Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      Python 2 and Python 3

      import sys
      from sys import stdin, __stdin__
      
      # Any reference to sys.stdin or sys.__stdin__ without a method call is Sensitive
      sys.stdin  # Sensitive
      
      for line in sys.stdin:  # Sensitive
          print(line)
      
      it = iter(sys.stdin)  # Sensitive
      line = next(it)
      
      # Calling the following methods on stdin or __stdin__ is sensitive
      sys.stdin.read()  # Sensitive
      sys.stdin.readline()  # Sensitive
      sys.stdin.readlines()  # Sensitive
      
      # Calling other methods on stdin or __stdin__ does not require a review, thus it is not Sensitive
      sys.stdin.seekable()  # Ok
      # ...
      

      Python 2 only

      raw_input('What is your password?')  # Sensitive
      

      Python 3 only

      input('What is your password?')  # Sensitive
      

      Function fileinput.input and class fileinput.FileInput read the standard input when the list of files is empty.

      for line in fileinput.input():  # Sensitive
          print(line)
      
      for line in fileinput.FileInput():  # Sensitive
          print(line)
      
      for line in fileinput.input(['setup.py']):  # Ok
          print(line)
      
      for line in fileinput.FileInput(['setup.py']):  # Ok
          print(line)
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nicolas.harraudeau Nicolas Harraudeau
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: