all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Code Smell 245 - exec() and eval()

Add to bookmarks
April 4, 2024, midnight | Maxi Contieri

DEV Community dev.to

A great door for hackers



TL;DR: Don't use metaprogramming. It is not that cool






Problems


  • Security


  • Limited Control






Solutions


  1. Use direct calls


  2. Wrap the execution in a primitive and controlled command


  3. Sanitize it






Context

Developers employ the eval() and exec() functions to evaluate arbitrary expressions from strings.


They can be a powerful tool in certain contexts but come with several risks and problems, especially when used with untrusted input or where the code's behavior is not fully controlled or understood. …

beginners can code command context control developers don door expressions functions great hackers problems programming python security solutions strings tool webdev

Visit resource

More from dev.to / DEV Community

Agent2.AI: The Digital Guardian for Zero Data Leakage and Employee Retention an hour ago | dev.to
ai aiagent business challenges +30
Renewing Let's Encrypt Certificates with NGINX Unit 2 hours ago | dev.to
apache bash box certbot +15
Access Google Cloud Secret Manager via Google Apps Script 5 hours ago | dev.to
access api api keys apps +22
The Reality of Burnout and Breaking Into Tech 8 hours ago | dev.to
back breaking burnout coding +18
No More Passwords! Terraform Module Makes GCP-GitHub Authentication a Breeze 9 hours ago | dev.to
access actions authentication cloud +23
How to Add Firebase Authentication To Your NodeJS App 10 hours ago | dev.to
absolute app application authentication +19
JS Security Tip 05-01-2024 ICYMI 10 hours ago | dev.to
alert argument can fair +11
Optimise and Secure AWS HTTP API Gateway by locking down direct access 11 hours ago | dev.to
access advanced api api gateway +25
Learn SwiftUI (Day 8/100) 12 hours ago | dev.to
case defined error function +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Security Engineer II- Full stack Java with React

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Cybersecurity SecOps

@ GFT Technologies | Mexico City, MX, 11850
View on infosec-jobs.com

Senior Information Security Advisor

@ Sun Life | Sun Life Toronto One York
View on infosec-jobs.com

Contract Special Security Officer (CSSO) - Top Secret Clearance

@ SpaceX | Hawthorne, CA
View on infosec-jobs.com

Early Career Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com
View more jobs