From 8295ded4101610c6dc7224c261d80accb4775f1e Mon Sep 17 00:00:00 2001
From: Eric Brown <ericwb@users.noreply.github.com>
Date: Wed, 9 Dec 2020 00:07:02 -0800
Subject: [PATCH] Remove blacklist call to input() (#662)

Now that bandit 1.6.3 is Python 3.x only, there is no longer a
need to check for a Python 2.x security issue. Namely, input()
is considered safe in Python 3.x.

Fixes #596

Signed-off-by: Eric Brown <browne@vmware.com>
---
 README.rst                          |  1 -
 bandit/blacklists/calls.py          | 13 ++++---------
 examples/input.py                   |  1 -
 tests/functional/test_functional.py |  7 -------
 4 files changed, 4 insertions(+), 18 deletions(-)
 delete mode 100644 examples/input.py

diff --git a/README.rst b/README.rst
index d36389cf7..616808d6a 100644
--- a/README.rst
+++ b/README.rst
@@ -220,7 +220,6 @@ Usage::
       B319  xml_bad_pulldom
       B320  xml_bad_etree
       B321  ftplib
-      B322  input
       B323  unverified_context
       B324  hashlib_new_insecure_functions
       B325  tempnam
diff --git a/bandit/blacklists/calls.py b/bandit/blacklists/calls.py
index 85bec160e..5028579d9 100644
--- a/bandit/blacklists/calls.py
+++ b/bandit/blacklists/calls.py
@@ -266,7 +266,9 @@
 +------+---------------------+------------------------------------+-----------+
 
 B322: input
-------------
+-----------
+
+The check for this call has been removed.
 
 The input method in Python 2 will read from standard input, evaluate and
 run the resulting string as python source code. This is similar, though in
@@ -543,14 +545,7 @@ def gen_blacklist():
         'HIGH'
         ))
 
-    sets.append(utils.build_conf_dict(
-        'input', 'B322', ['input'],
-        'The input method in Python 2 will read from standard input, '
-        'evaluate and run the resulting string as python source code. This '
-        'is similar, though in many ways worse, than using eval. On Python '
-        '2, use raw_input instead, input is safe in Python 3.',
-        'HIGH'
-        ))
+    # skipped B322 as the check for a call to input() has been removed
 
     sets.append(utils.build_conf_dict(
         'unverified_context', 'B323', ['ssl._create_unverified_context'],
diff --git a/examples/input.py b/examples/input.py
deleted file mode 100644
index 51a1f1e67..000000000
--- a/examples/input.py
+++ /dev/null
@@ -1 +0,0 @@
-input()
diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
index 7cccae4c1..be0f99c29 100644
--- a/tests/functional/test_functional.py
+++ b/tests/functional/test_functional.py
@@ -772,13 +772,6 @@ def test_baseline_filter(self):
         self.assertEqual(1, len(self.b_mgr.baseline))
         self.assertEqual({}, self.b_mgr.get_issue_list())
 
-    def test_blacklist_input(self):
-        expect = {
-            'SEVERITY': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 1},
-            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 1}
-        }
-        self.check_example('input.py', expect)
-
     def test_unverified_context(self):
         '''Test for `ssl._create_unverified_context`.'''
         expect = {