org.sonar.l10n.py.rules.python.ExecStatementUsage.html Maven / Gradle / Ivy
This rule raises an issue when the exec statement is used.
Why is this an issue?
Use of the exec
statement could be dangerous, and should be avoided. Moreover, the exec
statement was removed in Python
3.0. Instead, the built-in exec()
function can be used.
Use of the exec
statement is strongly discouraged for several reasons such as:
- Security Risks: Executing code from a string opens up the possibility of code injection attacks.
- Readability and Maintainability: Code executed with
exec
statement is often harder to read and understand since
it is not explicitly written in the source code.
- Performance Implications: The use of
exec
statement can have performance implications since the code is compiled
and executed at runtime.
- Limited Static Analysis: Since the code executed with
exec
statement is only known at runtime, static code
analysis tools may not be able to catch certain errors or issues, leading to potential bugs.
Code examples
Noncompliant code example
exec 'print 1' # Noncompliant
Compliant solution
exec('print 1')
© 2015 - 2024 Weber Informatics LLC | Privacy Policy