This rule raises an issue when the exec statement is used.

== Why is this an issue?

Use of the ``++exec++`` statement could be dangerous, and should be avoided. Moreover, the ``++exec++`` statement was removed in Python 3.0. Instead, the built-in ``++exec()++`` function can be used.

Use of the ``++exec++`` statement is strongly discouraged for several reasons such as:

* *Security Risks:* Executing code from a string opens up the possibility of code injection attacks.
* *Readability and Maintainability:* Code executed with ``++exec++`` statement is often harder to read and understand since it is not explicitly written in the source code.
* *Performance Implications:* The use of ``++exec++`` statement can have performance implications since the code is compiled and executed at runtime.
* *Limited Static Analysis:* Since the code executed with ``++exec++`` statement is only known at runtime, static code analysis tools may not be able to catch certain errors or issues, leading to potential bugs.

=== Code examples

==== Noncompliant code example

[source,python,diff-id=1,diff-type=noncompliant]
----
exec 'print 1' # Noncompliant
----


==== Compliant solution

[source,python,diff-id=1,diff-type=compliant]
----
exec('print 1')
----


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Use the "exec()" function instead.


'''
== Comments And Links
(visible only on this page)

=== on 25 Feb 2019, 17:14:43 Tibor Blenessy wrote:
Changing this to code smell, as this rule is mostly about migration towards Python 3. The security aspect of this rule is covered in hotspot RSPEC-1523

endif::env-github,rspecator-view[]