all InfoSec news
Code Smell 245 - exec() and eval()
DEV Community dev.to
A great door for hackers
TL;DR: Don't use metaprogramming. It is not that cool
Problems
Security
Limited Control
Solutions
Use direct calls
Wrap the execution in a primitive and controlled command
Sanitize it
Context
Developers employ the eval() and exec() functions to evaluate arbitrary expressions from strings.
They can be a powerful tool in certain contexts but come with several risks and problems, especially when used with untrusted input or where the code's behavior is not fully controlled or understood. …
beginners can code command context control developers don door expressions functions great hackers problems programming python security solutions strings tool webdev