Commented-out code — CodeQL query help documentation CodeQL query help for C and C++ CodeQL query help for C# CodeQL query help for GitHub Actions CodeQL query help for Go CodeQL query help for Java and Kotlin CodeQL query help for JavaScript and TypeScript CodeQL query help for Python ‘apply’ function used ‘break’ or ‘return’ statement in finally ‘import *’ may pollute namespace ‘input’ function used in Python 2 ‘super’ in old style class Accepting unknown SSH host keys when using Paramiko An assert statement has a side-effect Arbitrary file write during tarfile extraction Asserting a tuple Backspace escape in regular expression Bad HTML filtering regexp Binding a socket to all network interfaces CSRF protection weakened or disabled Clear-text logging of sensitive information Clear-text storage of sensitive information Code injection Commented-out code Comparison of constants Comparison of identical values Comparison using is when operands support __eq__ Conflicting attributes in base classes Confusing octal literal Constant in conditional expression or statement Construction of a cookie using user-supplied input Cyclic import Default version of SSL/TLS may be insecure Deprecated slice method Deserialization of user-controlled data Duplicate key in dict literal Duplication in regular expression character class Empty except Encoding error Except block handles ‘BaseException’ Explicit export is not defined Explicit returns mixed with implicit (fall through) returns Failure to use secure cookies File is not always closed First argument to super() is not enclosing class First parameter of a class method is not named ‘cls’ First parameter of a method is not named ‘self’ Flask app is run in debug mode Formatted object is not a mapping Formatting string mixes implicitly and explicitly numbered fields Full server-side request forgery HTTP Response Splitting Illegal raise Implicit string concatenation in a list Import of deprecated module Importing value of mutable attribute Imprecise assert Incomplete URL substring sanitization Incomplete ordering Incomplete regular expression for hostnames Inconsistent equality and hashing Inconsistent equality and inequality Inconsistent method resolution order Inefficient regular expression Information exposure through an exception Insecure temporary file Iterable can be either a string or a sequence Iterator does not return self from __iter__ method Jinja2 templating with autoescape=False LDAP query built from user-controlled sources List comprehension variable used in enclosing scope Log Injection Loop variable capture Maybe missing ‘self’ in comparison Membership test with a non-container Mismatch between signature and use of an overridden method Mismatch between signature and use of an overriding method Mismatch in multiple assignment Missing call to superclass __del__ during object destruction Missing call to superclass __init__ during object initialization Missing named arguments in formatting call Missing part of special group in regular expression Modification of dictionary returned by locals() Modification of parameter with default Module imports itself Module is imported more than once Module is imported with ‘import’ and ‘import from’ Module-level cyclic import Multiple calls to __del__ during object destruction Multiple calls to __init__ during object initialization Mutation of descriptor in __get__ or __set__ method Nested loops with same variable Nested loops with same variable reused after inner loop body NoSQL Injection Non-callable called Non-exception in ‘except’ clause Non-iterable used in for loop Non-standard exception raised in special method Overly complex __del__ method Overly permissive file permissions Overly permissive regular expression range Overwriting attribute in super-class or sub-class PAM authorization bypass due to incorrect usage Partial server-side request forgery Polynomial regular expression used on uncontrolled data Potentially uninitialized local variable Property in old-style class Pythagorean calculation with sub-optimal numerics Raising NotImplemented Raising a tuple Redundant assignment Redundant comparison Reflected server-side cross-site scripting Regular expression injection Request without certificate validation Result of integer division may be truncated Returning tuples with varying lengths SQL query built from user-controlled sources Sensitive cookie missing HttpOnly attribute Sensitive cookie with SameSite attribute set to None Server Side Template Injection Should use a ‘with’ statement Signature mismatch in overriding method Special method has incorrect signature Statement has no effect Superclass attribute shadows subclass method Suspicious unused loop iteration variable Syntax error Testing equality to None Too few arguments in formatting call URL redirection from remote source Uncontrolled command line Uncontrolled data used in path expression Unguarded next in generator Unhashable object hashed Unmatchable caret in regular expression Unmatchable dollar in regular expression Unnecessary ‘else’ clause in loop Unnecessary delete statement in function Unnecessary lambda Unnecessary pass Unreachable except block Unreachable code Unsafe shell command constructed from library input Unsupported format character Unused argument in a formatting call Unused exception object Unused global variable Unused import Unused local variable Unused named argument in formatting call Use of ‘global’ at module level Use of ‘return’ or ‘yield’ outside a function Use of a broken or weak cryptographic algorithm Use of a broken or weak cryptographic hashing algorithm on sensitive data Use of a print statement at module level Use of an undefined placeholder variable Use of exit() or quit() Use of insecure SSL/TLS version Use of the return value of a procedure Use of weak cryptographic key Variable defined multiple times Wrong name for an argument in a call Wrong name for an argument in a class instantiation Wrong number of arguments for format Wrong number of arguments in a call Wrong number of arguments in a class instantiation XML external entity expansion XML internal entity expansion XPath query built from user-controlled sources __del__ is called explicitly __eq__ not overridden when adding attributes __init__ method calls overridden method __init__ method is a generator __init__ method returns a value __iter__ method returns a non-iterator __slots__ in old-style class CodeQL query help for Ruby CodeQL query help for Rust CodeQL query help for Swift CodeQL CWE coverage © GitHub, Inc. Terms Privacy