Warm tip: This article is reproduced from stackoverflow.com, please click
python eval code-injection

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

发布于 2020-03-27 10:27:09

Why am I receiving an eval injection error?

 if len(sys.argv) > 1:
   eval(sys.argv[1])(logger, *sys.argv[2:])
Questioner
Maryam7
Viewed
35
分享
shaik moeed 2019-07-03 23:09

Use ast.literal_eval instead of eval.

Code:

from ast import literal_eval as eval
if len(sys.argv) > 1:
     eval(sys.argv[1])(logger, *sys.argv[2:])

Eval is dangerous

Related issues

1
How to use python cut method to create bins, accept one parameter and return appropriate bin?
2
Create a dictionary from a list of lists with certain criteria
3
selecting columns based on row value, Python, Pandas
4
plotting count of zeros and ones in a dataframe
5
BeautifulSoup find.all() web scraping returns empty
6
python function. output a keys list from a dictionary if the key is todays date
7
Best way to perform multiple amount of Pandas lookups between two DataFrames
8
How to get the number of columns and the width of each column in a Pandas pivot table?
9
Display a column when a desired value is missing while grouping in Pandas dataframe
10
Python hide ticks but show tick labels