Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is this a safe use of python eval()?

Tags:

python

security

If an attacker can control the value of attacker_controlled_nasty_variable, is this segment of code vulnerable?

dic={"one":1,
      "nasty":attacker_controlled_nasty_variable,
     }
store=str(dict)
...
dic=eval(store)
like image 764
rook Avatar asked Nov 30 '22 17:11

rook

1 Answers

Use ast.literal_eval() instead of eval().

like image 103
payne Avatar answered Dec 06 '22 02:12

payne
Sign in to Comment

Related questions

Python - Overridding print()
Python's FTPLib too slow?
What is the idiomatic way of invoking a list of functions in Python?
Are inner-classes unpythonic?
python logarithm
How do I build a list of all possible tuples from this table?
how convert list of int to list of tuples
How to assert that zero or only one of N given arguments is passed
Speed of many regular expressions in python
grep -r in python
Read https url from Python with basic access authentication
Python: Rar Brute Forcer
Regex to separate Numeric from Alpha
How do constructors and destructors work?
MySQLdb not INSERTING, _mysql does fine
Script won't run in Python3.0
Python binary search-like function to find first number in sorted list greater than a specific value
Understanding logic in python (Exercise 27 of Learn Python the Hard Way)
Why list indices must be integers, not tuple?
What is the best way to install python 2 on OS X?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!