https://github.com/yt-dlp/yt-dlp ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED111 Bare except continues silently |
medium | 25 |
MINED106 Phantom test coverage (assertion-free test) |
high | 25 |
MINED109 Mutable default argument |
medium | 24 |
MINED107 Missing Python import (NameError at runtime) |
critical | 15 |
DKC006 Compose service does not declare a runtime user |
low | 10 |
DKC010 Compose service lacks no-new-privileges hardening |
low | 10 |
MINED001 Bare Except Pass |
high | 4 |
SEC103 LDAP injection — non-constant search filter |
high | 4 |
MINED050 Stub Only Function |
info | 4 |
MINED001
Bare Except Pass
CWE-755
devscripts/run_tests.py:66
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
devscripts/tomlparse.py:129
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
yt_dlp/__pyinstaller/hook-yt_dlp.py:15
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED004
Weak Crypto
CWE-327
yt_dlp/dependencies/Cryptodome.py:15
· conf 1.00
[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).MINED004
Weak Crypto
CWE-327
yt_dlp/downloader/bunnycdn.py:44
· conf 1.00
[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).MINED004
Weak Crypto
CWE-327
yt_dlp/extractor/abcotvs.py:21
· conf 1.00
[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).MINED006
Overcatch Baseexception
CWE-705
devscripts/run_tests.py:96
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED006
Overcatch Baseexception
CWE-705
yt_dlp/downloader/niconico.py:79
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED006
Overcatch Baseexception
CWE-705
yt_dlp/downloader/rtmp.py:92
· conf 1.00
[MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.MINED099
Hardcoded Secret
CWE-798
yt_dlp/extractor/shahid.py:39
· conf 1.00
[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials.MINED106
Phantom test coverage (assertion-free test)
CWE-1126
devscripts/setup_variables_tests.py:62
· conf 1.00
[MINED106] Phantom test coverage: test_setup_variables: Test function `test_setup_variables` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cov…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:143
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_CanGetThroughUnaltered: Test function `test_remove_marked_arrange_sponsors_CanGetThroughUnaltered` runs code but contains no asse…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:147
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithSponsors: Test function `test_remove_marked_arrange_sponsors_ChapterWithSponsors` runs code but contains no assert / e…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:159
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_SponsorBlockChapters: Test function `test_remove_marked_arrange_sponsors_SponsorBlockChapters` runs code but contains no assert /…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:173
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_UniqueNamesForOverlappingSponsors: Test function `test_remove_marked_arrange_sponsors_UniqueNamesForOverlappingSponsors` runs cod…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:192
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithCuts: Test function `test_remove_marked_arrange_sponsors_ChapterWithCuts` runs code but contains no assert / expect / …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:200
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithSponsorsAndCuts: Test function `test_remove_marked_arrange_sponsors_ChapterWithSponsorsAndCuts` runs code but contains…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:212
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithSponsorCutInTheMiddle: Test function `test_remove_marked_arrange_sponsors_ChapterWithSponsorCutInTheMiddle` runs code …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:223
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithCutHidingSponsor: Test function `test_remove_marked_arrange_sponsors_ChapterWithCutHidingSponsor` runs code but contai…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:235
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithAdjacentSponsors: Test function `test_remove_marked_arrange_sponsors_ChapterWithAdjacentSponsors` runs code but contai…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:247
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithAdjacentCuts: Test function `test_remove_marked_arrange_sponsors_ChapterWithAdjacentCuts` runs code but contains no as…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:261
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithOverlappingSponsors: Test function `test_remove_marked_arrange_sponsors_ChapterWithOverlappingSponsors` runs code but …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:274
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithOverlappingCuts: Test function `test_remove_marked_arrange_sponsors_ChapterWithOverlappingCuts` runs code but contains…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:283
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithRunsOfOverlappingSponsors: Test function `test_remove_marked_arrange_sponsors_ChapterWithRunsOfOverlappingSponsors` ru…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:305
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithRunsOfOverlappingCuts: Test function `test_remove_marked_arrange_sponsors_ChapterWithRunsOfOverlappingCuts` runs code …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:323
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_OverlappingSponsorsDifferentTitlesAfterCut: Test function `test_remove_marked_arrange_sponsors_OverlappingSponsorsDifferentTitles…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:337
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_SponsorsNoLongerOverlapAfterCut: Test function `test_remove_marked_arrange_sponsors_SponsorsNoLongerOverlapAfterCut` runs code bu…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:351
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_SponsorsStillOverlapAfterCut: Test function `test_remove_marked_arrange_sponsors_SponsorsStillOverlapAfterCut` runs code but cont…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:363
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChapterWithRunsOfOverlappingSponsorsAndCuts: Test function `test_remove_marked_arrange_sponsors_ChapterWithRunsOfOverlappingSpons…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:390
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_SponsorOverlapsMultipleChapters: Test function `test_remove_marked_arrange_sponsors_SponsorOverlapsMultipleChapters` runs code bu…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:397
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_CutOverlapsMultipleChapters: Test function `test_remove_marked_arrange_sponsors_CutOverlapsMultipleChapters` runs code but contai…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:403
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_SponsorsWithinSomeChaptersAndOverlappingOthers: Test function `test_remove_marked_arrange_sponsors_SponsorsWithinSomeChaptersAndO…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:413
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_CutsWithinSomeChaptersAndOverlappingOthers: Test function `test_remove_marked_arrange_sponsors_CutsWithinSomeChaptersAndOverlappi…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:419
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChaptersAfterLastSponsor: Test function `test_remove_marked_arrange_sponsors_ChaptersAfterLastSponsor` runs code but contains no …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
test/test_postprocessors.py:428
· conf 1.00
[MINED106] Phantom test coverage: test_remove_marked_arrange_sponsors_ChaptersAfterLastCut: Test function `test_remove_marked_arrange_sponsors_ChaptersAfterLastCut` runs code but contains no assert /…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:129
· conf 1.00
[MINED108] `self._format_groups` used but never assigned in __init__: Method `__str__` of class `Changelog` reads `self._format_groups`, but no assignment to it exists in __init__ (and no class-level…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:139
· conf 1.00
[MINED108] `self.format_module` used but never assigned in __init__: Method `_format_groups` of class `Changelog` reads `self.format_module`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:146
· conf 1.00
[MINED108] `self._format_group` used but never assigned in __init__: Method `format_module` of class `Changelog` reads `self._format_group`, but no assignment to it exists in __init__ (and no class-l…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:156
· conf 1.00
[MINED108] `self._prepare_cleanup_misc_items` used but never assigned in __init__: Method `_format_group` of class `Changelog` reads `self._prepare_cleanup_misc_items`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:170
· conf 1.00
[MINED108] `self.format_single_change` used but never assigned in __init__: Method `_format_group` of class `Changelog` reads `self.format_single_change`, but no assignment to it exists in __init__ (…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:176
· conf 1.00
[MINED108] `self.format_single_change` used but never assigned in __init__: Method `_format_group` of class `Changelog` reads `self.format_single_change`, but no assignment to it exists in __init__ (…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:181
· conf 1.00
[MINED108] `self.format_single_change` used but never assigned in __init__: Method `_format_group` of class `Changelog` reads `self.format_single_change`, but no assignment to it exists in __init__ (…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:195
· conf 1.00
[MINED108] `self._format_message_link` used but never assigned in __init__: Method `_prepare_cleanup_misc_items` of class `Changelog` reads `self._format_message_link`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:205
· conf 1.00
[MINED108] `self._format_message_link` used but never assigned in __init__: Method `format_single_change` of class `Changelog` reads `self._format_message_link`, but no assignment to it exists in __i…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:208
· conf 1.00
[MINED108] `self._format_issues` used but never assigned in __init__: Method `format_single_change` of class `Changelog` reads `self._format_issues`, but no assignment to it exists in __init__ (and n…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:211
· conf 1.00
[MINED108] `self._format_authors` used but never assigned in __init__: Method `format_single_change` of class `Changelog` reads `self._format_authors`, but no assignment to it exists in __init__ (and…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:214
· conf 1.00
[MINED108] `self._format_message_link` used but never assigned in __init__: Method `format_single_change` of class `Changelog` reads `self._format_message_link`, but no assignment to it exists in __i…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:218
· conf 1.00
[MINED108] `self._format_authors` used but never assigned in __init__: Method `format_single_change` of class `Changelog` reads `self._format_authors`, but no assignment to it exists in __init__ (and…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:227
· conf 1.00
[MINED108] `self.repo_url` used but never assigned in __init__: Method `_format_message_link` of class `Changelog` reads `self.repo_url`, but no assignment to it exists in __init__ (and no class-leve…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:230
· conf 1.00
[MINED108] `self.repo_url` used but never assigned in __init__: Method `_format_issues` of class `Changelog` reads `self.repo_url`, but no assignment to it exists in __init__ (and no class-level fall…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:269
· conf 1.00
[MINED108] `self._commits` used but never assigned in __init__: Method `__iter__` of class `CommitRange` reads `self._commits`, but no assignment to it exists in __init__ (and no class-level fallback…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:272
· conf 1.00
[MINED108] `self._commits` used but never assigned in __init__: Method `__len__` of class `CommitRange` reads `self._commits`, but no assignment to it exists in __init__ (and no class-level fallback)…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:280
· conf 1.00
[MINED108] `self._commits` used but never assigned in __init__: Method `__contains__` of class `CommitRange` reads `self._commits`, but no assignment to it exists in __init__ (and no class-level fall…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:285
· conf 1.00
[MINED108] `self._end` used but never assigned in __init__: Method `_get_commits_and_fixes` of class `CommitRange` reads `self._end`, but no assignment to it exists in __init__ (and no class-level fa…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:285
· conf 1.00
[MINED108] `self._start` used but never assigned in __init__: Method `_get_commits_and_fixes` of class `CommitRange` reads `self._start`, but no assignment to it exists in __init__ (and no class-leve…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:306
· conf 1.00
[MINED108] `self._start` used but never assigned in __init__: Method `_get_commits_and_fixes` of class `CommitRange` reads `self._start`, but no assignment to it exists in __init__ (and no class-leve…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:342
· conf 1.00
[MINED108] `self._start` used but never assigned in __init__: Method `apply_overrides` of class `CommitRange` reads `self._start`, but no assignment to it exists in __init__ (and no class-level fallb…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:353
· conf 1.00
[MINED108] `self._commits` used but never assigned in __init__: Method `apply_overrides` of class `CommitRange` reads `self._commits`, but no assignment to it exists in __init__ (and no class-level f…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:355
· conf 1.00
[MINED108] `self._commits` used but never assigned in __init__: Method `apply_overrides` of class `CommitRange` reads `self._commits`, but no assignment to it exists in __init__ (and no class-level f…MINED108
self.attribute used but never assigned in __init__
CWE-476
devscripts/make_changelog.py:371
· conf 1.00
[MINED108] `self._commits` used but never assigned in __init__: Method `apply_overrides` of class `CommitRange` reads `self._commits`, but no assignment to it exists in __init__ (and no class-level f…MINED112
FastAPI POST/PUT/DELETE/PATCH endpoint without auth
CWE-306CWE-862
test/test_utils.py:228
· conf 0.80
[MINED112] FastAPI PATCH sys.platform has no auth: Handler `test_sanitize_path` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in th…SEC013
Path Traversal — User Input in File Path
yt_dlp/downloader/bunnycdn.py:48
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
yt_dlp/downloader/niconico.py:28
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
yt_dlp/downloader/soop.py:57
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
devscripts/utils.py:80
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
yt_dlp/downloader/soop.py:41
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
yt_dlp/extractor/abcnews.py:57
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC043
Secret stored in Odoo ir.config_parameter — broadly readable
yt_dlp/extractor/ciscowebex.py:42
· conf 1.00
[SEC043] Secret stored in Odoo ir.config_parameter — broadly readable: ir.config_parameter is readable by any user with read access on the model — typically all internal users. Storing API keys, OAut…SEC043
Secret stored in Odoo ir.config_parameter — broadly readable
yt_dlp/extractor/dropbox.py:62
· conf 1.00
[SEC043] Secret stored in Odoo ir.config_parameter — broadly readable: ir.config_parameter is readable by any user with read access on the model — typically all internal users. Storing API keys, OAut…SEC043
Secret stored in Odoo ir.config_parameter — broadly readable
yt_dlp/extractor/gofile.py:65
· conf 1.00
[SEC043] Secret stored in Odoo ir.config_parameter — broadly readable: ir.config_parameter is readable by any user with read access on the model — typically all internal users. Storing API keys, OAut…SEC061
JWT in source
yt_dlp/extractor/adultswim.py:87
· conf 1.00
[SEC061] JWT in source: Three-part JWT (likely signed token). Even if expired, may leak structure or claims. Ported from gitleaks jwt (MIT).SEC061
JWT in source
yt_dlp/extractor/blackboardcollaborate.py:159
· conf 1.00
[SEC061] JWT in source: Three-part JWT (likely signed token). Even if expired, may leak structure or claims. Ported from gitleaks jwt (MIT).SEC061
JWT in source
yt_dlp/extractor/cloudflarestream.py:46
· conf 1.00
[SEC061] JWT in source: Three-part JWT (likely signed token). Even if expired, may leak structure or claims. Ported from gitleaks jwt (MIT).SEC085
JS: child_process.exec with non-literal
devscripts/utils.py:30
· conf 1.00
[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
devscripts/make_lazy_extractors.py:81
· conf 0.95
[COMP001] High cognitive complexity: Function `sort_ies` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested bra…DKR001
Docker final stage has no non-root USER
bundle/docker/linux/Dockerfile:12
· conf 0.82
Docker final stage has no non-root USERDKR007
Docker build context has no .dockerignore
.dockerignore
· conf 0.90
Docker build context has no .dockerignoreERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
devscripts/tomlparse.py:129
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.MINED109
Mutable default argument
CWE-1023
test/test_config.py:120
· conf 1.00
[MINED109] Mutable default argument in `read_file` (list): `def read_file(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mut…MINED109
Mutable default argument
CWE-1023
test/test_config.py:145
· conf 1.00
[MINED109] Mutable default argument in `read_file` (list): `def read_file(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mut…MINED109
Mutable default argument
CWE-1023
test/test_config.py:169
· conf 1.00
[MINED109] Mutable default argument in `read_file` (list): `def read_file(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mut…MINED109
Mutable default argument
CWE-1023
test/test_InfoExtractor.py:56
· conf 1.00
[MINED109] Mutable default argument in `_sort_formats` (list): `def _sort_formats(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all ca…MINED109
Mutable default argument
CWE-1023
test/test_utils.py:2227
· conf 1.00
[MINED109] Mutable default argument in `test` (dict): `def test(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it i…MINED109
Mutable default argument
CWE-1023
test/test_YoutubeDL.py:549
· conf 1.00
[MINED109] Mutable default argument in `get_info` (dict): `def get_info(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/brainpop.py:36
· conf 1.00
[MINED109] Mutable default argument in `_assemble_formats` (dict): `def _assemble_formats(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared acros…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/brainpop.py:49
· conf 1.00
[MINED109] Mutable default argument in `_extract_adaptive_formats` (dict): `def _extract_adaptive_formats(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time …MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/dangalplay.py:60
· conf 1.00
[MINED109] Mutable default argument in `_call_api` (dict): `def _call_api(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mut…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/espn.py:334
· conf 1.00
[MINED109] Mutable default argument in `_call_bamgrid_api` (dict): `def _call_bamgrid_api(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared acros…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/gamejolt.py:301
· conf 1.00
[MINED109] Mutable default argument in `_entries` (list): `def _entries(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/generic.py:986
· conf 1.00
[MINED109] Mutable default argument in `_extract_embeds` (dict): `def _extract_embeds(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across al…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/kick.py:26
· conf 1.00
[MINED109] Mutable default argument in `_call_api` (dict): `def _call_api(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mut…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/netverse.py:16
· conf 1.00
[MINED109] Mutable default argument in `_call_api` (dict): `def _call_api(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mut…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/nexx.py:147
· conf 1.00
[MINED109] Mutable default argument in `_call_api` (dict): `def _call_api(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mut…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/pr0gramm.py:123
· conf 1.00
[MINED109] Mutable default argument in `_call_api` (dict): `def _call_api(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mut…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/radiokapital.py:9
· conf 1.00
[MINED109] Mutable default argument in `_call_api` (dict): `def _call_api(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mut…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/rcti.py:260
· conf 1.00
[MINED109] Mutable default argument in `_entries` (dict): `def _entries(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/rcti.py:294
· conf 1.00
[MINED109] Mutable default argument in `_series_entries` (dict): `def _series_entries(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across al…MINED109
Mutable default argument
CWE-1023
yt_dlp/extractor/turner.py:50
· conf 1.00
[MINED109] Mutable default argument in `_extract_cvp_info` (dict): `def _extract_cvp_info(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared acros…MINED109
Mutable default argument
CWE-1023
yt_dlp/jsinterp.py:964
· conf 1.00
[MINED109] Mutable default argument in `resf` (dict): `def resf(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it i…MINED109
Mutable default argument
CWE-1023
yt_dlp/options.py:256
· conf 1.00
[MINED109] Mutable default argument in `_set_from_options_callback` (dict): `def _set_from_options_callback(... = []/{}/set())` — Python's default value is constructed ONCE at function definition tim…MINED109
Mutable default argument
CWE-1023
yt_dlp/YoutubeDL.py:1725
· conf 1.00
[MINED109] Mutable default argument in `_wait_for_video` (dict): `def _wait_for_video(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across al…MINED109
Mutable default argument
CWE-1023
yt_dlp/YoutubeDL.py:3739
· conf 1.00
[MINED109] Mutable default argument in `_delete_downloaded_files` (dict): `def _delete_downloaded_files(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time an…MINED111
Bare except continues silently
devscripts/check-porn.py:32
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
test/test_http_proxy.py:46
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/cache.py:44
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/cookies.py:74
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/dependencies/__init__.py:40
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/downloader/fc2.py:27
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/downloader/fragment.py:90
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/downloader/niconico.py:79
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/extractor/common.py:3912
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/extractor/wwe.py:132
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/__init__.py:992
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/jsinterp.py:521
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/networking/__init__.py:23
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/networking/__init__.py:30
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/networking/__init__.py:37
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/networking/_requests.py:244
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/plugins.py:76
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/plugins.py:208
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/postprocessor/common.py:155
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/postprocessor/embedthumbnail.py:139
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/utils/_utils.py:185
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/utils/_utils.py:4802
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/YoutubeDL.py:667
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/YoutubeDL.py:1717
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
yt_dlp/YoutubeDL.py:3629
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.SEC003
Hardcoded Secret
yt_dlp/extractor/dangalplay.py:24
· conf 0.30
[SEC003] Hardcoded Secret: Hardcoded secret key found in source code.SEC014
SSL Verification Disabled
yt_dlp/networking/_helper.py:110
· conf 1.00
[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.SEC015
Insecure Randomness for Security
yt_dlp/extractor/eighttracks.py:108
· conf 1.00
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC041
Tabnabbing — target="_blank" without rel="noopener noreferrer"
yt_dlp/extractor/academicearth.py:29
· conf 1.00
[SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blank"> without rel="noopener noreferrer" leaks window.opener to the opened page. The opened page can then run win…SEC045
eval()/exec() on stored or user-supplied data
devscripts/utils.py:30
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC127
AI agent stub — TODO: implement / pass placeholder body
yt_dlp/extractor/motherless.py:169
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…SEC127
AI agent stub — TODO: implement / pass placeholder body
yt_dlp/networking/_helper.py:163
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…SEC127
AI agent stub — TODO: implement / pass placeholder body
yt_dlp/networking/websocket.py:18
· conf 1.00
[SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass…WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
devscripts/fish-completion.py:30
· conf 0.95
[COMP001] High cognitive complexity: Function `build_completion` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nes…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
devscripts/prepare_manpage.py:46
· conf 0.95
[COMP001] High cognitive complexity: Function `_convert_code_blocks` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand …DKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:2
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:22
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:38
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:58
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:74
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:94
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:110
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:130
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:146
· conf 0.56
Compose service does not declare a runtime userDKC006
Compose service does not declare a runtime user
bundle/docker/compose.yml:166
· conf 0.56
Compose service does not declare a runtime userDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:2
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:22
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:38
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:58
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:74
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:94
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:110
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:130
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:146
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
bundle/docker/compose.yml:166
· conf 0.62
Compose service lacks no-new-privileges hardeningSEC118
UUIDv1 / UUIDv3 used for security-sensitive identifier
yt_dlp/extractor/plutotv.py:31
· conf 1.00
[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable.SEC132
String concat where the language has interpolation (AI style drift)
yt_dlp/extractor/gdcvault.py:125
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…SEC132
String concat where the language has interpolation (AI style drift)
yt_dlp/extractor/lecturio.py:103
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…SEC132
String concat where the language has interpolation (AI style drift)
yt_dlp/extractor/stanfordoc.py:37
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…WEB005
robots.txt does not advertise a sitemap
README.md
· conf 0.74
robots.txt does not advertise a sitemapCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 391 more): Same pattern found in 391 additional files. Review if needed.DKR002
Dockerfile base image has no explicit tag
bundle/docker/linux/Dockerfile:5
· conf 0.48
Dockerfile base image is selected through a build variableDKR002
Dockerfile base image has no explicit tag
bundle/docker/linux/Dockerfile:12
· conf 0.48
Dockerfile base image is selected through a build variableMINED001
Bare Except Pass
CWE-755
[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed.MINED004
Weak Crypto
CWE-327
[MINED004] Weak Crypto (and 690 more): Same pattern found in 690 additional files. Review if needed.MINED043
Http Not Https
CWE-319
[MINED043] Http Not Https (and 359 more): Same pattern found in 359 additional files. Review if needed.MINED043
Http Not Https
CWE-319
devscripts/utils.py:85
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
yt_dlp/downloader/ism.py:175
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
yt_dlp/extractor/abcnews.py:26
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED047
Emoji In Source
[MINED047] Emoji In Source (and 5 more): Same pattern found in 5 additional files. Review if needed.MINED047
Emoji In Source
yt_dlp/extractor/canalalpha.py:30
· conf 1.00
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.MINED047
Emoji In Source
yt_dlp/extractor/fptplay.py:24
· conf 1.00
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.MINED047
Emoji In Source
yt_dlp/extractor/francaisfacile.py:18
· conf 1.00
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.MINED049
Print Pii
CWE-532
devscripts/setup_variables.py:135
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED050
Stub Only Function
CWE-1188
[MINED050] Stub Only Function (and 19 more): Same pattern found in 19 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
devscripts/run_tests.py:67
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
devscripts/tomlparse.py:130
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
yt_dlp/__pyinstaller/hook-yt_dlp.py:16
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED053
Placeholder Default Username
CWE-1392CWE-798
yt_dlp/extractor/freetv.py:11
· conf 1.00
[MINED053] Placeholder Default Username: [email protected] / [email protected] / admin/admin / changeme — typical AI placeholder credentials.MINED053
Placeholder Default Username
CWE-1392CWE-798
yt_dlp/extractor/thisoldhouse.py:84
· conf 1.00
[MINED053] Placeholder Default Username: [email protected] / [email protected] / admin/admin / changeme — typical AI placeholder credentials.MINED057
Todo Bomb
yt_dlp/extractor/lecture2go.py:47
· conf 1.00
[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness — left for later but never resolved.MINED062
Python Dataclass No Fields
yt_dlp/networking/impersonate.py:15
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED072
Python Pass Only Class
CWE-1188
[MINED072] Python Pass Only Class (and 2 more): Same pattern found in 2 additional files. Review if needed.MINED072
Python Pass Only Class
CWE-1188
yt_dlp/compat/__init__.py:14
· conf 1.00
[MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in.MINED072
Python Pass Only Class
CWE-1188
yt_dlp/minicurses.py:105
· conf 1.00
[MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in.MINED072
Python Pass Only Class
CWE-1188
yt_dlp/networking/exceptions.py:90
· conf 1.00
[MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in.MINED077
Python Open No Context
CWE-772
devscripts/check-porn.py:24
· conf 1.00
[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.SEC002
Hardcoded API Key
[SEC002] Hardcoded API Key (and 4 more): Same pattern found in 4 additional files. Review if needed.SEC013
Path Traversal — User Input in File Path
[SEC013] Path Traversal — User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed.SEC020
Secret Printed to Logs
bundle/docker/linux/build.sh:12
· conf 0.10
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
devscripts/setup_variables.py:135
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input (and 346 more): Same pattern found in 346 additional files. Review if needed.SEC043
Secret stored in Odoo ir.config_parameter — broadly readable
[SEC043] Secret stored in Odoo ir.config_parameter — broadly readable (and 6 more): Same pattern found in 6 additional files. Review if needed.SEC061
JWT in source
[SEC061] JWT in source (and 1 more): Same pattern found in 1 additional files. Review if needed.SEC103
LDAP injection — non-constant search filter
[SEC103] LDAP injection — non-constant search filter (and 35 more): Same pattern found in 35 additional files. Review if needed.SEC127
AI agent stub — TODO: implement / pass placeholder body
[SEC127] AI agent stub — TODO: implement / pass placeholder body (and 1 more): Same pattern found in 1 additional files. Review if needed.SEC128
Async function without await — fire-and-forget Promise (AI mistake)
[SEC128] Async function without await — fire-and-forget Promise (AI mistake) (and 66 more): Same pattern found in 66 additional files. Review if needed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/fe8748da-1f2f-4f59-9f1b-dbc2d86d5b99/.