-
Notifications
You must be signed in to change notification settings - Fork 252
/
Copy pathuse_of_exec.html
224 lines (142 loc) · 9.19 KB
/
use_of_exec.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>use of exec — Python Anti-Patterns documentation</title>
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/ribbon.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/font-awesome-4.1.0/css/font-awesome.min.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/menu.css" type="text/css" />
<link rel="index" title="Index"
href="../genindex.html"/>
<link rel="search" title="Search" href="../search.html"/>
<link rel="top" title="Python Anti-Patterns documentation" href="../index.html"/>
<link rel="up" title="Security" href="index.html"/>
<link rel="next" title="Performance" href="../performance/index.html"/>
<link rel="prev" title="Security" href="index.html"/>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-nav-search">
<a href="../index.html"> Python Anti-Patterns</a>
<div role="search">
<form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../correctness/index.html"><i class="fa fa-check"></i> Correctness</a></li>
<li class="toctree-l1"><a class="reference internal" href="../maintainability/index.html"><i class="fa fa-puzzle-piece"></i> Maintainability</a></li>
<li class="toctree-l1"><a class="reference internal" href="../readability/index.html"><i class="fa fa-eye"></i> Readability</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html"><i class="fa fa-lock"></i> Security</a><ul class="current">
<li class="toctree-l2 current"><a class="current reference internal" href="#">use of exec</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../performance/index.html"><i class="fa fa-dashboard"></i> Performance</a></li>
<li class="toctree-l1"><a class="reference internal" href="../django/index.html"><i class="fa fa-book"></i> Django</a></li>
</ul>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">Python Anti-Patterns</a>
</nav>
<div class="wy-nav-content" id="signup-box" >
<div class="rst-content">
<div class="navigation" role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html">Documentation</a> »</li>
<li><a href="index.html"><i class="fa fa-lock"></i> Security</a> »</li>
<li>use of exec</li>
<li class="wy-breadcrumbs-aside">
<a href="../_sources/security/use_of_exec.rst.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main">
<div class="section" id="use-of-exec">
<h1>use of exec<a class="headerlink" href="#use-of-exec" title="Permalink to this headline">¶</a></h1>
<p>The <code class="docutils literal notranslate"><span class="pre">exec</span></code> statement enables you to dynamically execute arbitrary Python code which is stored in literal strings. Building a complex string of Python code and then passing that code to <code class="docutils literal notranslate"><span class="pre">exec</span></code> results in code that is hard to read and hard to test. Anytime the <code class="docutils literal notranslate"><span class="pre">Use</span> <span class="pre">of</span> <span class="pre">exec</span></code> error is encountered, you should go back to the code and check if there is a clearer, more direct way to accomplish the task.</p>
<div class="section" id="anti-pattern">
<h2>Anti-pattern<a class="headerlink" href="#anti-pattern" title="Permalink to this headline">¶</a></h2>
<div class="section" id="program-uses-exec-to-execute-arbitrary-python-code">
<h3>Program uses <code class="docutils literal notranslate"><span class="pre">exec</span></code> to execute arbitrary Python code<a class="headerlink" href="#program-uses-exec-to-execute-arbitrary-python-code" title="Permalink to this headline">¶</a></h3>
<p>The sample code below composes a literal string containing Python code and then passes that string to <code class="docutils literal notranslate"><span class="pre">exec</span></code> for execution. This is an indirect and confusing way to program in Python.</p>
<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">s</span> <span class="o">=</span> <span class="s2">"print(</span><span class="se">\"</span><span class="s2">Hello, World!</span><span class="se">\"</span><span class="s2">)"</span>
<span class="n">exec</span> <span class="n">s</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="best-practice">
<h2>Best practice<a class="headerlink" href="#best-practice" title="Permalink to this headline">¶</a></h2>
<div class="section" id="refactor-the-code-to-avoid-exec">
<h3>Refactor the code to avoid <code class="docutils literal notranslate"><span class="pre">exec</span></code><a class="headerlink" href="#refactor-the-code-to-avoid-exec" title="Permalink to this headline">¶</a></h3>
<p>In most scenarios, you can easily refactor the code to avoid the use of <code class="docutils literal notranslate"><span class="pre">exec</span></code>. In the example below, the use of <code class="docutils literal notranslate"><span class="pre">exec</span></code> has been removed and replaced by a function.</p>
<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">print_hello_world</span><span class="p">():</span>
<span class="nb">print</span><span class="p">(</span><span class="s2">"Hello, World!"</span><span class="p">)</span>
<span class="n">print_hello_world</span><span class="p">()</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="references">
<h2>References<a class="headerlink" href="#references" title="Permalink to this headline">¶</a></h2>
<ul class="simple">
<li><p><a class="reference external" href="https://pylint.readthedocs.io/en/latest/user_guide/messages/warning/exec-used.html">PyLint - W0122, exec-used</a></p></li>
<li><p><a class="reference external" href="https://docs.python.org/2/reference/simple_stmts.html#the-exec-statement">Python Language Reference - The exec statement</a></p></li>
<li><p><a class="reference external" href="http://stackoverflow.com/questions/1933451/why-should-exec-and-eval-be-avoided">Stack Overflow - Why should exec() and eval() be avoided?</a></p></li>
</ul>
</div>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="../performance/index.html" class="btn btn-neutral float-right" title="Performance"/>Next <span class="fa fa-arrow-circle-right"></span></a>
<a href="index.html" class="btn btn-neutral" title="Security"><span class="fa fa-arrow-circle-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
</p>
</div>
<!--End mc_embed_signup-->
<a href="https://github.com/snide/sphinx_rtd_theme">Sphinx theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a> - Last updated: Sep 29, 2020
</footer>
</div>
</div>
</section>
</div>
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT:'../',
VERSION:'',
COLLAPSE_INDEX:false,
FILE_SUFFIX:'.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/language_data.js"></script>
<script type="text/javascript" src="../_static/js/theme.js"></script>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.StickyNav.enable();
});
</script>
<!-- Place this tag right after the last button or just before your close body tag. -->
<script async defer id="github-bjs" src="https://buttons.github.io/buttons.js"></script>
</body>
</html>