The built-in function “eval()” of python is useful in many cases. But I am gonna talk about it’s negative one.
Let, you have a function that take arguments from user. If you do eval() on that input, it might create a havoc.
As an example –
def check_pin(pin): if type(eval(pin)) is int: "Do some other stuff" return True else: return False def process_users_ping(pin): return check_pin(pin=pin) pins = [ "1234", "500", "__import__('os').system('ls /')" ] for i in pins: print(process_users_ping(pin=i))
Running above code where last pin is a string which has function imported and ran a command. This can create a big problem.
This eval expression can really make your CPU hang in the tree. So, be aware to use eval without properly knowing what it might be evaluating.