Tuesday, 2 April 2013

Use of eval in python

The eval function lets a python program run python code within itself.
eval example (interactive shell):
>>> x = 1
>>> eval('x + 1')
>>> eval('x')
eval() interprets a string as code. The reason why so many people have warned you about using this is because a user can use this as an option to run code on the computer. If you have eval(input())and os imported, a person could type into input() os.system('rm -R *') which would delete all your files in your home directory. (Assuming you have a unix system). Using eval() is a security hole. If you need to convert strings to other formats, try to use things that do that, like int(). 

No comments:

Post a Comment