Amazon Q
Detector Library
Sign in to Amazon Q
AWS
Documentation
Amazon Q
Detector Library
Python
Severity
Severity Critical
Feedback
Q
Detector Library
Python detectors
(131/131)
Improper privilege management
Spawning a process without main module
Integer overflow
Catch and swallow exception
Insufficient Logging CDK
Unauthenticated LDAP requests
Path traversal
Loose file permissions
Exposure of Sensitive Information CDK
File injection
Incorrect use of Process.terminate API
XML External Entity
Pytorch use nondeterministic algoritm
Set SNS Return Subscription ARN
Tensorflow enable ops determinism
Outdated subprocess module API
Improper input validation
Improper authentication
Missing pagination
Semaphore overflow prevention
Insecure cookie
Usage of an API that is not recommended - Low Severity
Socket connection timeout
AWS client not reused in a Lambda function
Pytorch assign in place mod
Leaky subprocess timeout
Pytorch disable gradient calculation
Risky use of dict get method
XPath injection
Missing authorization
Multidimensional list initialization using replication is error prone
SQL injection
Pytorch miss call to eval
AWS AppConfig
Improper certificate validation
URL redirection to untrusted site
Mutually exclusive call
Notebook best practice violation
Stack trace exposure
Use of a deprecated method
AWS api logging disabled cdk
OS command injection
AWS credentials logged
Missing Authorization CDK
Zip bomb attack
Sensitive data stored unencrypted due to partial encryption
Synchronous publication of AWS Lambda metrics
Unrestricted upload of dangerous file type
Pytorch redundant softmax
Insecure connection using unencrypted protocol
Unauthenticated Amazon SNS unsubscribe requests might succeed
Insecure Socket Bind
Insecure CORS policy
Cross-site request forgery
Garbage collection prevention in multiprocessing
Catch and rethrow exception
Weak algorithm used for Password Hashing
Missing none check on response metadata
Sensitive information leak
Client-side KMS reencryption
Override of reserved variable names in a Lambda function
Docker arbitrary container run
Direct dict object modification
Catastrophic backtracking regex
Resource management errors cdk
Resource leak
Tensorflow redundant softmax
AWS insecure transmission CDK
Public method parameter validation
Improper error handling
Time zone aware datetimes
Pytorch control sources of randomness
Deadlocks caused by improper multiprocessing API usage
Low maintainability with low class cohesion
Untrusted AMI images
Notebook invalid execution order
Confusion between equality and identity in conditional expression
Pytorch sigmoid before bceloss
Pytorch data loader with multiple workers
Pytorch avoid softmax with nllloss
Pytorch miss call to zero grad
Error prone sequence modification
AWS missing encryption of sensitive data cdk
Bad exception handling
Use of Default Credentials CDK
Notebook variable redefinition
Do not pass generic exception rule
Usage of an API that is not recommended - High Severity
Insecure cryptography
S3 partial encrypt CDK
Cross-site scripting
Mutable objects as default arguments of functions
Improper Access Control CDK
Violation of PEP8 programming recommendations
Insecure temporary file or directory
Complex code hard to maintain
aws kmskey encryption cdk
Usage of an API that is not recommended
Enabling and overriding debug feature
Deserialization of untrusted object
Use of an inefficient or incorrect API
Avoid using nondeterministic Tensorflow API
Inefficient string concatenation inside loop
Improper sanitization of wildcards or matching symbols
Insecure hashing
Using AutoAddPolicy or WarningPolicy
Log injection
Weak obfuscation of web request
Socket close platform compatibility
Unsanitized input is run as code
Batch request with unchecked failures
Inefficient polling of AWS resource
Hardcoded interface binding
Hardcoded IP address
Hardcoded credentials
Server-side request forgery
Module injection
Unnecessary iteration
Tensorflow control sources of randomness
Missing Authentication for Critical Function CDK
Usage of an API that is not recommended - Medium Severity
Unsafe Cloudpickle Load
Incorrect binding of SNS publish operations
PyTorch create tensors directly on device
Inefficient new method from hashlib
Dangerous global variables
Multiple values in return statement is prone to error
LDAP injection
Clear text credentials
Missing S3 bucket owner condition
AWS missing encryption CDK
Critical
Showing all detectors for the Python language with critical severity.
Insecure Socket Bind
Binding the socket with an empty IP address can introduce security risks.
Insecure cryptography
Weak, broken, or misconfigured cryptography can lead to security vulnerabilities.
Unsanitized input is run as code
Scripts generated from unsanitized inputs can lead to malicious behavior and inadvertently running code remotely.
Hardcoded credentials
Credentials, such as passwords and access keys, should not be hardcoded in source code.