eval (PGH001)

Derived from the pygrep-hooks linter.

What it does

Checks for uses of the builtin eval() function.

Why is this bad?

The eval() function is insecure as it enables arbitrary code execution.

Example

def foo():
    x = eval(input("Enter a number: "))
    ...

Use instead:

def foo():
    x = input("Enter a number: ")
    ...

References

• Python documentation: eval
• Eval really is dangerous by Ned Batchelder