Eval Eval

The application was found calling the `eval` function with non-literal data. If the variable contains user-controlled data, either partially or fully, an adversary could compromise the entire system by executing arbitrary Python code. To remediate this issue, remove all calls to `eval` and consider alternative methods for executing the necessary business log

IndexedPublic repositoryMediumHigh confidenceVerifiedMITpython

greprules fetch gitlab-sast-python-eval-rule-eval --engine opengrep

Description

The application was found calling the `eval` function with non-literal data. If the variable contains user-controlled data, either partially or fully, an adversary could compromise the entire system by executing arbitrary Python code. To remediate this issue, remove all calls to `eval` and consider alternative methods for executing the necessary business log

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: MIT
Source context: Public repository
Source: https://gitlab.com/gitlab-org/security-products/sast-rules
Validation status: Verified
Trust signals: 100 downloads
0 direct100 via packs
· 0 stars · Trust score 90How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata