• CodeQL query help documentation »

CodeQL query help for Python

Visit the articles below to see the documentation for the queries included in the following query suites:

• default: queries run by default in CodeQL code scanning on GitHub.

• security-extended: queries from default, plus extra security queries with slightly lower precision and severity.

• security-and-quality: queries from default, security-extended, plus extra maintainability and reliability queries.

These queries are published in the CodeQL query pack codeql/python-queries (changelog, source).

For shorter queries that you can use as building blocks when writing your own queries, see the example queries in the CodeQL repository.

• ‘apply’ function used
• ‘break’ or ‘return’ statement in finally
• ‘import *’ may pollute namespace
• ‘input’ function used in Python 2
• ‘super’ in old style class
• Accepting unknown SSH host keys when using Paramiko
• An assert statement has a side-effect
• Arbitrary file write during tarfile extraction
• Asserting a tuple
• Backspace escape in regular expression
• Bad HTML filtering regexp
• Binding a socket to all network interfaces
• CSRF protection weakened or disabled
• Clear-text logging of sensitive information
• Clear-text storage of sensitive information
• Code injection
• Commented-out code
• Comparison of constants
• Comparison of identical values
• Comparison using is when operands support __eq__
• Conflicting attributes in base classes
• Confusing octal literal
• Constant in conditional expression or statement
• Construction of a cookie using user-supplied input
• Cyclic import
• Default version of SSL/TLS may be insecure
• Deprecated slice method
• Deserialization of user-controlled data
• Duplicate key in dict literal
• Duplication in regular expression character class
• Empty except
• Encoding error
• Except block handles ‘BaseException’
• Explicit export is not defined
• Explicit returns mixed with implicit (fall through) returns
• Failure to use secure cookies
• File is not always closed
• First argument to super() is not enclosing class
• First parameter of a class method is not named ‘cls’
• First parameter of a method is not named ‘self’
• Flask app is run in debug mode
• Formatted object is not a mapping
• Formatting string mixes implicitly and explicitly numbered fields
• Full server-side request forgery
• HTTP Response Splitting
• Hard-coded credentials
• Illegal raise
• Implicit string concatenation in a list
• Import of deprecated module
• Importing value of mutable attribute
• Imprecise assert
• Incomplete URL substring sanitization
• Incomplete ordering
• Incomplete regular expression for hostnames
• Inconsistent equality and hashing
• Inconsistent equality and inequality
• Inconsistent method resolution order
• Inefficient regular expression
• Information exposure through an exception
• Insecure temporary file
• Iterable can be either a string or a sequence
• Iterator does not return self from __iter__ method
• Jinja2 templating with autoescape=False
• LDAP query built from user-controlled sources
• List comprehension variable used in enclosing scope
• Log Injection
• Loop variable capture
• Maybe missing ‘self’ in comparison
• Membership test with a non-container
• Mismatch between signature and use of an overridden method
• Mismatch between signature and use of an overriding method
• Mismatch in multiple assignment
• Missing call to __del__ during object destruction
• Missing call to __init__ during object initialization
• Missing named arguments in formatting call
• Missing part of special group in regular expression
• Modification of dictionary returned by locals()
• Modification of parameter with default
• Module imports itself
• Module is imported more than once
• Module is imported with ‘import’ and ‘import from’
• Module-level cyclic import
• Multiple calls to __del__ during object destruction
• Multiple calls to __init__ during object initialization
• Mutation of descriptor in __get__ or __set__ method.
• Nested loops with same variable
• Nested loops with same variable reused after inner loop body
• NoSQL Injection
• Non-callable called
• Non-exception in ‘except’ clause
• Non-iterable used in for loop
• Non-standard exception raised in special method
• NotImplemented is not an Exception
• Overly complex __del__ method
• Overly permissive file permissions
• Overly permissive regular expression range
• Overwriting attribute in super-class or sub-class
• PAM authorization bypass due to incorrect usage
• Partial server-side request forgery
• Polynomial regular expression used on uncontrolled data
• Potentially uninitialized local variable
• Property in old-style class
• Pythagorean calculation with sub-optimal numerics
• Raising a tuple
• Redundant assignment
• Redundant comparison
• Reflected server-side cross-site scripting
• Regular expression injection
• Request without certificate validation
• Result of integer division may be truncated
• Returning tuples with varying lengths
• SQL query built from user-controlled sources
• Should use a ‘with’ statement
• Signature mismatch in overriding method
• Special method has incorrect signature
• Statement has no effect
• Superclass attribute shadows subclass method
• Suspicious unused loop iteration variable
• Syntax error
• Testing equality to None
• Too few arguments in formatting call
• URL redirection from remote source
• Uncontrolled command line
• Uncontrolled data used in path expression
• Unguarded next in generator
• Unhashable object hashed
• Unmatchable caret in regular expression
• Unmatchable dollar in regular expression
• Unnecessary ‘else’ clause in loop
• Unnecessary delete statement in function
• Unnecessary lambda
• Unnecessary pass
• Unreachable ‘except’ block
• Unreachable code
• Unsafe shell command constructed from library input
• Unsupported format character
• Unused argument in a formatting call
• Unused exception object
• Unused global variable
• Unused import
• Unused local variable
• Unused named argument in formatting call
• Use of ‘global’ at module level
• Use of ‘return’ or ‘yield’ outside a function
• Use of a broken or weak cryptographic algorithm
• Use of a broken or weak cryptographic hashing algorithm on sensitive data
• Use of a print statement at module level
• Use of an undefined placeholder variable
• Use of exit() or quit()
• Use of insecure SSL/TLS version
• Use of the return value of a procedure
• Use of weak cryptographic key
• Variable defined multiple times
• Wrong name for an argument in a call
• Wrong name for an argument in a class instantiation
• Wrong number of arguments for format
• Wrong number of arguments in a call
• Wrong number of arguments in a class instantiation
• XML external entity expansion
• XML internal entity expansion
• XPath query built from user-controlled sources
• __del__ is called explicitly
• __eq__ not overridden when adding attributes
• __init__ method calls overridden method
• __init__ method is a generator
• __init__ method returns a value
• __iter__ method returns a non-iterator
• __slots__ in old-style class

• © GitHub, Inc.
• Terms
• Privacy