Other side of Python eval() function

The built-in function “eval()” of python is useful in many cases. But I am gonna talk about it’s negative one.

Let, you have a function that take arguments from user. If you do eval() on that input, it might create a havoc.

As an example –

def check_pin(pin):
    if type(eval(pin)) is int:
        "Do some other stuff"
        return True
    else:
        return False


def process_users_ping(pin):
    return check_pin(pin=pin)

pins = [
    "1234", "500", "__import__('os').system('ls /')"
]

for i in pins:
    print(process_users_ping(pin=i))

Running above code where last pin is a string which has function imported and ran a command. This can create a big problem.

"9**987987987987"

This eval expression can really make your CPU hang in the tree. So, be aware to use eval without properly knowing what it might be evaluating.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.