Python rules
Each rule includes the following information.
Rule Name: The Snyk name of the rule.
CWE(s): The CWE numbers that are covered by this rule.
Security Categories: The OWASP Top 10 (2021 edition) category to which the rule belongs to, if any, and if it is included in SANS 25.
Autofixable: Security rules that are autofixable by DeepCode AI Fix. This information is included only for the supported programming languages.
Authentication over HTTP
CWE-319
OWASP:A02
Yes
Binding to all network interfaces may open service to unintended traffic
CWE-284
OWASP:A01
Yes
Broken User Authentication
CWE-287
Sans Top 25, OWASP:A07
No
Code Injection
CWE-94
Sans Top 25, OWASP:A03
Yes
Command Injection
CWE-78
Sans Top 25, OWASP:A03
Yes
Deserialization of Untrusted Data
CWE-502
Sans Top 25, OWASP:A08
Yes
Cross-Site Request Forgery (CSRF)
CWE-352
Sans Top 25, OWASP:A01
Yes
Password Requirements Not Enforced in Django Application
CWE-521
OWASP:A07
No
Use of Hardcoded Cryptographic Initialization Value
CWE-329
OWASP:A02
No
Use of Hardcoded Cryptographic Key
CWE-321
OWASP:A02
No
Hardcoded Secret
CWE-547
OWASP:A05
Yes
Use of a Broken or Risky Cryptographic Algorithm
CWE-327
OWASP:A02
No
Insecure default value
CWE-453
None
No
Insecure File Permissions
CWE-732
None
Yes
Use of Password Hash With Insufficient Computational Effort
CWE-916
OWASP:A02
Yes
Insecure Temporary File
CWE-377
OWASP:A01
Yes
Insecure Xml Parser
CWE-611
OWASP:A05
No
Jinja auto-escape is set to false.
CWE-79
Sans Top 25, OWASP:A03
Yes
LDAP Injection
CWE-90
OWASP:A03
No
Improper Handling of Insufficient Permissions or Privileges
CWE-280
OWASP:A04
No
Use of Hardcoded Credentials
CWE-798
Sans Top 25, OWASP:A07
No
Use of Hardcoded Passwords
CWE-798, CWE-259
Sans Top 25, OWASP:A07
No
NoSQL Injection
CWE-943
None
No
Open Redirect
CWE-601
OWASP:A01
No
Path Traversal
CWE-23
OWASP:A01
Yes
Debug Mode Enabled
CWE-489
None
Yes
Improper Certificate Validation
CWE-295
OWASP:A07
No
Server Information Exposure
CWE-209
OWASP:A04
No
SQL Injection
CWE-89
Sans Top 25, OWASP:A03
Yes
Server-Side Request Forgery (SSRF)
CWE-918
Sans Top 25, OWASP:A10
No
Improper Neutralization of Directives in Statically Saved Code
CWE-96
OWASP:A03
No
Inadequate Encryption Strength
CWE-326
OWASP:A02
Yes
Arbitrary File Write via Archive Extraction (Tar Slip)
CWE-22
Sans Top 25, OWASP:A01
No
Origin Validation Error
CWE-942, CWE-346
OWASP:A05, OWASP:A07
No
Cryptographic Issues
CWE-310
OWASP:A02
No
Python 2 source code
CWE-1104
OWASP:A06
No
Selection of Less-Secure Algorithm During Negotiation (SSL instead of TLS)
CWE-757
OWASP:A02
No
Sensitive Cookie Without 'HttpOnly' Flag
CWE-1004
OWASP:A05
Yes
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-614
OWASP:A05
Yes
Cross-site Scripting (XSS)
CWE-79
Sans Top 25, OWASP:A03
Yes
XPath Injection
CWE-643
OWASP:A03
No
Regular Expression Denial of Service (ReDoS)
CWE-400
None
No
Last updated