djbrown/hbscorez

View on GitHub

Showing 105 of 113 total issues

Using html to parse untrusted XML data is known to be vulnerable to XML attacks. Replace html with the equivalent defusedxml package.
Open

from lxml import html
Severity: Info
Found in src/base/parsing.py by bandit

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Open

assert sports_hall is not None
 
 
Severity: Info
Found in src/base/logic.py by bandit

By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
Open

env = Environment(trim_blocks=True, lstrip_blocks=True, **options)
Severity: Major
Found in src/hbscorez/jinja2_env.py by bandit

Using _Element to parse untrusted XML data is known to be vulnerable to XML attacks. Replace _Element with the equivalent defusedxml package.
Open

from lxml.etree import _Element
 
 
 
Severity: Info
Found in src/base/parsing.py by bandit

Refactor this function to reduce its Cognitive Complexity from 16 to the 15 allowed.
Open

def scrape_league(league_link, district, season, options): # pylint: disable=too-many-branches
Severity
Category
Status
Source
Language