Codeaudit report

Directory scan report

Below the result of the Codeaudit scan of the directory: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/

Total Python files found: 26

Result for file marshal.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/marshal.py

Number of potential security issues found: 2

Click to see the details for found security issues.
line validation severity info code
30 marshal.loads High The marshal module is not intended to be secure against erroneous or maliciously constructed data. 
     
    nastyobjects = marshal.loads('/tmp/plantedmalware.obj', allow_code=True)
    print(nastyobjects)
36 marshal.load High The marshal module is not intended to be secure against erroneous or maliciously constructed data. 
            # The allow_code parameter is passed directly to marshal.load()
            loaded_object = marshal.load(f, allow_code=allow_code)
        return loaded_object

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/marshal.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
marshal.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/marshal.py 47 19 3 1 0 21 7 0

Result for file chmod_things.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/chmod_things.py

Number of potential security issues found: 4

Click to see the details for found security issues.
line validation severity info code
5 os.access High Operating System calls can have a security impact and should be inspected in detail. 
     """testfile for codeaudit"""
     if os.access("myfile", os.R_OK):
        with open("myfile") as fp:
8 os.chmod High Operating System calls can have a security impact and should be inspected in detail. 
            return fp.read()
        os.chmod("myfile", 0o644) # The 0o prefix denotes an octal number
        myfile='/tmp/notmine.obj'
23 os.chmod High Operating System calls can have a security impact and should be inspected in detail. 
    """function has chmode in name , but should not give a false positive on function name!"""
    yourfilesaremine( '*',0x777)
    chmodulus = "/usr/bin/*"
25 os.chmod High Operating System calls can have a security impact and should be inspected in detail. 
    chmodulus = "/usr/bin/*"
    chmodel = yourfilesaremine(chmodulus, 0x777)

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/chmod_things.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
chmod_things.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/chmod_things.py 29 20 2 3 0 5 3 0

Result for file directorycreation.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/directorycreation.py

Number of potential security issues found: 5

Click to see the details for found security issues.
line validation severity info code
10 os.makedirs Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        os.makedirs(path, exist_ok=True)
        print(f"Directory created or already exists: {path}")
23 os.mkdir Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        os.mkdir(path)
        print(f"Directory created: {path}")
45 os.mkfifo Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        os.mkfifo(fifo_path)
        print(f"FIFO '{fifo_path}' created successfully.")
62 os.mknod Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        os.mknod(path)
        print(f"File created: {path}")
79 os.makedirs Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        os.makedirs(path, exist_ok=True)
        print(f"Directory created or already exists: {path}")

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/directorycreation.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
directorycreation.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/directorycreation.py 82 39 1 5 0 26 16 0

Result for file shelve.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/shelve.py

Number of potential security issues found: 1

Click to see the details for found security issues.
line validation severity info code
3 shelve.open High Only loading a shelve from a trusted source is secure. So check if this is the case. 

with shelve.open('spam') as db:
    db['eggs'] = 'eggs'

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/shelve.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
shelve.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/shelve.py 4 3 1 0 0 0 2 0

Result for file file3.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/file3.py

Number of potential security issues found: 3

Click to see the details for found security issues.
line validation severity info code
4 eval High This function can executes arbitrary code. 
from math import sqrt
eval("print('hi')")
if os.access("file.txt", os.R_OK): pass
5 os.access High Operating System calls can have a security impact and should be inspected in detail. 
eval("print('hi')")
if os.access("file.txt", os.R_OK): pass
acc("file.txt")
6 os.access High Operating System calls can have a security impact and should be inspected in detail. 
if os.access("file.txt", os.R_OK): pass
acc("file.txt")
os.path.exists("file.txt")

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/file3.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
file3.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/file3.py 9 8 3 0 0 0 2 0

Result for file subprocess.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/subprocess.py

Number of potential security issues found: 5

Click to see the details for found security issues.
line validation severity info code
20 subprocess.run Medium Use of the subprocess module calls should be analyzed in-depth. 
    # 'check=True' raises a CalledProcessError if the command returns a non-zero exit code (kept for demonstration, but no try-except).
    result_ls = subprocess.run(['ls', '-l'], capture_output=True, text=True, check=True)
    print("\nCommand: ls -l")
44 subprocess.Popen Medium Use of the subprocess module calls should be analyzed in-depth. 
    # shell=True is used here because '&&' is a shell-specific operator.
    process = subprocess.Popen("echo 'Hello from Popen' && sleep 1 && echo 'Popen finished'",
                               shell=True,
63 subprocess.Popen Medium Use of the subprocess module calls should be analyzed in-depth. 
    print("\nCommand: grep 'line' (piping input)")
    process_grep = subprocess.Popen(['grep', 'line'],
                                    stdin=subprocess.PIPE,
79 subprocess.check_call High Use of the subprocess module calls should be analyzed in-depth. 
    #Old things
    subprocess.check_call(['ls', '-l'])
    return_code = subprocess.call(['ls', '-l'])
80 subprocess.call High Use of the subprocess module calls should be analyzed in-depth. 
    subprocess.check_call(['ls', '-l'])
    return_code = subprocess.call(['ls', '-l'])

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/subprocess.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
subprocess.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/subprocess.py 83 36 2 1 0 7 1 0

Result for file shutil.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/shutil.py

Number of potential security issues found: 6

Click to see the details for found security issues.
line validation severity info code
3 shutil.unpack_archive Medium Extracting files within a program should not be trusted by default. 

shutil.unpack_archive("example.zip", "extracted_files", format="zip", filter="data")
5 shutil.copy2 Medium Information can be transfered without permission. 

shutil.copy2("source_file.txt", "backup/source_file.txt", follow_symlinks=True)
7 shutil.copy2 Medium Information can be transfered without permission. 

shutil.copytree("project", "project_backup", symlinks=False, ignore=None, copy_function=shutil.copy2, ignore_dangling_symlinks=False, dirs_exist_ok=False)
7 shutil.copytree Medium Information can be transfered without permission. 

shutil.copytree("project", "project_backup", symlinks=False, ignore=None, copy_function=shutil.copy2, ignore_dangling_symlinks=False, dirs_exist_ok=False)
9 shutil.chown Medium Programs should not change access rights on files they do not own. 

shutil.chown("logs/server.log", user="admin", group="admin", dir_fd=None, follow_symlinks=True)
13 shutil.copy Medium Information can be transfered without permission. 
from shutil import copy as stealmydata 
stealmydata("source_file.txt", "backup/source_file.txt", follow_symlinks=True)

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/shutil.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
shutil.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/shutil.py 13 7 2 0 0 0 1 0

Result for file hashcheck.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/hashcheck.py

Number of potential security issues found: 3

Click to see the details for found security issues.
line validation severity info code
19 hashlib.md5 High Use of insecure hashing algorithms detected. 
  # Create an MD5 hash object
  md5_hash_object = hashlib.md5()
  sha1_hash_object = hashlib.sha1()
20 hashlib.sha1 High Use of insecure hashing algorithms detected. 
  md5_hash_object = hashlib.md5()
  sha1_hash_object = hashlib.sha1()
48 hashlib.sha1 High Use of insecure hashing algorithms detected. 
  # Create an MD5 hash object
  sha1_hash_object = tooweak()

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/hashcheck.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
hashcheck.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/hashcheck.py 56 18 2 2 0 19 1 0

Result for file tarfilevalidation.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/tarfilevalidation.py

Number of potential security issues found: 3

Click to see the details for found security issues.
line validation severity info code
6 tarfile.TarFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
    with tarfile.open(file_path, 'r:gz') as tar:
        tar.extractall(path=extract_path)
10 tarfile.TarFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
    with tarfile.open(file_path, 'r:gz') as donot:
        donot.extractall(path=extract_path)
17 tarfile.TarFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
extractor = MyExtractor()
extractor.extractall("/some/directory")

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/tarfilevalidation.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
tarfilevalidation.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/tarfilevalidation.py 17 12 1 3 1 1 3 0

Result for file httpserver.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/httpserver.py

Number of potential security issues found: 3

Click to see the details for found security issues.
line validation severity info code
4 http.server
BaseHTTPRequestHandler		 High Insecure for production use. 
# Define a custom request handler
class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
    """
23 http.server
BaseHTTPRequestHandler		 High Insecure for production use. 
# The function to run the HTTP server
def run(server_class=HTTPServer, handler_class=BaseHTTPRequestHandler):
    """
23 http.server
HTTPServer		 High Insecure for production use. 
# The function to run the HTTP server
def run(server_class=HTTPServer, handler_class=BaseHTTPRequestHandler):
    """

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/httpserver.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
httpserver.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/httpserver.py 35 16 1 2 1 16 1 0

Result for file directorycreation2.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/directorycreation2.py

Number of potential security issues found: 6

Click to see the details for found security issues.
line validation severity info code
13 os.makedirs Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        smurf(path, exist_ok=True)
        print(f"Directory created or already exists: {path}")
26 os.mkdir Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        frog(path)
        print(f"Directory created: {path}")
48 os.mkfifo Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        spider(fifo_path)
        print(f"FIFO '{fifo_path}' created successfully.")
65 os.mknod Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        os.mknod(path)
        print(f"File created: {path}")
82 os.makedirs Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        os.makedirs(path, exist_ok=True)
        print(f"Directory created or already exists: {path}")
94 os.makedev Low Operating System calls can have a security impact and should be inspected in detail. 
    try:
        os.makedev(path, exist_ok=True)
        print(f"Directory created or already exists: {path}")

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/directorycreation2.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
directorycreation2.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/directorycreation2.py 97 48 4 6 0 30 18 0

Result for file pickle.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/pickle.py

Number of potential security issues found: 3

Click to see the details for found security issues.
line validation severity info code
3 pickle.loads High unpickling will import any class or function that it finds in the pickle data 
import pickle
pickle.loads(b"cos\nsystem\n(S'echo hello world'\ntR.")
7 pickle.load High unpickling will import any class or function that it finds in the pickle data 
    with open('data.pickle', 'rb') as f:
        data = pickle.load(f)
12 pickle.loads High unpickling will import any class or function that it finds in the pickle data 

importmalware('mysafefile.txt')

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/pickle.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
pickle.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/pickle.py 12 7 2 1 0 0 2 0

Result for file allshit.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/allshit.py

Number of potential security issues found: 51

Click to see the details for found security issues.
line validation severity info code
6 assert Low Assertions are for debugging and development. Misuse can lead to security vulnerabilities. 
    # If 'b' is 0, an AssertionError will be raised with the given message.
    assert b != 0, "Cannot divide by zero!"
    return a / b
28 exec High This built-in function can execute code you do not want and/or aware of. So check and validate if it is used correct. 
print("-" * 20)
exec("4*23") ; exec("4*23")
32 s.bind Medium Network sockets require additional measurements. 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', 31137))
s.bind(('192.168.0.1', 8080))
33 s.bind Medium Network sockets require additional measurements. 
s.bind(('0.0.0.0', 31137))
s.bind(('192.168.0.1', 8080))
42 assert Low Assertions are for debugging and development. Misuse can lead to security vulnerabilities. 
# Assert that x is greater than 5.
assert x > 5, "x should be greater than 5"
print(f"Assertion passed: x ({x}) is greater than 5.")
46 pass Low Too broad exception handling risk when not used correctly. 
  do_some_stuff()
except ZeroDivisionError:
  pass
52 continue Low Too broad exception handling risk when not used correctly. 
    do_some_stuff()
  except ZeroDivisionError:
    continue  #bad security practice - strange things can happen without catching and logging
73 hashlib.md5 High Use of insecure hashing algorithms detected. 
  # Create an MD5 hash object
  md5_hash_object = hashlib.md5()
  sha1_hash_object = hashlib.sha1()
74 hashlib.sha1 High Use of insecure hashing algorithms detected. 
  md5_hash_object = hashlib.md5()
  sha1_hash_object = hashlib.sha1()
102 hashlib.sha1 High Use of insecure hashing algorithms detected. 
  # Create an MD5 hash object
  sha1_hash_object = tooweak()
116 os.access High Operating System calls can have a security impact and should be inspected in detail. 
def nogood():
    if check_access("file.txt", os.R_OK):
        print("Accessible")
119 eval High This function can executes arbitrary code. 

    eval("2 + 2")
    exec("4*23")
120 exec High This built-in function can execute code you do not want and/or aware of. So check and validate if it is used correct. 
    eval("2 + 2")
    exec("4*23")
123 os.access High Operating System calls can have a security impact and should be inspected in detail. 

    if os.access("myfile", os.R_OK):
        with open("myfile") as fp:
126 os.chmod High Operating System calls can have a security impact and should be inspected in detail. 
            return fp.read()
    os.chmod("myfile", 0o644) # The 0o prefix denotes an octal number
    print(f"Permissions for '{myfile}' set to 644 (octal).")
141 pass Low Too broad exception handling risk when not used correctly. 
        result = None                        # handle and recover
    except Exception as exc:                 # catches *any* other error
        # In real code, consider logging exc instead of pass
154 os.system High Operating System calls can have a security impact and should be inspected in detail. 
from os import system as clown
clown('ls -la')
158 os.popen High Operating System calls can have a security impact and should be inspected in detail. 
import os
os.popen('malware -all')
bytes_written = os.write(fd, data_to_write)
159 os.write Low os.write can cause availability issues if not done correct. 
os.popen('malware -all')
bytes_written = os.write(fd, data_to_write)
bytes_written2 = os.writev(fd, buffers)
160 os.writev Low os.writev can cause availability issues if not done correct. 
bytes_written = os.write(fd, data_to_write)
bytes_written2 = os.writev(fd, buffers)
163 logging.config Low Potential security issues can arise with parsing objects and incorrect sanitizing. 
import logging.config 
logging.config.listen(port=DEFAULT_LOGGING_CONFIG_PORT, verify=None)
166 logging.config Low Potential security issues can arise with parsing objects and incorrect sanitizing. 

logging.config.fileConfig(fname, defaults=None, disable_existing_loggers=True, encoding=None)
#
174 tarfile.TarFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
    with tarfile.open(file_path, 'r:gz') as tar:
        tar.extractall(path=extract_path)
178 tarfile.TarFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
    with tarfile.open(file_path, 'r:gz') as donot:
        donot.extractall(path=extract_path)
185 tarfile.TarFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
extractor = MyExtractor()
extractor.extractall("/some/directory")
202 xmlrpc.server
SimpleXMLRPCServer		 High xmlrpc.server is vulnerable to the “decompression bomb” attack. 

server = SimpleXMLRPCServer(("localhost", 8000))
print("Listening on port 8000...")
209 xmlrpc.client High xmlrpc is vulnerable to the “decompression bomb” attack. 

with xmlrpc.client.ServerProxy("http://localhost:8000/") as proxy:
    print("3 is even: %s" % str(proxy.is_even(3)))
215 os.fork Low On macOS use of this function is unsafe when mixed with using higher-level system APIs, and that includes using urllib.request. 

pid = os.fork()
217 os.forkpty Low Use of forkpty can be unsafe when used on MacOS. 

pid_zero = os.forkpty() 
pid = os.fork()
218 os.fork Low On macOS use of this function is unsafe when mixed with using higher-level system APIs, and that includes using urllib.request. 
pid_zero = os.forkpty() 
pid = os.fork()
224 os.fork Low On macOS use of this function is unsafe when mixed with using higher-level system APIs, and that includes using urllib.request. 
while True and nobreak:
    cannothurt()  # Creates a new child process
227 compile High It is possible to crash the Python interpreter when using this function. 

compile('nasty-string' ,'malware.bin',mode=single, flags=0, dont_inherit=False, optimize=-1)
230 base64 Low Base encoding visually hides otherwise easily recognized information such as passwords, but does not provide any computational confidentiality. 
import base64
encoded = base64.b64encode(b'data to be encoded')
data = base64.b64decode(encoded)
231 base64 Low Base encoding visually hides otherwise easily recognized information such as passwords, but does not provide any computational confidentiality. 
encoded = base64.b64encode(b'data to be encoded')
data = base64.b64decode(encoded)
236 http.server
BaseHTTPRequestHandler		 High Insecure for production use. 
# Define a custom request handler
class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
    """
255 http.server
HTTPServer		 High Insecure for production use. 
# The function to run the HTTP server
def run(server_class=HTTPServer, handler_class=BaseHTTPRequestHandler):
    """
255 http.server
BaseHTTPRequestHandler		 High Insecure for production use. 
# The function to run the HTTP server
def run(server_class=HTTPServer, handler_class=BaseHTTPRequestHandler):
    """
291 connection.recv High Connection.recv() uses pickle 
    # This call blocks until data is available.
    received_data = connection.recv()
    print(f"Receiver process: Received '{received_data}'")
304 pickle.loads High unpickling will import any class or function that it finds in the pickle data 
import pickle
pickle.loads(b"cos\nsystem\n(S'echo hello world'\ntR.")
308 pickle.load High unpickling will import any class or function that it finds in the pickle data 
    with open('data.pickle', 'rb') as f:
        data = pickle.load(f)
312 pickle.loads High unpickling will import any class or function that it finds in the pickle data 

importmalware('mysafefile.txt')
326 random.seed Low The pseudo-random generators of this module should not be used for security purposes. 
  """
  random.seed(23)
  random_number = random.random()
327 random.random Low The pseudo-random generators of this module should not be used for security purposes. 
  random.seed(23)
  random_number = random.random()
  return random_number
331 shelve.open High Only loading a shelve from a trusted source is secure. So check if this is the case. 
import shelve
with shelve.open('spam') as db:
    db['eggs'] = 'eggs'
343 os.makedirs Low Operating System calls can have a security impact and should be inspected in detail. 
    print(f"--- INSECURE EXTRACTION of {zip_path} to {extract_to_dir} ---")
    os.makedirs(extract_to_dir, exist_ok=True)
    with zipfile.ZipFile(zip_path, 'r') as zip_ref:
344 zipfile.ZipFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
    os.makedirs(extract_to_dir, exist_ok=True)
    with zipfile.ZipFile(zip_path, 'r') as zip_ref:
        # This line is the vulnerability: it extracts directly without path validation.
346 tarfile.TarFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
        # This line is the vulnerability: it extracts directly without path validation.
        zip_ref.extractall(extract_to_dir)
    print("Extraction attempted (might be insecure).")
355 shutil.unpack_archive Medium Extracting files within a program should not be trusted by default. 
import shutil
shutil.unpack_archive("example.zip", "extracted_files", format="zip", filter="data")
358 shutil.copy Medium Information can be transfered without permission. 
from shutil import copy as stealmydata 
stealmydata("source_file.txt", "backup/source_file.txt", follow_symlinks=True)
373 marshal.loads High The marshal module is not intended to be secure against erroneous or maliciously constructed data. 
     
    nastyobjects = marshal.loads('/tmp/plantedmalware.obj', allow_code=True)
    print(nastyobjects)
379 marshal.load High The marshal module is not intended to be secure against erroneous or maliciously constructed data. 
            # The allow_code parameter is passed directly to marshal.load()
            loaded_object = marshal.load(f, allow_code=allow_code)
        return loaded_object

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/allshit.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
allshit.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/allshit.py 390 205 28 19 3 78 34 0

Result for file base64.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/base64.py

Number of potential security issues found: 2

Click to see the details for found security issues.
line validation severity info code
2 base64 Low Base encoding visually hides otherwise easily recognized information such as passwords, but does not provide any computational confidentiality. 
import base64
encoded = base64.b64encode(b'data to be encoded')
data = base64.b64decode(encoded)
3 base64 Low Base encoding visually hides otherwise easily recognized information such as passwords, but does not provide any computational confidentiality. 
encoded = base64.b64encode(b'data to be encoded')
data = base64.b64decode(encoded)
print(data)

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/base64.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
base64.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/base64.py 4 4 1 0 0 0 1 0

Result for file zipfile.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/zipfile.py

Number of potential security issues found: 4

Click to see the details for found security issues.
line validation severity info code
8 zipfile.ZipFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
    """       
    with ZipFile(zip_path, 'r') as zip_ref:
        # This line is the vulnerability: it extracts directly without path validation.
13 zipfile.ZipFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
    
    with ZipFile('spam.zip','r') as myzip:
        with myzip.open('eggs.txt') as myfile:
17 zipfile.ZipFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 

    with ZipFile('example.zip') as zf:
        with zf.open('file_inside.txt', 'r') as file:
23 zipfile.ZipFile High Extracting files within a program should never be trusted by default. This issue is detected when the zipfile and/or tarfile module with an extraction method is used. 
def another_function():
    with ZipFile('example.zip') as zf:
        with zf.open('file_inside.txt', 'r') as file:

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/zipfile.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
zipfile.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/zipfile.py 26 18 1 2 0 4 8 0

Result for file multiprocessing.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/multiprocessing.py

Number of potential security issues found: 2

Click to see the details for found security issues.
line validation severity info code
20 connection.recv High Connection.recv() uses pickle 
    print("Receiver process: Waiting to receive data...")    
    received_data = connection.recv()
    print(f"Receiver process: Received '{received_data}'")
42 multiprocessing.connection
Connection		 High Connection.recv() uses pickle 

def receive_data(conn: Connection):
    data = conn.recv()

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/multiprocessing.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
multiprocessing.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/multiprocessing.py 47 31 4 6 0 7 1 0

Result for file inputstatement.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/inputstatement.py

Number of potential security issues found: 1

Click to see the details for found security issues.
line validation severity info code
6 input Low Use of input requires strict sanitizing and validation. 
def greet_user():
    name = input("What is your name? ")
    print(f"Hello, {name}!")

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/inputstatement.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
inputstatement.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/inputstatement.py 7 4 0 1 0 3 1 0

Result for file oschecks.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/oschecks.py

Number of potential security issues found: 11

Click to see the details for found security issues.
line validation severity info code
5 os.access High Operating System calls can have a security impact and should be inspected in detail. 
def nogood():
    if check_access("file.txt", os.R_OK):
        print("Accessible")
8 eval High This function can executes arbitrary code. 

    eval("2 + 2")
    exec("4*23")
9 exec High This built-in function can execute code you do not want and/or aware of. So check and validate if it is used correct. 
    eval("2 + 2")
    exec("4*23")
12 os.access High Operating System calls can have a security impact and should be inspected in detail. 

    if os.access("myfile", os.R_OK):
        with open("myfile") as fp:
15 os.chmod High Operating System calls can have a security impact and should be inspected in detail. 
            return fp.read()
    os.chmod("myfile", 0o644) # The 0o prefix denotes an octal number
    print(f"Permissions for '{myfile}' set to 644 (octal).")
21 os.popen High Operating System calls can have a security impact and should be inspected in detail. 
import os
os.popen('malware -all')
bytes_written = os.write(fd, data_to_write)
22 os.write Low os.write can cause availability issues if not done correct. 
os.popen('malware -all')
bytes_written = os.write(fd, data_to_write)
bytes_written2 = os.writev(fd, buffers)
23 os.writev Low os.writev can cause availability issues if not done correct. 
bytes_written = os.write(fd, data_to_write)
bytes_written2 = os.writev(fd, buffers)
25 os.forkpty Low Use of forkpty can be unsafe when used on MacOS. 

pid_zero = os.forkpty() 
pid = os.fork()
26 os.fork Low On macOS use of this function is unsafe when mixed with using higher-level system APIs, and that includes using urllib.request. 
pid_zero = os.forkpty() 
pid = os.fork()
32 os.fork Low On macOS use of this function is unsafe when mixed with using higher-level system APIs, and that includes using urllib.request. 
while True:
    cannothurt()  # Creates a new child process

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/oschecks.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
oschecks.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/oschecks.py 32 22 4 1 0 1 5 0

Result for file validation1.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/validation1.py

Number of potential security issues found: 3

Click to see the details for found security issues.
line validation severity info code
8 os.access High Operating System calls can have a security impact and should be inspected in detail. 
import os 
if check_access("file.txt", os.R_OK):
    print("Accessible")
11 eval High This function can executes arbitrary code. 

eval("2 + 2")
14 os.access High Operating System calls can have a security impact and should be inspected in detail. 

if os.access("myfile", os.R_OK):
    with open("myfile") as fp:

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/validation1.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
validation1.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/validation1.py 20 11 2 0 0 4 4 0

Result for file random.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/random.py

Number of potential security issues found: 2

Click to see the details for found security issues.
line validation severity info code
14 random.random Low The pseudo-random generators of this module should not be used for security purposes. 
  """
  random_number = random.random()
  random.seed(23)
15 random.seed Low The pseudo-random generators of this module should not be used for security purposes. 
  random_number = random.random()
  random.seed(23)
  return random_number

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/random.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
random.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/random.py 16 6 1 1 0 9 1 0

Result for file assert.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/assert.py

Number of potential security issues found: 2

Click to see the details for found security issues.
line validation severity info code
5 assert Low Assertions are for debugging and development. Misuse can lead to security vulnerabilities. 
    # If 'b' is 0, an AssertionError will be raised with the given message.
    assert b != 0, "Cannot divide by zero!"
    return a / b
31 assert Low Assertions are for debugging and development. Misuse can lead to security vulnerabilities. 
# Assert that x is greater than 5.
assert x > 5, "x should be greater than 5"
print(f"Assertion passed: x ({x}) is greater than 5.")

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/assert.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
assert.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/assert.py 32 16 0 1 0 5 7 0

Result for file exception.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/exception.py

Number of potential security issues found: 2

Click to see the details for found security issues.
line validation severity info code
11 continue Low Too broad exception handling risk when not used correctly. 
            do_some_stuff()
        except Exception:
            continue
19 pass Low Too broad exception handling risk when not used correctly. 
        result = None                        # handle and recover
    except Exception as exc:                 # catches *any* other error
        # In real code, consider logging exc instead of pass

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/exception.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
exception.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/exception.py 30 16 0 1 0 5 7 0

Result for file validation2.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/validation2.py

Number of potential security issues found: 3

Click to see the details for found security issues.
line validation severity info code
8 os.access High Operating System calls can have a security impact and should be inspected in detail. 

if x("file.txt", os.R_OK):
    print("Accessible")
10 eval High This function can executes arbitrary code. 
    print("Accessible")
eval("2 + 2")
12 os.access High Operating System calls can have a security impact and should be inspected in detail. 

if x("myfile", os.R_OK):
    with open("myfile") as fp:

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/validation2.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
validation2.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/validation2.py 18 11 2 0 0 4 4 0

Result for file xml.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/xml.py

Number of potential security issues found: 3

Click to see the details for found security issues.
line validation severity info code
7 xmlrpc.server
SimpleXMLRPCServer		 High xmlrpc.server is vulnerable to the “decompression bomb” attack. 

server = SimpleXMLRPCServer(("localhost", 8000))
print("Listening on port 8000...")
14 xmlrpc.client High xmlrpc is vulnerable to the “decompression bomb” attack. 

with xmlrpc.client.ServerProxy("http://localhost:8000/") as proxy:
    print("3 is even: %s" % str(proxy.is_even(3)))
26 xmlrpc.server
SimpleXMLRPCServer		 High xmlrpc.server is vulnerable to the “decompression bomb” attack. 

with SimpleXMLRPCServer(('localhost', 8000),
                        requestHandler=RequestHandler) as server:

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/xml.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
xml.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/xml.py 46 23 4 3 1 0 3 0

Result for file modulecheck.py

Location of the file: /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/modulecheck.py

Number of potential security issues found: 1

Click to see the details for found security issues.
line validation severity info code
13 os.chmod High Operating System calls can have a security impact and should be inspected in detail. 
    print('no way!')
    os.chmod('ooooooooooooono.txt',0x777) #this will give an alert on codeaudit filescan!

Click to see details for file /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/modulecheck.py
FileName FilePath Number_Of_Lines AST_Nodes Modules Functions Classes Comment_Lines Complexity_Score warnings
modulecheck.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/modulecheck.py 13 9 5 1 0 2 1 0

Files in directory with no security issues

Total Python files with no detected security issue: 1

The Python files with no security issues detected by codeaudit are:

filename directory
file_with_warnings.py /home/maikel/projects/pythondev/codeaudit/tests/validationfiles/file_with_warnings.py

Disclaimer:Only Python source files are taken into account for this scan. Sometimes security issues are present in configuration files, like ini,yaml or json files!

Disclaimer:This SAST tool 'codeaudit' provides a powerful automatic security analysis for Python source code. However it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist. There is and will never be a single security tool that gives 100% automatic guarantees. By reporting any issues you find, you contribute to a better tool for everyone.