Skip to content

eval (PGH001)#

Derived from the pygrep-hooks linter.

What it does#

Checks for uses of the builtin eval() function.

Why is this bad?#

The eval() function is insecure as it enables arbitrary code execution.

Example#

def foo():
    x = eval(input("Enter a number: "))
    ...

Use instead:

def foo():
    x = input("Enter a number: ")
    ...

References#