eval in Python is Dangerous


eval is powerful but really dangerous

eval in python will try to execute the strings as python code.

Consider the following python code,

import os

__cwd__ = os.getcwd()
__location__ = os.path.realpath(
    os.path.join(__cwd__, os.path.dirname(__file__))

print(f'location: {__location__}')
print(f'filename: {__file__}')

with open(os.path.join(__location__, __file__),'r') as fp:
    content = fp.read()



The code will execute the content of the file itself.

Published: by ;

L Ma (2019). 'eval in Python is Dangerous', Datumorphism, 08 April. Available at: https://datumorphism.leima.is/til/programming/python/python-eval/.

Current Ref:

  • til/programming/python/python-eval.md