exec-builtin (S102)

Added in v0.0.116 · Related issues · View source

Derived from the flake8-bandit linter.

What it does

Checks for uses of the builtin exec function.

Why is this bad?

The exec() function is insecure as it allows for arbitrary code execution.

Example

exec("print('Hello World')")

References

• Python documentation: exec
• Common Weakness Enumeration: CWE-78