Error Explorer
Browse, filter, and fix all detected issues
SQL injection via direct string formatting
models/sale_order.py:142
User input is directly concatenated into a SQL query without parameterization. This allows attackers to inject arbitrary SQL commands.
Missing sudo() in public controller method
AUTO-FIXmodels/stock_move.py:78
A recordset operation is performed without sudo() in a method accessible from the public website, potentially exposing data.
Deprecated @api.multi decorator used
AUTO-FIXmodels/account.py:33
The @api.multi decorator was removed in Odoo 14. Use @api.model or plain methods instead.
Unsafe eval() in domain attribute
views/sale_views.xml:56
The domain attribute uses eval() which can execute arbitrary Python code if attacker-controlled values reach this template.
Missing license field in manifest
AUTO-FIX__manifest__.py:8
The __manifest__.py file does not declare a license. This is required for Odoo App Store submissions and best practice.
N+1 query pattern detected in loop
models/hr_payslip.py:210
A database query is executed inside a for loop iterating over records. Use prefetch_fields or browse() with a list of IDs instead.
Unused import statement
AUTO-FIXwizards/import_wizard.py:55
The import 'datetime' is imported but never referenced in this file.
Hardcoded API key in source code
controllers/main.py:89
A sensitive API key is hardcoded directly in the source file. Store secrets in environment variables or system parameters.