Showing 3,918 of 3,918 total issues
subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell Open
Open
subprocess.check_output("git ls-tree --full-tree --name-only -r HEAD", shell=True).decode("utf-8").splitlines()- Exclude checks
Try, Except, Pass detected. Open
Open
except: # noqa- Exclude checks
Try, Except, Pass detected. Open
Open
except Exception:- Exclude checks
subprocess call with shell=True identified, security issue. Open
Open
subprocess.check_call(command, shell=True, executable="/bin/bash")- Exclude checks
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open
Open
assert writer is not None- Exclude checks
Consider possible security implications associated with subprocess module. Open
Open
import subprocess- Exclude checks
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open
Open
assert api_key is not None- Exclude checks
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open
Open
assert self._api_client is not None- Exclude checks
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open
Open
assert (
filter.filter_function or filter.query_string
), f"must define at least a filter function or query string when specifying a segment filter: {filter}"- Exclude checks
The input method in Python 2 will read from standard input, evaluate and run the resulting string as python source code. This is similar, though in many ways worse, then using eval. On Python 2, use raw_input instead, input is safe in Python 3. Open
Open
default_dataset_id = input("[OPTIONAL] Enter a default dataset id to upload to: ").strip()- Exclude checks
Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected. Open
Open
resp = request.urlopen(req, timeout=3)- Exclude checks
Starting a process with a partial executable path Open
Open
subprocess.check_output("git ls-tree --full-tree --name-only -r HEAD", shell=True).decode("utf-8").splitlines()- Exclude checks
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Open
Open
assert not (
number_of_partitions > _MAX_SEGMENT_PARTITIONS
), f"Attempt to process {number_of_partitions} partitions is larger than the max of {_MAX_SEGMENT_PARTITIONS}, use a lower number of partitions"- Exclude checks
The input method in Python 2 will read from standard input, evaluate and run the resulting string as python source code. This is similar, though in many ways worse, then using eval. On Python 2, use raw_input instead, input is safe in Python 3. Open
Open
org_id = input("Enter your org id. You can find it at https://hub.whylabsapp.com/settings/access-tokens: ")- Exclude checks
Try, Except, Pass detected. Open
Open
except: # noqa- Exclude checks
Possible hardcoded password: '/' Open
Open
if token == "/":- Exclude checks
TODO found Open
Open
data = PreprocessedColumn.apply([metadata[name]]) # TODO: _process_scalar_value()?- Exclude checks
TODO found Open
Open
# TODO: make this mergeable?- Exclude checks
TODO found Open
Open
# TODO: I think it's OKAY if udf returns a dictionary- Exclude checks
TODO found Open
Open
# TODO unify the Loggable and TrackData types?- Exclude checks