all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Code Smell 245 - exec() and eval()

Add to bookmarks
April 4, 2024, midnight | Maxi Contieri

DEV Community dev.to

A great door for hackers



TL;DR: Don't use metaprogramming. It is not that cool






Problems


  • Security


  • Limited Control






Solutions


  1. Use direct calls


  2. Wrap the execution in a primitive and controlled command


  3. Sanitize it






Context

Developers employ the eval() and exec() functions to evaluate arbitrary expressions from strings.


They can be a powerful tool in certain contexts but come with several risks and problems, especially when used with untrusted input or where the code's behavior is not fully controlled or understood. …

beginners can code command context control developers don door expressions functions great hackers problems programming python security solutions strings tool webdev

Visit resource

More from dev.to / DEV Community

Some notes on symmetric encryption in golang 41 minutes ago | dev.to
box crypto cryptography encrypt +14
8 Gmail Hacks that you shouldn't miss 3 hours ago | dev.to
don effectively email emails +7
Demystifying Same Origin Policy in Simple Words 4 hours ago | dev.to
backend beginners can critical +17
Langchain: Data Protection 4 hours ago | dev.to
ai applications breaches chatbot +29
AWS Cognito terms that confused me 8 hours ago | dev.to
access access rights api api gateway +17
How to Hide the X-Powered-By Header in NestJS 10 hours ago | dev.to
api application attackers backend +13
Symfony Station Communiqué - 17 May 2024: A look at Symfony, Drupal, PHP, Cybersec, and … 11 hours ago | dev.to
big big tech communities cybersec +12
Understanding JWT: Basics of Authentication and Algorithms 13 hours ago | dev.to
algorithms authenticate authentication basics +16
@New 16 hours ago | dev.to
build builder class dependency +8

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Technical Support Specialist (Cyber Security)

@ Sigma Software | Warsaw, Poland
View on infosec-jobs.com

OT Security Specialist

@ Adani Group | AHMEDABAD, GUJARAT, India
View on infosec-jobs.com

FS-EGRC-Manager-Cloud Security

@ EY | Bengaluru, KA, IN, 560048
View on infosec-jobs.com