mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-26 10:19:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

gh-118633: Add warning regarding the unsafe usage of eval and exec (GH-118437)

Browse source 
* Add warning regarding the unsafe usage of eval

* Add warning regarding the unsafe usage of exec

* Move warning under parameters table

* Use suggested shorter text

Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>

* Use suggested shorter text

Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>

* Improve wording as suggested

---------

Co-authored-by: Kirill Podoprigora <kirill.bast9@mail.ru>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
This commit is contained in:
Daniel Ruf 2024-10-30 01:36:18 +01:00 committed by GitHub
parent d4b6d84cc8
commit 00e5ec0d35
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Doc/library/functions.rst
View file

@ -594,6 +594,11 @@ are always available. They are listed here in alphabetical order.
:returns: The result of the evaluated expression. :returns: The result of the evaluated expression.
:raises: Syntax errors are reported as exceptions. :raises: Syntax errors are reported as exceptions.
.. warning::
This function executes arbitrary code. Calling it with
user-supplied input may lead to security vulnerabilities.
The *expression* argument is parsed and evaluated as a Python expression The *expression* argument is parsed and evaluated as a Python expression
(technically speaking, a condition list) using the *globals* and *locals* (technically speaking, a condition list) using the *globals* and *locals*
mappings as global and local namespace. If the *globals* dictionary is mappings as global and local namespace. If the *globals* dictionary is
@ -650,6 +655,11 @@ are always available. They are listed here in alphabetical order.
.. function:: exec(source, /, globals=None, locals=None, *, closure=None) .. function:: exec(source, /, globals=None, locals=None, *, closure=None)
.. warning::
This function executes arbitrary code. Calling it with
user-supplied input may lead to security vulnerabilities.
This function supports dynamic execution of Python code. *source* must be This function supports dynamic execution of Python code. *source* must be
either a string or a code object. If it is a string, the string is parsed as either a string or a code object. If it is a string, the string is parsed as
a suite of Python statements which is then executed (unless a syntax error a suite of Python statements which is then executed (unless a syntax error