trailofbits.python.numpy-distutils.numpy-distutils

profile photo of trailofbitstrailofbits
Author
unknown
Download Count*

NumPy distutils is deprecated, and will be removed in the future

Run Locally

Run in CI

Defintion

rules:
  - id: numpy-distutils
    message: NumPy distutils is deprecated, and will be removed in the future
    languages:
      - python
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-676: Use of Potentially Dangerous Function"
      subcategory:
        - audit
      confidence: HIGH
      likelihood: MEDIUM
      impact: LOW
      technology:
        - numpy
      description: Use of deprecated `numpy.distutils`
      references:
        - https://numpy.org/doc/stable/reference/distutils.html
      license: AGPL-3.0 license
      vulnerability_class:
        - Dangerous Method or Function
    patterns:
      - pattern: |
          import numpy.distutils

Examples

numpy-distutils.py

# ruleid: numpy-distutils
from numpy import distutils

# ruleid: numpy-distutils
from numpy.distutils import exec_command

# ok: numpy-distutils
import numpy as np