Pattern: Use of insecure input() function
Issue: -
The input() function in Python 2 will read from standard input, evaluate and run
the resulting string as python source code. This is similar, though in many
ways worse, then using eval. On Python 2, use raw_input() instead, input is safe
in Python 3.
Example of insecure code:
name = input("What's your name? ")
print("Nice to meet you " + name + "!")Example of secure code:
name = raw_input("What's your name? ")
print("Nice to meet you " + name + "!")