djbrown/hbscorez

Using html to parse untrusted XML data is known to be vulnerable to XML attacks. Replace html with the equivalent defusedxml package.
Open

from lxml import html

Found in src/base/parsing.py by bandit

Exclude checks
- Disable engine
- Disable check

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

    assert sports_hall is not None

Found in src/base/logic.py by bandit

Exclude checks
- Disable engine
- Disable check

By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
Open

    env = Environment(trim_blocks=True, lstrip_blocks=True, **options)

Found in src/hbscorez/jinja2_env.py by bandit

Exclude checks
- Disable engine
- Disable check

Using _Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace _Element with the equivalent defusedxml package.
Open

from lxml.etree import _Element

Found in src/base/parsing.py by bandit

Exclude checks
- Disable engine
- Disable check

Refactor this function to reduce its Cognitive Complexity from 16 to the 15 allowed.
Open

def scrape_league(league_link, district, season, options):  # pylint: disable=too-many-branches

Found in src/leagues/management/commands/import_leagues.py by sonar-python

Read up
Read up
Exclude checks
- Disable engine
- Disable check