mit einem Klick
mit einem Klick
| name | python-security-review |
| description | Review Python code for common security vulnerabilities |
Review Python code for security vulnerabilities, focusing on the OWASP Top 10 and Python-specific issues.
SQL: Look for string formatting in queries
BAD: f"SELECT * FROM users WHERE id = {user_id}"
GOOD: cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
Command Injection: subprocess with shell=True
BAD: subprocess.run(f"ls {user_input}", shell=True)
GOOD: subprocess.run(["ls", user_input])
SSTI: Direct user input in templates
BAD: render_template_string(user_input)
For each issue found:
[SEVERITY] Issue Title
Line: X
Code: `affected code snippet`
Risk: What could happen
Fix: How to fix it
Severity levels: CRITICAL, HIGH, MEDIUM, LOW, INFO
Validate JSON objects against schemas with clear error reporting
Test HTTP APIs with automatic request building and response validation
Generates boilerplate code and scaffolding for various programming languages