51 lines
1.7 KiB
Plaintext
51 lines
1.7 KiB
Plaintext
This rule raises an issue when the exec statement is used.
|
|
|
|
== Why is this an issue?
|
|
|
|
Use of the ``++exec++`` statement could be dangerous, and should be avoided. Moreover, the ``++exec++`` statement was removed in Python 3.0. Instead, the built-in ``++exec()++`` function can be used.
|
|
|
|
Use of the ``++exec++`` statement is strongly discouraged for several reasons such as:
|
|
|
|
* *Security Risks:* Executing code from a string opens up the possibility of code injection attacks.
|
|
* *Readability and Maintainability:* Code executed with ``++exec++`` statement is often harder to read and understand since it is not explicitly written in the source code.
|
|
* *Performance Implications:* The use of ``++exec++`` statement can have performance implications since the code is compiled and executed at runtime.
|
|
* *Limited Static Analysis:* Since the code executed with ``++exec++`` statement is only known at runtime, static code analysis tools may not be able to catch certain errors or issues, leading to potential bugs.
|
|
|
|
=== Code examples
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,python,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
exec 'print 1' # Noncompliant
|
|
----
|
|
|
|
|
|
==== Compliant solution
|
|
|
|
[source,python,diff-id=1,diff-type=compliant]
|
|
----
|
|
exec('print 1')
|
|
----
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Use the "exec()" function instead.
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 25 Feb 2019, 17:14:43 Tibor Blenessy wrote:
|
|
Changing this to code smell, as this rule is mostly about migration towards Python 3. The security aspect of this rule is covered in hotspot RSPEC-1523
|
|
|
|
endif::env-github,rspecator-view[]
|