The built-in function “eval()” of python is useful in many cases. But I am gonna talk about it’s negative one.
Let, you have a function that take arguments from user. If you do eval() on that input, it might create a havoc.
As an example –
def check_pin(pin):
if type(eval(pin)) is int:
"Do some other stuff"
return True
else:
return False
def process_users_ping(pin):
return check_pin(pin=pin)
pins = [
"1234", "500", "__import__('os').system('ls /')"
]
for i in pins:
print(process_users_ping(pin=i))
Running above code where last pin is a string which has function imported and ran a command. This can create a big problem.
"9**987987987987"
This eval expression can really make your CPU hang in the tree. So, be aware to use eval without properly knowing what it might be evaluating.