Skip to content

Commit

Permalink
pythongh-118633: Add warning regarding the unsafe usage of eval and e…
Browse files Browse the repository at this point in the history
…xec (pythonGH-118437)

* Add warning regarding the unsafe usage of eval

* Add warning regarding the unsafe usage of exec

* Move warning under parameters table

* Use suggested shorter text

Co-authored-by: Jelle Zijlstra <[email protected]>

* Use suggested shorter text

Co-authored-by: Jelle Zijlstra <[email protected]>

* Improve wording as suggested

---------

Co-authored-by: Kirill Podoprigora <[email protected]>
Co-authored-by: Jelle Zijlstra <[email protected]>
  • Loading branch information
3 people authored Oct 30, 2024
1 parent d4b6d84 commit 00e5ec0
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions Doc/library/functions.rst
Original file line number Diff line number Diff line change
Expand Up @@ -594,6 +594,11 @@ are always available. They are listed here in alphabetical order.
:returns: The result of the evaluated expression.
:raises: Syntax errors are reported as exceptions.

.. warning::

This function executes arbitrary code. Calling it with
user-supplied input may lead to security vulnerabilities.

The *expression* argument is parsed and evaluated as a Python expression
(technically speaking, a condition list) using the *globals* and *locals*
mappings as global and local namespace. If the *globals* dictionary is
Expand Down Expand Up @@ -650,6 +655,11 @@ are always available. They are listed here in alphabetical order.

.. function:: exec(source, /, globals=None, locals=None, *, closure=None)

.. warning::

This function executes arbitrary code. Calling it with
user-supplied input may lead to security vulnerabilities.

This function supports dynamic execution of Python code. *source* must be
either a string or a code object. If it is a string, the string is parsed as
a suite of Python statements which is then executed (unless a syntax error
Expand Down

0 comments on commit 00e5ec0

Please sign in to comment.