Python Rules
SAST rules for Python that identify insecure patterns in application code.
Python Rule Catalog
| ID | Title | Severity | Category |
|---|---|---|---|
CODE-0005 | Insecure Deserialization with msgpack-numpy | CRITICAL | Deserialization |
CODE-0179 | SQL Injection via User-Controlled Input | CRITICAL | Injection |
CODE-0180 | SQL Injection via RawSQL | CRITICAL | Injection |
CODE-0216 | Insecure Deserialization with Pickle in Pandas | CRITICAL | Deserialization |
CODE-0225 | Arbitrary Code Execution via NumPy Library Loading | CRITICAL | Injection |
CODE-0247 | Arbitrary Code Execution via Tensorflow's Load Function | CRITICAL | Deserialization |
CODE-0252 | Path Traversal via User-Controlled File Path | CRITICAL | Injection |
CODE-0272 | Avoid importing torch.package | CRITICAL | Deserialization |
CODE-0462 | Insecure Deserialization with Scikit Joblib | CRITICAL | Deserialization |
CODE-0470 | Arbitrary Code Execution via PyTorch Library Loading | CRITICAL | Injection |
CODE-0489 | Arbitrary Code Execution via NumPy f2py Compilation | CRITICAL | Injection |
CODE-0496 | Arbitrary Code Execution via Pickle Deserialization in PyTorch Distributed | CRITICAL | Deserialization |
CODE-0498 | Insecure Deserialization in NumPy | CRITICAL | Deserialization |
CODE-0515 | Arbitrary Code Execution via TensorFlow Library Loading | CRITICAL | Injection |
CODE-0756 | Arbitrary Code Execution via Custom Operator Libraries | CRITICAL | Injection |
CODE-0800 | Insecure Deserialization in PyTorch | CRITICAL | Deserialization |
CODE-0805 | Arbitrary Code Execution in Keras' load_model Function | CRITICAL | Deserialization |
CODE-0135 | Deserialization of untrusted data using cPickle | HIGH | Deserialization |
CODE-0136 | Deserialization of untrusted data using dill | HIGH | Deserialization |
CODE-0137 | Deserialization of untrusted data | HIGH | Deserialization |
CODE-0138 | Deserialization of untrusted data using pickle | HIGH | Deserialization |
CODE-0139 | Deserialization of untrusted data using shelve | HIGH | Deserialization |
CODE-0140 | Insecure Deserialization in YAML | HIGH | Deserialization |
CODE-0141 | SQL Injection via Improper Neutralization of Special Elements | HIGH | Injection |
CODE-0144 | Eval Injection | HIGH | Injection |
CODE-0145 | OS Command Injection via exec Function | HIGH | Injection |
CODE-0146 | Improper Neutralization of Wildcards or Matching Symbols | HIGH | Injection |
CODE-0147 | OS Command Injection | HIGH | Injection |
CODE-0148 | OS Command Injection | HIGH | Injection |
CODE-0149 | OS Command Injection | HIGH | Injection |
CODE-0150 | OS Command Injection | HIGH | Injection |
CODE-0151 | OS Command Injection | HIGH | Injection |
CODE-0152 | OS Command Injection | HIGH | Injection |
CODE-0157 | Improper control of generation of code ('Code Injection') | HIGH | Injection |
CODE-0162 | SQL Injection | HIGH | Injection |
CODE-0266 | OS Command Execution with Partial Paths | HIGH | Injection |
CODE-0267 | Subprocess with Non-Absolute Paths | HIGH | Injection |
CODE-0268 | Subprocess call with untrusted argument | HIGH | Injection |
CODE-0282 | Potential Code Injection via Pandas eval() or query() | HIGH | Injection |
CODE-0516 | Path Traversal in Tarfile Extraction | HIGH | Injection |
CODE-0757 | XXE Attack via lxml in Pandas | HIGH | Injection |
CODE-0809 | SQL Injection from User-Controlled Query String | HIGH | Injection |
CODE-0114 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0115 | Use of Broken or Risky Cryptographic Algorithm | MEDIUM | Crypto |
CODE-0116 | Use of broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0117 | Use of broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0118 | Use of broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0119 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0120 | Inadequate encryption strength | MEDIUM | Crypto |
CODE-0121 | Inadequate encryption strength | MEDIUM | Crypto |
CODE-0122 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0123 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0124 | Use of broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0125 | Use of Broken or Risky Cryptographic Algorithm | MEDIUM | Crypto |
CODE-0126 | Use of a Broken or Risky Cryptographic Algorithm | MEDIUM | Crypto |
CODE-0127 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0128 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0129 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0130 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0131 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0132 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0133 | Use of a broken or risky cryptographic algorithm | MEDIUM | Crypto |
CODE-0134 | Use of deprecated pycrypto package | MEDIUM | Crypto |
CODE-0142 | Jinja2 Template Engine Without Autoescaping Enabled | MEDIUM | Injection |
CODE-0143 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | MEDIUM | Web |
CODE-0153 | Incorrect permission assignment for critical resource | MEDIUM | AccessControl |
CODE-0154 | Path Traversal Vulnerability in Tar File Extraction | MEDIUM | Injection |
CODE-0155 | Flask Application Running with Debug Mode Enabled | MEDIUM | InsecureConfig |
CODE-0156 | Insecure XML Parsing with lxml | MEDIUM | Injection |
CODE-0159 | Insecure Request Timeout | MEDIUM | InsecureConfig |
CODE-0160 | Insecure SNMP version used | MEDIUM | InsecureConfig |
CODE-0161 | SNMPv3 without authentication or encryption | MEDIUM | Crypto |
CODE-0163 | Key exchange without entity authentication | MEDIUM | Auth |
CODE-0164 | Improper Certificate Validation | MEDIUM | Web |
CODE-0165 | Inadequate encryption strength | MEDIUM | Crypto |
CODE-0166 | Inadequate Encryption Strength | MEDIUM | Crypto |
CODE-0167 | Unverified SSL Context | MEDIUM | Crypto |
CODE-0168 | Cleartext transmission of sensitive information | MEDIUM | InsecureConfig |
CODE-0169 | Insecure temporary file | MEDIUM | InsecureConfig |
CODE-0170 | Insecure Temporary File Creation | MEDIUM | InsecureConfig |
CODE-0171 | Improper Authorization in Handler for Custom URL Scheme | MEDIUM | Injection |
CODE-0172 | Improper Restriction of XML External Entity Reference | MEDIUM | Injection |
CODE-0173 | Improper Restriction of XML External Entity Reference | MEDIUM | Injection |
CODE-0174 | Improper Restriction of XML External Entity Reference | MEDIUM | Injection |
CODE-0175 | Improper Restriction of XML External Entity Reference | MEDIUM | Injection |
CODE-0176 | Improper Restriction of XML External Entity Reference | MEDIUM | Injection |
CODE-0177 | Improper Restriction of XML External Entity Reference | MEDIUM | Injection |
CODE-0178 | Improper Restriction of XML External Entity Reference | MEDIUM | Injection |
CODE-0249 | Insecure Random Number Generation in PyTorch Dataset | MEDIUM | InsecureConfig |
CODE-0253 | Unvalidated Redirect | MEDIUM | Web |
CODE-0260 | PyTorch Distributed Request Without Waiting | MEDIUM | Generic |
CODE-0509 | Cleartext communication over HTTP | MEDIUM | InsecureConfig |
CODE-0510 | JWT using insecure 'none' algorithm | MEDIUM | Crypto |
CODE-0758 | Avoid using NumPy inside PyTorch modules | MEDIUM | Performance |
CODE-0810 | CSRF origin check disabled in Pyramid config | MEDIUM | Web |
CODE-0814 | Cross-Site Scripting (XSS) via Improper Neutralization of Input | MEDIUM | Web |
CODE-0103 | Inefficient Tensor Creation | LOW | Performance |
CODE-0112 | Improper use of assert statement | LOW | ErrorHandling |
CODE-0113 | Binding to an unrestricted IP address | LOW | InsecureConfig |
CODE-0158 | Use of cryptographically weak pseudo-random number generator (PRNG) | LOW | Crypto |
CODE-0219 | Use of deprecated numpy.distutils | LOW | InsecureConfig |
CODE-0640 | PyTorch Memory Not Automatically Pinned | LOW | InsecureConfig |
Total Rules: 102
Click on any rule ID to view detailed information, examples, and remediation guidance.