Security Scanning Rules
Critical
SQL Injection Detection
Finds raw SQL strings in cr.execute(), f-strings in queries, and string concatenation in SQL.
Unsafe eval/exec
Detects eval(), exec(), and compile() calls that could enable code injection.
Hardcoded Secrets
Identifies API keys, passwords, and tokens embedded directly in source code.
High
XSS Risk Detection
Finds Markup() with user input, unsafe template rendering, and missing output escaping.
CSRF Protection
Checks that all HTTP controllers use proper CSRF protection.
More rules coming: sudo() misuse, ACL gaps, PII/GDPR detection, NIS2 compliance
See Pricing