https://github.com/python/cpython/commit/b69bb1e3feca562dd8df1548674b8a73fa6153f5 commit: b69bb1e3feca562dd8df1548674b8a73fa6153f5 branch: 3.12 author: Brian Schubert <[email protected]> committer: hauntsaninja <[email protected]> date: 2024-10-29T23:22:31-07:00 summary:
[3.12] gh-118633: Add warning regarding the unsafe usage of eval and exec (GH-118437) (#126162) (cherry picked from commit 00e5ec0d35193c1665e5c0cfe5ef82eed270d0f4) Co-authored-by: Daniel Ruf <[email protected]> Co-authored-by: Kirill Podoprigora <[email protected]> Co-authored-by: Jelle Zijlstra <[email protected]> files: M Doc/library/functions.rst diff --git a/Doc/library/functions.rst b/Doc/library/functions.rst index 23f1fdb0dd3bad..3b7c9645d1496c 100644 --- a/Doc/library/functions.rst +++ b/Doc/library/functions.rst @@ -588,6 +588,11 @@ are always available. They are listed here in alphabetical order. :returns: The result of the evaluated expression. :raises: Syntax errors are reported as exceptions. + .. warning:: + + This function executes arbitrary code. Calling it with + user-supplied input may lead to security vulnerabilities. + The *expression* argument is parsed and evaluated as a Python expression (technically speaking, a condition list) using the *globals* and *locals* dictionaries as global and local namespace. If the *globals* dictionary is @@ -634,6 +639,11 @@ are always available. They are listed here in alphabetical order. .. function:: exec(object, globals=None, locals=None, /, *, closure=None) + .. warning:: + + This function executes arbitrary code. Calling it with + user-supplied input may lead to security vulnerabilities. + This function supports dynamic execution of Python code. *object* must be either a string or a code object. If it is a string, the string is parsed as a suite of Python statements which is then executed (unless a syntax error _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-checkins.python.org/ Member address: [email protected]
