpc — unrestricted bind |
Binding to an Unrestricted IP Address in xmlrpc.server Module |
PY033 |
re — denial of service |
Inefficient Regular Expression Complexity in re Module |
PY034 |
hmac — weak key |
Insufficient hmac Key Size |
PY035 |
hashlib — improper prng |
Improper Randomness for Cryptographic hashlib Functions |