blob: 246857f32df1e79a0ad72eafa9752cf7e02ee346 (
plain)
1
2
3
4
5
6
7
8
9
10
|
The available methods and variables used in ``exec()`` may introduce a security hole.
You can restrict the use of these variables and methods by passing optional globals
and locals parameters (dictionaries) to the ``exec()`` method.
However, use of ``exec`` is still insecure. For example, consider the following call
that writes a file to the user's system:
.. code-block:: python
exec("""\nwith open("file.txt", "w", encoding="utf-8") as file:\n file.write("# code as nefarious as imaginable")\n""")
|
