Python Bad Project

A deliberately crafted Python repository with various code issues to test static code analysis and security scanning tools.

Purpose

This repository contains Python code examples that demonstrate various types of issues that can be detected by static code analysis and security scanning tools, such as SonarQube, Snyk, and SOOS. The code is intentionally written with problems to trigger different types of warnings, errors, and quality issues.

Types of Issues Included

Code Smells

• Complex functions with high cyclomatic complexity
• Inconsistent naming conventions
• Dead code and unused variables
• Hardcoded values and magic numbers

Bugs

• Off-by-one errors in array indexing
• Resource leaks (unclosed files, connections)
• Improper exception handling
• Mutable default arguments

Vulnerabilities

• SQL injection examples
• Command injection vulnerabilities
• Insecure cryptographic implementations
• Hardcoded credentials
• CI/CD Supply chain vulnerabilities

Duplications

• Similar functions with minor variations
• Repeated code patterns

Complex Code

• Deeply nested conditional statements
• Long methods with too many responsibilities

Example Scanning Tools

• SonarQube Documentation
• Snyk Documentation
• SOOS Documentation

Note

𝅘𝅥𝅮I Bad project music (https://www.youtube.com/watch?v=Fl4L4M8m4d0)