Python

Python

By DeepSource

Audit required: Use of md5 BAN-B303
Security

Use of insecure MD2, MD4, MD5, or SHA1 hash functions should be avoided. Using more secure algorithms like SHA256 or SHA512.

Audit required: Use of insecure cipher BAN-B304
Security

Use of insecure cipher or cipher mode. Replace with a known secure cipher such as AES.

Audit required: Use of insecure cipher mode BAN-B305
Security

Use of insecure cipher or cipher mode. Replace with a known secure cipher such as AES.

Audit required: Insecure cipher BAN-W1004
Security

Cipher used is not secure. It is recommended to replace with a known secure cipher such as AES.

Audit required: Insecure cipher mode BAN-W1005
Security

Use of insecure cipher mode such as ECB is not recommended for use in cryptographic protocols at all. In case of ECB, it encrypts identical plaintext blocks into identical ciphertext blocks; and does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality.

Audit required: Insecure hash function BAN-W1003
Security

D2, MD4, MD5, SHA1 signature algorithms are known to be vulnerable to collision attacks. Attackers can exploit this to generate another certificate with the same digital signature, allowing them to masquerade as the affected service.

Insecure pycryptodome library imported BAN-B414
Security

pycryptodome is a direct fork of pycrypto that has not fully addressed the issues inherent in PyCrypto. It seems to exist, mainly, as an API compatible continuation of pycrypto and should be deprecated in favor of pyca/cryptography which has more support among the Python community.

Audit required: Starting a subprocess BAN-B606
Security

Spawning of a subprocess in a way that doesn't use a shell is generally safe, but it maybe useful for penetration testing workflows to track where external system calls are used.

Django app detected with DEBUG mode enabled PY-S0900
Security
Autofix

Running a Django application with debug mode enabled may allow an attacker to gain access to sensitive information. Ensure that Django applications that are run in a production environment have DEBUG set to False.

Detected calls to FTP-related functions BAN-B321
Security

FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.

Insecure xmlrpclib import detected BAN-B411
Security

XMLRPC is particularly dangerous as it is also concerned with communicating data over a network. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate remote XML attacks.

Starting a process with a shell detected BAN-B605
Security

Spawning of a subprocess using a command shell is dangerous as it is vulnerable to various shell injection attacks. Great care should be taken to sanitize all input in order to mitigate this risk. Calls of this type are identified by the use of certain commands which are known to use shells.