org.sonar.l10n.py.rules.python.S4829.html Maven / Gradle / Ivy
This rule is deprecated, and will eventually be removed.
Reading Standard Input is security-sensitive. It has led in the past to the following vulnerabilities:
It is common for attackers to craft inputs enabling them to exploit software vulnerabilities. Thus any data read from the standard input (stdin)
can be dangerous and should be validated.
This rule flags code that reads from the standard input.
Ask Yourself Whether
- data read from the standard input is not sanitized before being used.
You are at risk if you answered yes to this question.
Recommended Secure Coding Practices
Sanitize all data read from the standard input before using it.
Sensitive Code Example
Python 2 and Python 3
import sys
from sys import stdin, __stdin__
# Any reference to sys.stdin or sys.__stdin__ without a method call is Sensitive
sys.stdin # Sensitive
for line in sys.stdin: # Sensitive
print(line)
it = iter(sys.stdin) # Sensitive
line = next(it)
# Calling the following methods on stdin or __stdin__ is sensitive
sys.stdin.read() # Sensitive
sys.stdin.readline() # Sensitive
sys.stdin.readlines() # Sensitive
# Calling other methods on stdin or __stdin__ does not require a review, thus it is not Sensitive
sys.stdin.seekable() # Ok
# ...
Python 2 only
raw_input('What is your password?') # Sensitive
Python 3 only
input('What is your password?') # Sensitive
Function fileinput.input
and class fileinput.FileInput
read the standard input when the list of files is empty.
for line in fileinput.input(): # Sensitive
print(line)
for line in fileinput.FileInput(): # Sensitive
print(line)
for line in fileinput.input(['setup.py']): # Ok
print(line)
for line in fileinput.FileInput(['setup.py']): # Ok
print(line)
See
© 2015 - 2024 Weber Informatics LLC | Privacy Policy