Python eval can execute statements.

1. Very common contradiction

There is often an explanation that "eval (" expression")is an evaluation of an expression, so the statement cannot be executed. The statement is executed byexec (" statement")." Do you notice that these two sentences are inconsistent with each other?

2. Contradiction = eval ("exec ('sentence')")

The true nature of the contradiction is that the statement can be executed even though the exec ('sentence') itself is an expression. Therefore, ** "the statement cannot be executed because the expression is evaluated" is broken **.

Let's try it with the following example.

Since the exec ('sentence') itself is an expression, you can put it in eval ("") .

Really scary home eval


Hoge= "eval shouldn't be able to change the value of a variable"
print(Hoge) #eval shouldn't be able to change the value of a variable
eval("exec('Hoge= \"You can change it\"')")
print(Hoge) #You can change it

3. Conclusion

There is no such thing as "it's safe because it's eval ".

If you leave it as it is, it will be a big deal.

Recommended Posts

Python eval can execute statements.
exec, eval to execute [python] statement
Automatically execute python file
Execute command from Python
Execute command from python
[Python] Execute unix command (subprocess)
Execute external command in python
[TouchDesigner] Tips for for statements using python
Execute Python code from C # GUI
Python --Difference between exec and eval
Python | What you can do with Python