.. _exec-used:

exec-used / W0122
=================

**Message emitted:**

Use of exec

**Description:**

*Raised when the 'exec' statement is used. It's dangerous to use this function for a user input, and it's also slower than actual code in general. This doesn't mean you should never use it, but you should consider alternatives first and restrict the functions available.*

**Problematic code:**

.. literalinclude:: /data/messages/e/exec-used/bad.py
   :language: python

**Correct code:**

.. literalinclude:: /data/messages/e/exec-used/good.py
   :language: python

**Additional details:**

The available methods and variables used in ``exec()`` may introduce a security hole.
You can restrict the use of these variables and methods by passing optional globals
and locals parameters (dictionaries) to the ``exec()`` method.

However, use of ``exec`` is still insecure. For example, consider the following call
that writes a file to the user's system:

.. code-block:: python

    exec("""\nwith open("file.txt", "w", encoding="utf-8") as file:\n file.write("# code as nefarious as imaginable")\n""")

**Related links:**

- `Be careful with exec and eval in Python <https://lucumr.pocoo.org/2011/2/1/exec-in-python/>`_

Created by the `basic <https://github.com/PyCQA/pylint/blob/main/pylint/checkers/base/basic_checker.py>`__ checker.