Reports/pybroker

pybroker

Algorithmic Trading in Python with Machine Learning

edtechre3.2K starsPythonNOASSERTION

Scanned: February 19, 2026

Report Version: 1.0.0

How does your project compare?

Scan your repo free →

Overall Grade

A

1,692 total findings

Architecture

C1001

Correctness

A88

Performance

A199

Security

A404

What Traditional Tools Missed

Category	Colosseum	Bandit	Semgrep
Total	1,692	0	0

1,692 findings (100%) were not detected by Bandit or Semgrep. These include compound vulnerabilities, logic errors, and context-dependent security issues that rule-based scanners aren't designed to catch.

Notable Findings

CriticalArchitecture

Function '_evaluate_all_alerts' has complexity 16

Impact: Function '_evaluate_all_alerts' has complexity 16

Recommended Fix: Review and remediate.

CriticalArchitecture

Function '_evaluate_all_alerts' has complexity 16

Impact: Function '_evaluate_all_alerts' has complexity 16

Recommended Fix: Review and remediate.

CriticalArchitecture

Docstring says: Stores data to disk cache. Code does: Calls cache.set(repr(cache_key, ttl=3600), df)

Impact: Docstring says: Stores data to disk cache. Code does: Calls cache.set(repr(cache_key, ttl=3600), df) - the ttl parameter is passed to repr() instead of cache.set()

Recommended Fix: Review and remediate.

CriticalArchitecture

Docstring says: Takes a 'field' parameter of type BarData field name. Code does: Function signature

Impact: Docstring says: Takes a 'field' parameter of type BarData field name. Code does: Function signature has no 'field' parameter; implementation uses data.high, data.low, data.close directly

Recommended Fix: Review and remediate.

CriticalArchitecture

Docstring says: Stores data to disk cache. Code does: Calls cache.set(repr(cache_key, ttl=3600), df)

Impact: Docstring says: Stores data to disk cache. Code does: Calls cache.set(repr(cache_key, ttl=3600), df) - the ttl parameter is passed to repr() instead of cache.set()

Recommended Fix: Review and remediate.

CriticalArchitecture

Attempted to inject malicious payload into cache via user-controlled key

Impact: Attempted to inject malicious payload into cache via user-controlled key

Recommended Fix: Review and remediate.

HighArchitecture

Module 'src/pybroker/log.py' causes disproportionate collapse: importance=6.1% of codebase, but remo

Impact: Module 'src/pybroker/log.py' causes disproportionate collapse: importance=6.1% of codebase, but removal collapses 72.7% — a 12.0x amplification. 24 modules fail when this module is removed (direct: 2)

Recommended Fix: Reduce disproportionate collapse by adding redundancy: split the module into independent components, add fallback implementations, use dependency injection so consumers aren't locked to a single provi

Share:Post Share

Responsible Disclosure

This public report is intended to demonstrate the depth of analysis possible with modern code scanning tools and to help the broader open source community understand common vulnerability patterns.

Scan Your Python Repo Free

Find vulnerabilities traditional tools miss. Deep analysis of Python codebases with side-by-side tool comparison.

Start Free Scan View Pricing

Embed This Badge

[![BattleHarden Report](https://battleharden.dev/api/badge/pybroker)](https://battleharden.dev/reports/pybroker)