Sign upLogin

Terralego/django-geostore

View on GitHub
Star

Showing 64 of 65 total issues

Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
Open

from xml.etree import ElementTree as ET
Severity: Info
Found in geostore/management/commands/import_osm.py by bandit

subprocess call - check for execution of untrusted input.
Open

            proc = subprocess.run(
                args=[
                    'ogr2ogr',
                    '-f', 'GeoJSON', '/vsistdout/',
                    tmp_osm.name,
Severity: Info
Found in geostore/management/commands/import_osm.py by bandit

Method "from_csv_dictreader" has 8 parameters, which is greater than the 7 authorized.
Open

    def from_csv_dictreader(self, reader, pk_properties, options, operations,
                            init=False, chunk_size=1000, fast=False):
Severity: Major
Found in geostore/import_export/imports.py by sonar-python

A long parameter list can indicate that a new structure should be created to wrap the numerous parameters or that the function is doing too many things.

Noncompliant Code Example

With a maximum number of 4 parameters:

def do_something(param1, param2, param3, param4, param5):
    ...

Compliant Solution

def do_something(param1, param2, param3, param4):
    ...

Merge this if statement with the enclosing one.
Open

        if layer_geom_type_id != feature_geom_type_id:
Severity: Major
Found in geostore/validators.py by sonar-python

Merging collapsible if statements increases the code's readability.

Noncompliant Code Example

if condition1:
    if condition2:
        # ...

Compliant Solution

if condition1 and condition2:
    # ...
Severity
Category
Status
Source
Language