FilesExpand file tree

 main

/

UseofInput.ql

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

25 lines (23 loc) · 714 Bytes

 main

/

UseofInput.ql

Top

File metadata and controls

• Code
• Blame

25 lines (23 loc) · 714 Bytes

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

/**

* @name 'input' function used in Python 2

* @description The built-in function 'input' is used which, in Python 2, can allow arbitrary code to be run.

* @kind problem

* @tags security

* correctness

* external/cwe/cwe-094

* external/cwe/cwe-095

* @problem.severity error

* @security-severity 9.8

* @sub-severity high

* @precision high

* @id py/use-of-input

*/

import python

import semmle.python.dataflow.new.DataFlow

import semmle.python.ApiGraphs

from DataFlow::CallCfgNode call

where

major_version() = 2 and

call = API::builtin("input").getACall() and

call != API::builtin("raw_input").getACall()

select call, "The unsafe built-in function 'input' is used in Python 2."