eval in Python is Dangerous

#Python

eval is powerful but really dangerous

eval in python will try to execute the strings as python code.

Consider the following python code,


import os

__cwd__ = os.getcwd()
__location__ = os.path.realpath(
    os.path.join(__cwd__, os.path.dirname(__file__))
    )

print(f'location: {__location__}')
print(f'filename: {__file__}')

with open(os.path.join(__location__, __file__),'r') as fp:
    content = fp.read()

print(content)

exec(content)

The code will execute the content of the file itself.

Published: by ;

Table of Contents

Current Ref:

  • til/programming/python/python-eval.md