Dynamic code execution is always an issue and should never be used.

Question

KOLANICH opened this issue 2 years ago · comments

Describe the bug
The library contains exec call

System information
A clear and concise description of your system information.

Traceback stack
Was not executed.

Expected behavior
Must not contain any dynamic code execution.

Additional context
Dynamic code execution is always a security issue.

Jarry Shaw · Answer 1 · Fri Jun 03 2022 14:30:55 GMT+0800 (China Standard Time)

Thanks for reporting. The exec call was inevitable to implement pcapkit.corekit.infoclass.Info, which is actually borrowed from Python's built-in module dataclasses.

KOLANICH · Answer 2 · Fri Jun 03 2022 14:54:17 GMT+0800 (China Standard Time)

Thanks for the info. I could never imagine that this kind of code could ever land into the standard library.