Showing 1,562 of 1,569 total issues
Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Open
Open
import xml.dom.minidom
- Exclude checks
Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected. Open
Open
conn = urllib.request.urlopen(url)
- Exclude checks
Consider possible security implications associated with subprocess module. Open
Open
import subprocess
- Exclude checks
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
dom = xml.dom.minidom.parseString(xml_string)
- Exclude checks
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
self.doc = xml.dom.minidom.parseString(self.text)
- Exclude checks
Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected. Open
Open
conn = urllib.urlopen(url)
- Exclude checks
Library mysqlclient
is licensed under a non-compliant license: GNU General Public License 3.0
Open
Open
mysqlclient==2.1.1 # (Latest package) Documentation says it should work with py3.6 and py3.9. Above verison has dropped support for py3.6.
- Exclude checks
Possible SQL injection vector through string-based query construction. Open
Open
select_query = ('SELECT Site, SubmitHost, sum(NumberOfJobs) '
'AS NumberOfJobs, Month, Year FROM VSuperSummaries %s '
'GROUP BY Site, SubmitHost, Month, Year ORDER BY NULL'
% where)
- Exclude checks
subprocess call - check for execution of untrusted input. Open
Open
p = subprocess.Popen(["qhost", "-F", "-xml"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- Exclude checks
TODO found Open
Open
-- TODO Check relevance of this view and possibly move to server-extra.sql
- Exclude checks
Possible SQL injection vector through string-based query construction. Open
Open
select_query = 'SELECT * FROM %s' % (table_name)
- Exclude checks
Using Document to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Document with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Open
Open
from xml.dom.minidom import Document
- Exclude checks
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open
Open
assert len(tup) == len(self._db_fields), 'Different length of tuple and fields list'
- Exclude checks
Using Document to parse untrusted XML data is known to be vulnerable to XML attacks. Replace Document with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Open
Open
from xml.dom.minidom import Document
- Exclude checks
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
xml_str = xml.dom.minidom.parseString(out)
- Exclude checks
Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected. Open
Open
conn = urllib.urlopen(url, proxies=proxy)
- Exclude checks
Possible SQL injection vector through string-based query construction. Open
Open
c.execute('DELETE FROM JobRecords where date(EndTime) < "%s"' % cutoff)
- Exclude checks
Using xml.dom.minidom to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Open
Open
import xml.dom.minidom
- Exclude checks
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open
Open
assert data['WallDuration'] >= 0, 'Negative WallDuration value'
- Exclude checks
Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called Open
Open
d = xml.dom.minidom.parseString(msg_text)
- Exclude checks