S310 | Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
S311 | Standard pseudo-random generators are not suitable for security/cryptographic purposes.
S312 | Telnet-related functions are being called. Telnet is considered insecure. Use SSH or some other encrypted protocol.
S313 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
S314 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
S315 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
S316 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
S317 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
S318 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
S319 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called
S320 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with its defusedxml equivalent function.
S321 | FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
S323 | By default, Python will create a secure, verified ssl context for use in such classes as HTTPSConnection. However, it still allows using an insecure context via the _create_unverified_context that reverts to the previous behavior that does not validate certificates or perform hostname checks.
S324 | hashlib new insecure functions
S325 | Use of os.tempnam() and os.tmpnam() is vulnerable to symlink attacks. Consider using tmpfile() instead.
S401 | A telnet-related module is being imported. Telnet is considered insecure. Use SSH or some other encrypted protocol.
S402 | A FTP-related module is being imported. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.
S403 | Consider possible security implications associated with {name} module.
S405 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
S406 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
S407 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
S408 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
S409 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called.
S410 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Replace {name} with the equivalent defusedxml package.
S411 | Using {name} to parse untrusted XML data is known to be vulnerable to XML attacks. Use defused.xmlrpc.monkey_patch() function to monkey-patch xmlrpclib and mitigate XML vulnerabilities.
S412 | Consider possible security implications associated with {name} module.
S413 | The pyCrypto library and its module {name} are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.
S501 | request with no cert validation
S502 | ssl with bad version
S503 | ssl with bad defaults
S504 | ssl with no version
S505 | weak cryptographic key
S506 | yaml load
S507 | ssh no host key verification
S601 | paramiko calls
S602 | subprocess popen with shell equals true
S604 | any other function with shell equals true
S605 | start process with a shell
S606 | start process with no shell
S608 | hardcoded sql expressions
S609 | linux commands wildcard injection
S610 | django extra used
S611 | django rawsql used
S701 | jinja2 autoescape false
S702 | use of mako templates
S703 | django mark safe
B001 | Do not use {}, it also catches unexpected events like memory errors, interrupts, system exit, and so on. Prefer except Exception:. If you're sure what you're doing, be explicit and write except BaseException:.
B002 | Python does not support the unary prefix increment. Writing ++n is equivalent to +(+(n)), which equals n. You meant n += 1.
B003 | Assigning to os.environ doesn't clear the environment. Subprocesses are going to see outdated variables, in disagreement with the current process. Use os.environ.clear() or the env= argument to Popen.
B004 | Using hasattr(x, '__call__') to test if x is callable is unreliable. If x implements custom __getattr__ or its __call__ is itself not callable, you might get misleading results. Use callable(x) for consistent results.
B005 | Using .strip() with multi-character strings is misleading the reader. It looks like stripping a substring. Move your character set to a constant if this is deliberate. Use .replace() or regular expressions to remove string fragments.
B006 | Do not use mutable data structures for argument defaults. They are created during function definition time. All calls to the function reuse this one instance of that data structure, persisting changes between them.
B007 | Loop control variable {!r} not used within the loop body. If this is intended, start the name with an underscore.
B008 | Do not perform function calls in argument defaults. The call is performed only once at function definition time. All calls to your function will reuse the result of that definition-time function call. If this is intended, assign the function call to a module-level variable and use that variable as a default value.
B009 | Do not call getattr with a constant attribute value, it is not any safer than normal property access.
B010 | Do not call setattr with a constant attribute value, it is not any safer than normal property access.
B011 | Do not call assert False since python -O removes these calls. Instead callers should raise AssertionError().
B012 | return/continue/break inside finally blocks cause exceptions to be silenced. Exceptions should be silenced in except blocks. Control statements can be moved outside the finally block.
B013 | A length-one tuple literal is redundant. Write except {0}: instead of except ({0},):.
B014 | Redundant exception types in except ({0}){1}:. Write except {2}{1}:, which catches exactly the same exceptions.
B015 | Pointless comparison. This comparison does nothing but waste CPU instructions. Either prepend assert or remove it.
B016 | Cannot raise a literal. Did you intend to return it or raise an Exception?
B017 | assertRaises(Exception): should be considered evil. It can lead to your test passing even if the code being tested is never executed due to a typo. Either assert for a more specific exception (builtin or custom), use assertRaisesRegex, or use the context manager form of assertRaises.
B301 | Python 3 does not include .iter* methods on dictionaries. Remove the iter prefix from the method name. For Python 2 compatibility, prefer the Python 3 equivalent unless you expect the size of the container to be large or unbounded. Then use six.iter* or future.utils.iter*.
B302 | Python 3 does not include .view* methods on dictionaries. Remove the view prefix from the method name. For Python 2 compatibility, prefer the Python 3 equivalent unless you expect the size of the container to be large or unbounded. Then use six.view* or future.utils.view*.
B303 | __metaclass__ does nothing on Python 3. Use class MyClass(BaseClass, metaclass=...). For Python 2 compatibility, use six.add_metaclass.
B304 | sys.maxint is not a thing on Python 3. Use sys.maxsize.
B305 | .next() is not a thing on Python 3. Use the next() builtin. For Python 2 compatibility, use six.next().
B306 | BaseException.message has been deprecated as of Python 2.6 and is removed in Python 3. Use str(e) to access the user-readable message. Use e.args to access arguments passed to the exception.
B901 | Using yield together with return x. Use native async def coroutines or put a # noqa comment on this line if this was intentional.
B902 | Invalid first argument {} used for {} method. Use the canonical first argument name in methods, i.e. {}.
B903 | Data class should either be immutable or use slots to save memory. Use collections.namedtuple to generate an immutable class, or enumerate the attributes in a slot declaration in the class to leave attributes mutable.
B950 | line too long ({} > {} characters)
A001 | variable "{0}" is shadowing a python builtin
A002 | argument "{0}" is shadowing a python builtin
A003 | class attribute "{0}" is shadowing a python builtin
C400 | Unnecessary generator - rewrite as a list comprehension.
C401 | Unnecessary generator - rewrite as a set comprehension.
C402 | Unnecessary generator - rewrite as a dict comprehension.
C403 | Unnecessary list comprehension - rewrite as a set comprehension.
C404 | Unnecessary list comprehension - rewrite as a dict comprehension.
C405 | Unnecessary {type} literal -
C406 | Unnecessary {type} literal -
C408 | Unnecessary {type} call - rewrite as a literal.
C409 | Unnecessary {type} passed to tuple() -
C410 | Unnecessary {type} passed to list() -
C411 | Unnecessary list call - remove the outer call to list().
C413 | Unnecessary {outer} call around {inner}(){remediation}.
C414 | Unnecessary {inner} call within {outer}().
C415 | Unnecessary subscript reversal of iterable within {func}().
C416 | Unnecessary {type} comprehension - rewrite using {type}().
D100 | Missing docstring in public module
D101 | Missing docstring in public class
D102 | Missing docstring in public method
D103 | Missing docstring in public function
D104 | Missing docstring in public package
D106 | Missing docstring in public nested class
D200 | One-line docstring should fit on one line with quotes
D201 | No blank lines allowed before function docstring
D202 | No blank lines allowed after function docstring
D203 | 1 blank line required before class docstring
D204 | 1 blank line required after class docstring
D205 | 1 blank line required between summary line and description
D206 | Docstring should be indented with spaces, not tabs
D207 | Docstring is under-indented
D208 | Docstring is over-indented
D209 | Multi-line docstring closing quotes should be on a separate line
D210 | No whitespaces allowed surrounding docstring text
D211 | No blank lines allowed before class docstring
D212 | Multi-line docstring summary should start at the first line
D213 | Multi-line docstring summary should start at the second line
D214 | Section is over-indented
D215 | Section underline is over-indented
D300 | Use """triple double quotes"""
D301 | Use r""" if any backslashes in a docstring
D302 | Deprecated: Use u""" for Unicode docstrings
D400 | First line should end with a period
D401 | First line should be in imperative mood; try rephrasing
D402 | First line should not be the function's "signature"
D403 | First word of the first line should be properly capitalized
D404 | First word of the docstring should not be This
D405 | Section name should be properly capitalized
D406 | Section name should end with a newline
D407 | Missing dashed underline after section
D408 | Section underline should be in the line following the section's name
D409 | Section underline should match the length of its name
D410 | Missing blank line after section
D411 | Missing blank line before section
D412 | No blank lines allowed between a section header and its content
D413 | Missing blank line after last section
D414 | Section has no content
D415 | First line should end with a period, question mark, or exclamation point
D416 | Section name should end with a colon
D417 | Missing argument descriptions in the docstring
D418 | Function/ Method decorated with @overload shouldn't contain a docstring
SIM101 | Multiple isinstance-calls which can be merged into a single call for variable '{var}'
SIM102 | Use a single if-statement instead of nested if-statements
SIM103 | Return the condition {cond} directly
SIM104 | Use 'yield from {iterable}'
SIM105 | Use 'contextlib.suppress({exception})'
SIM106 | Handle error-cases first
SIM107 | Don't use return in try/except and finally
SIM108 | Use ternary operator '{assign} = {body} if {cond} else {orelse}' instead of if-else-block
SIM109 | Use '{value} in {values}' instead of '{or_op}'
SIM110 | Use 'return any({check} for {target} in {iterable})'
SIM111 | Use 'return all({check} for {target} in {iterable})'
SIM112 | Use '{expected}' instead of '{original}'
SIM113 | Use enumerate instead of '{variable}'
SIM114 | Use logical or (({cond1}) or ({cond2})) and a single body
SIM115 | Use context handler for opening files
SIM116 | Use a dictionary lookup instead of 3+ if/elif-statements: return {ret}
SIM117 | Use '{merged_with}' instead of multiple with statements
SIM118 | Use '{el} in {dict}' instead of '{el} in {dict}.keys()'
SIM201 | Use '{left} != {right}' instead of 'not {left} == {right}'
SIM202 | Use '{left} == {right}' instead of 'not {left} != {right}'
SIM203 | Use '{a} not in {b}' instead of 'not {a} in {b}'
SIM204 | Use '{a} >= {b}' instead of 'not ({a} < {b})'
SIM205 | Use '{a} > {b}' instead of 'not ({a} <= {b})'
SIM206 | Use '{a} <= {b}' instead of 'not ({a} > {b})'
SIM207 | Use '{a} < {b}' instead of 'not ({a} >= {b})'
SIM208 | Use '{a}' instead of 'not (not {a})'
SIM210 | Use 'bool({cond})' instead of 'True if {cond} else False'
SIM211 | Use 'not {cond}' instead of 'False if {cond} else True'
SIM212 | Use '{a} if {a} else {b}' instead of '{b} if not {a} else {a}'
SIM220 | Use 'False' instead of '{a} and not {a}'
SIM221 | Use 'True' instead of '{a} or not {a}'
SIM222 | Use 'True' instead of '... or True'
SIM223 | Use 'False' instead of '... and False'
SIM300 | Use '{right} == {left}' instead of '{left} == {right}' (Yoda-conditions)
FS001 | '%' operator used
FS002 | '.format' used
N801 | class name '{name}' should use CapWords convention
N802 | function name '{name}' should be lowercase
N803 | argument name '{name}' should be lowercase
N804 | first argument of a classmethod should be named 'cls'
N805 | first argument of a method should be named 'self'
N806 | variable '{name}' in function should be lowercase
N807 | function name '{name}' should not start and end with '__'
N811 | constant '{name}' imported as non constant '{asname}'
N812 | lowercase '{name}' imported as non lowercase '{asname}'
N813 | camelcase '{name}' imported as lowercase '{asname}'
N814 | camelcase '{name}' imported as constant '{asname}'
N815 | variable '{name}' in class scope should not be mixedCase
N816 | variable '{name}' in global scope should not be mixedCase
N817 | camelcase '{name}' imported as acronym '{asname}'
E101 | indentation contains mixed spaces and tabs
E123 | closing bracket does not match indentation of opening bracket's line
E124 | closing bracket does not match visual indentation
E125 | continuation line
E128 | continuation line under-indented for visual indent
E129 | visually indented line
E133 | closing bracket is missing indentation
E201 | whitespace after '%s'
E211 | whitespace before '%s'
E221 | multiple spaces before operator
E222 | multiple spaces after operator
E223 | tab before operator
E224 | tab after operator
E225 | missing whitespace around operator
E231 | missing whitespace after '%s'
E241 | multiple spaces after '%s'
E242 | tab after '%s'
E251 | unexpected spaces around keyword / parameter equals
E252 | missing whitespace around parameter equals
E261 | at least two spaces before inline comment
E262 | inline comment should start with '# '
E265 | block comment should start with '# '
E266 | too many leading '#' for block comment
E271 | multiple spaces after keyword
E272 | multiple spaces before keyword
E273 | tab after keyword
E274 | tab before keyword
E275 | missing whitespace after keyword
E301 | expected %s blank line, found 0
E302 | expected %s blank lines, found %d
E303 | too many blank lines (%d)
E304 | blank lines found after function decorator
E305 | expected %s blank lines after class or function definition, found %d
E306 | expected %s blank line before a nested definition, found 0
E401 | multiple imports on one line
E402 | module level import not at top of file
E502 | the backslash is redundant between brackets
E701 | multiple statements on one line (colon)
E702 | multiple statements on one line (semicolon)
E703 | statement ends with a semicolon
E704 | multiple statements on one line (def)
E713 | test for membership should be 'not in'
E714 | test for object identity should be 'is not'
E721 | do not compare types, use 'isinstance()'
E722 | do not use bare 'except'
E731 | do not assign a lambda expression, use a def
E741 | ambiguous variable name '%s'
E742 | ambiguous class definition '%s'
E743 | ambiguous function definition '%s'
E901 | %s: %s
E902 | %s
W191 | indentation contains tabs
W291 | trailing whitespace
W292 | no newline at end of file
W293 | blank line contains whitespace
W391 | blank line at end of file
W504 | line break after binary operator
W505 | doc line too long (%d > %d characters)
W601 | .has_key() is deprecated, use 'in'
W602 | deprecated form of raising exception
W603 | '<>' is deprecated, use '!='
W604 | backticks are deprecated, use 'repr()'
W605 | invalid escape sequence '%s'
W606 | 'async' and 'await' are reserved keywords starting with Python 3.7
F401 | %r imported but unused
F402 | import %r from line %r shadowed by loop variable