CodeQL query help for Python¶
Visit the articles below to see the documentation for the queries included in the following query suites:
code-scanning: queries run by default in CodeQL code scanning on GitHub.security-extended: queries fromcode-scanning, plus extra security queries with slightly lower precision and severity.security-and-quality: queries fromcode-scanning,security-extended, plus extra maintainability and reliability queries.
For shorter queries that you can use as building blocks when writing your own queries, see the example queries in the CodeQL repository.
- ‘apply’ function used
- ‘break’ or ‘return’ statement in finally
- ‘import *’ may pollute namespace
- ‘input’ function used in Python 2
- ‘super’ in old style class
- Accepting unknown SSH host keys when using Paramiko
- An assert statement has a side-effect
- Arbitrary file write during tarfile extraction
- Asserting a tuple
- Backspace escape in regular expression
- Bad HTML filtering regexp
- Binding a socket to all network interfaces
- CSRF protection weakened or disabled
- Clear-text logging of sensitive information
- Clear-text storage of sensitive information
- Code injection
- Commented-out code
- Comparison of constants
- Comparison of identical values
- Comparison using is when operands support
__eq__ - Conflicting attributes in base classes
- Confusing octal literal
- Constant in conditional expression or statement
- Cyclic import
- Default version of SSL/TLS may be insecure
- Deprecated slice method
- Deserializing untrusted input
- Duplicate key in dict literal
- Duplication in regular expression character class
- Empty except
- Encoding error
- Except block handles ‘BaseException’
- Explicit export is not defined
- Explicit returns mixed with implicit (fall through) returns
- File is not always closed
- First argument to super() is not enclosing class
- First parameter of a class method is not named ‘cls’
- First parameter of a method is not named ‘self’
- Flask app is run in debug mode
- Formatted object is not a mapping
- Formatting string mixes implicitly and explicitly numbered fields
- Full server-side request forgery
- Hard-coded credentials
- Illegal raise
- Implicit string concatenation in a list
- Import of deprecated module
- Importing value of mutable attribute
- Imprecise assert
- Incomplete URL substring sanitization
- Incomplete ordering
- Incomplete regular expression for hostnames
- Inconsistent equality and hashing
- Inconsistent equality and inequality
- Inconsistent method resolution order
- Inefficient regular expression
- Information exposure through an exception
- Insecure temporary file
- Iterable can be either a string or a sequence
- Iterator does not return self from
__iter__method - Jinja2 templating with autoescape=False
- LDAP query built from user-controlled sources
- Lines of code in files
- Lines of commented-out code in files
- Lines of comments in files
- List comprehension variable used in enclosing scope
- Log Injection
- Loop variable capture
- Maybe missing ‘self’ in comparison
- Membership test with a non-container
- Mismatch between signature and use of an overridden method
- Mismatch between signature and use of an overriding method
- Mismatch in multiple assignment
- Missing call to
__del__during object destruction - Missing call to
__init__during object initialization - Missing named arguments in formatting call
- Missing part of special group in regular expression
- Modification of dictionary returned by locals()
- Modification of parameter with default
- Module imports itself
- Module is imported more than once
- Module is imported with ‘import’ and ‘import from’
- Module-level cyclic import
- Multiple calls to
__del__during object destruction - Multiple calls to
__init__during object initialization - Mutation of descriptor in
__get__or__set__method. - Nested loops with same variable
- Nested loops with same variable reused after inner loop body
- Non-callable called
- Non-exception in ‘except’ clause
- Non-iterable used in for loop
- Non-standard exception raised in special method
- NotImplemented is not an Exception
- Number of tests
- Overly complex
__del__method - Overly permissive file permissions
- Overwriting attribute in super-class or sub-class
- PAM authorization bypass due to incorrect usage
- Partial server-side request forgery
- Polynomial regular expression used on uncontrolled data
- Potentially uninitialized local variable
- Property in old-style class
- Pythagorean calculation with sub-optimal numerics
- Raising a tuple
- Redundant assignment
- Redundant comparison
- Reflected server-side cross-site scripting
- Regular expression injection
- Request without certificate validation
- Result of integer division may be truncated
- Returning tuples with varying lengths
- SQL query built from user-controlled sources
- Should use a ‘with’ statement
- Signature mismatch in overriding method
- Special method has incorrect signature
- Statement has no effect
- Superclass attribute shadows subclass method
- Suspicious unused loop iteration variable
- Syntax error
- Testing equality to None
- Too few arguments in formatting call
- URL redirection from remote source
- Uncontrolled command line
- Uncontrolled data used in path expression
- Unguarded next in generator
- Unhashable object hashed
- Unmatchable caret in regular expression
- Unmatchable dollar in regular expression
- Unnecessary ‘else’ clause in loop
- Unnecessary delete statement in function
- Unnecessary lambda
- Unnecessary pass
- Unreachable ‘except’ block
- Unreachable code
- Unsupported format character
- Unused argument in a formatting call
- Unused exception object
- Unused global variable
- Unused import
- Unused local variable
- Unused named argument in formatting call
- Use of ‘global’ at module level
- Use of ‘return’ or ‘yield’ outside a function
- Use of a broken or weak cryptographic algorithm
- Use of a broken or weak cryptographic hashing algorithm on sensitive data
- Use of a print statement at module level
- Use of an undefined placeholder variable
- Use of exit() or quit()
- Use of insecure SSL/TLS version
- Use of the return value of a procedure
- Use of weak cryptographic key
- Variable defined multiple times
- Wrong name for an argument in a call
- Wrong name for an argument in a class instantiation
- Wrong number of arguments for format
- Wrong number of arguments in a call
- Wrong number of arguments in a class instantiation
- XML external entity expansion
- XML internal entity expansion
- XPath query built from user-controlled sources
__del__is called explicitly__eq__not overridden when adding attributes__init__method calls overridden method__init__method is a generator__init__method returns a value__iter__method returns a non-iterator__slots__in old-style class