PYL-W0122 · Audit required: Use of `exec`

Audit required: Use of exec PYL-W0122

Security

Major

3 months ago — 2 years old

Use of exec

 38
 39    def execute(self) -> None:
 40        with stdoutIO() as s:
 41            exec(self.input_editor.toPlainText()) 42            result = s.getvalue()
 43            self.output_editor.setPlainText(result)
 44

Use of exec

nukeserversocket/controllers/local_app.py

33
34    def execute(self) -> None:
35        with stdoutIO() as s:
36            exec(self.input_editor.toPlainText())37            result = s.getvalue()
38            self.output_editor.setPlainText(result)
39

Use of exec

tests/test_server.py

 38
 39    def execute(self) -> None:
 40        with stdoutIO() as s:
 41            exec(self.input_editor.toPlainText()) 42            result = s.getvalue()
 43            self.output_editor.setPlainText(result)
 44

Use of exec

nukeserversocket/controllers/local_app.py

33
34    def execute(self) -> None:
35        with stdoutIO() as s:
36            exec(self.input_editor.toPlainText())37            result = s.getvalue()
38            self.output_editor.setPlainText(result)
39

Use of exec

tests/test_server.py

 38
 39    def execute(self) -> None:
 40        with stdoutIO() as s:
 41            exec(self.input_editor.toPlainText()) 42            result = s.getvalue()
 43            self.output_editor.setPlainText(result)
 44

Description

Usage of exec function is strongly discouraged, since it opens up possibilities of unauthorized code execution if the statements are not escaped properly. Read more on why should exec be avoided here.

sisoe24 / nukeserversocket