Showing 232 of 232 total issues
Do not use bare 'except' Open
Open
except:
- Read upRead up
- Exclude checks
When catching exceptions, mention specific exceptions when possible.
Okay: except Exception:
Okay: except BaseException:
E722: except:
Continuation line over-indented for visual indent Open
Open
"where sr.run_id = {} and sr.has_securitytxt is true".format(run_id)
- Read upRead up
- Exclude checks
Continuation lines indentation.
Continuation lines should align wrapped elements either vertically
using Python's implicit line joining inside parentheses, brackets
and braces, or using a hanging indent.
When using a hanging indent these considerations should be applied:
- there should be no arguments on the first line, and
- further indentation should be used to clearly distinguish itself
as a continuation line.
Okay: a = (\n)
E123: a = (\n )
Okay: a = (\n 42)
E121: a = (\n 42)
E122: a = (\n42)
E123: a = (\n 42\n )
E124: a = (24,\n 42\n)
E125: if (\n b):\n pass
E126: a = (\n 42)
E127: a = (24,\n 42)
E128: a = (24,\n 42)
E129: if (a or\n b):\n pass
E131: a = (\n 42\n 24)
Indentation is not a multiple of 4 Open
Open
if num == 100:
- Read upRead up
- Exclude checks
Use indent_size (PEP8 says 4) spaces per indentation level.
For really old code that you don't want to mess up, you can continue
to use 8-space tabs.
Okay: a = 1
Okay: if a == 0:\n a = 1
E111: a = 1
E114: # a = 1
Okay: for item in items:\n pass
E112: for item in items:\npass
E115: for item in items:\n# Hi\n pass
Okay: a = 1\nb = 2
E113: a = 1\n b = 2
E116: a = 1\n # b = 2
Line too long (126 > 120 characters) Open
Open
sub_dmarc_policy_db = db_session.query(models.DmarcPolicy).filter_by(policy_string=processed['dmarc_sub_policy']).scalar()
- Read upRead up
- Exclude checks
Limit all lines to a maximum of 79 characters.
There are still many devices around that are limited to 80 character
lines; plus, limiting windows to 80 characters makes it possible to
have several windows side-by-side. The default wrapping on such
devices looks ugly. Therefore, please limit all lines to a maximum
of 79 characters. For flowing long blocks of text (docstrings or
comments), limiting the length to 72 characters is recommended.
Reports error E501.
Unexpected spaces around keyword / parameter equals Open
Open
site = models.Site(domain=str(domain), current_rank = domains_ranked[domain])
- Read upRead up
- Exclude checks
Don't use spaces around the '=' sign in function arguments.
Don't use spaces around the '=' sign when used to indicate a
keyword argument or a default parameter value, except when
using a type annotation.
Okay: def complex(real, imag=0.0):
Okay: return magic(r=real, i=imag)
Okay: boolean(a == b)
Okay: boolean(a != b)
Okay: boolean(a <= b)
Okay: boolean(a >= b)
Okay: def foo(arg: int = 42):
Okay: async def foo(arg: int = 42):
E251: def complex(real, imag = 0.0):
E251: return magic(r = real, i = imag)
E252: def complex(real, image: float=0.0):
Too many blank lines (5) Open
Open
if __name__ == '__main__':
- Read upRead up
- Exclude checks
Separate top-level function and class definitions with two blank lines.
Method definitions inside a class are separated by a single blank
line.
Extra blank lines may be used (sparingly) to separate groups of
related functions. Blank lines may be omitted between a bunch of
related one-liners (e.g. a set of dummy implementations).
Use blank lines in functions, sparingly, to indicate logical
sections.
Okay: def a():\n pass\n\n\ndef b():\n pass
Okay: def a():\n pass\n\n\nasync def b():\n pass
Okay: def a():\n pass\n\n\n# Foo\n# Bar\n\ndef b():\n pass
Okay: default = 1\nfoo = 1
Okay: classify = 1\nfoo = 1
E301: class Foo:\n b = 0\n def bar():\n pass
E302: def a():\n pass\n\ndef b(n):\n pass
E302: def a():\n pass\n\nasync def b(n):\n pass
E303: def a():\n pass\n\n\n\ndef b(n):\n pass
E303: def a():\n\n\n\n pass
E304: @decorator\n\ndef a():\n pass
E305: def a():\n pass\na()
E306: def a():\n def b():\n pass\n def c():\n pass
Starting a process with a shell, possible injection detected, security issue. Open
Open
os.system('scp {filename} dnstatsio@www.dnstats.io:/home/dnstatsio/public_html/{folder_name}/index.html'.format(filename=html_filename, folder_name=folder_name))
- Exclude checks
By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities. Open
Open
env = Environment(loader=file_loader)
- Exclude checks
Possible SQL injection vector through string-based query construction. Open
Open
dmarc_adoption_query = "select count(*) from site_runs where run_id = {} and has_dmarc is true".format(run_id)
- Exclude checks
Possible SQL injection vector through string-based query construction. Open
Open
spf_grade_distribution = "select spf_grade, count(*) from site_runs where run_id={} group by spf_grade order by spf_grade".format(
- Exclude checks
Try, Except, Pass detected. Open
Open
except:
- Exclude checks
Possible SQL injection vector through string-based query construction. Open
Open
caa_has_wilcard = "select count(*) from site_runs where run_id = {} and caa_wildcard_count > 0".format(run_id)
- Exclude checks
Starting a process with a shell, possible injection detected, security issue. Open
Open
os.system("ssh dnstatsio@www.dnstats.io 'ln -s /home/dnstatsio/public_html/{folder_name}/index.html /home/dnstatsio/public_html/index.html'".format(folder_name=folder_name, filename=html_filename))
- Exclude checks
Possible SQL injection vector through string-based query construction. Open
Open
securitytxt_adoption_query = "select count(*) from site_runs sr " \
- Exclude checks
Try, Except, Pass detected. Open
Open
except:
- Exclude checks
Starting a process with a shell, possible injection detected, security issue. Open
Open
os.system("ssh dnstatsio@www.dnstats.io 'mkdir /home/dnstatsio/public_html/{}'".format(folder_name))
- Exclude checks
Possible SQL injection vector through string-based query construction. Open
Open
""".format(run_id=run_id, query=report['query'])
- Exclude checks
Possible SQL injection vector through string-based query construction. Open
Open
dmarc_subpolicy_query = "select count(*), dp.display_name, dp.color from site_runs sr " \
- Exclude checks
Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell Open
Open
os.system("ssh dnstatsio@www.dnstats.io 'rm /home/dnstatsio/public_html/index.html'")
- Exclude checks
By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities. Open
Open
env = Environment(loader=file_loader)
- Exclude checks