Reading Standard Input is security-sensitive. It has led in the past to the following vulnerabilities:

It is common for attackers to craft inputs enabling them to exploit software vulnerabilities. Thus any data read from the standard input (stdin) can be dangerous and should be validated.

This rule flags code that reads from the standard input.

Ask Yourself Whether

You are at risk if you answered yes to this question.

Recommended Secure Coding Practices

Sanitize all data read from the standard input before using it.

See:

Questionable Code Example

Python 2 and Python 3

import sys
from sys import stdin, __stdin__

# Any reference to sys.stdin or sys.__stdin__ without a method call is Questionable
sys.stdin  # Questionable

for line in sys.stdin:  # Questionable
    print(line)

it = iter(sys.stdin)  # Questionable
line = next(it)

# Calling the following methods on stdin or __stdin__ is questionable
sys.stdin.read()  # Questionable
sys.stdin.readline()  # Questionable
sys.stdin.readlines()  # Questionable

# Calling other methods on stdin or __stdin__ does not require a review, thus it is not Questionable
sys.stdin.seekable()  # Ok
# ...

Python 2 only

raw_input('What is your password?')  # Questionable

Python 3 only

input('What is your password?')  # Questionable

Function fileinput.input and class fileinput.FileInput read the standard input when the list of files is empty.

for line in fileinput.input():  # Questionable
    print(line)

for line in fileinput.FileInput():  # Questionable
    print(line)

for line in fileinput.input(['setup.py']):  # Ok
    print(line)

for line in fileinput.FileInput(['setup.py']):  # Ok
    print(line)