Showing 64 of 65 total issues
Using ElementTree to parse untrusted XML data is known to be vulnerable to XML attacks. Replace ElementTree with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Open
Open
from xml.etree import ElementTree as ET
- Exclude checks
subprocess call - check for execution of untrusted input. Open
Open
proc = subprocess.run(
args=[
'ogr2ogr',
'-f', 'GeoJSON', '/vsistdout/',
tmp_osm.name,
- Exclude checks
Method "from_csv_dictreader" has 8 parameters, which is greater than the 7 authorized. Open
Open
def from_csv_dictreader(self, reader, pk_properties, options, operations,
init=False, chunk_size=1000, fast=False):
- Read upRead up
- Exclude checks
A long parameter list can indicate that a new structure should be created to wrap the numerous parameters or that the function is doing too many things.
Noncompliant Code Example
With a maximum number of 4 parameters:
def do_something(param1, param2, param3, param4, param5): ...
Compliant Solution
def do_something(param1, param2, param3, param4): ...
Merge this if statement with the enclosing one. Open
Open
if layer_geom_type_id != feature_geom_type_id:
- Read upRead up
- Exclude checks
Merging collapsible if
statements increases the code's readability.
Noncompliant Code Example
if condition1: if condition2: # ...
Compliant Solution
if condition1 and condition2: # ...