-
-
Notifications
You must be signed in to change notification settings - Fork 584
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
B322 input listed as high severity, high confidence... when running python3 #402
Comments
This has come up before. I think I was the one who talked about it in IRC. So the tricky bit is that Bandit doesn't know what version of Python is being used to run the code its inspecting. I guess one workaround might be using the classifier defined in setup.py for the project and that may help some scenarios. But when discussed, the opinion was that the warning reported should advise the user that it only applies to code running in a Python2 environment. So we could improve the documentation also. |
So is the workaround to just disable B322 when your project is Python 3? Could a possible fix be to allow one to specify the version of Python your project targets as a switch to bandit? Ie |
The blacklist check for input() was removed with PR #662 |
Describe the bug
When running bandit under python 3, B322 'The input method in Python 2...' is listed as a high severity issue with high confidence.
At best, this should be lower confidence, but ideally it shouldn't complain on python 3 as (as it asserts itself) it's safe in python 3.
To Reproduce
Steps to reproduce the behavior:
While running in a python 3 virtualenv:
echo "test = input('Say something')" > test.py
bandit test.py
Expected behavior
No complaint about input is issued because this does not apply in python 3.
Bandit version
Additional context
N/A
The text was updated successfully, but these errors were encountered: