Dynamic code execution is always an issue and should never be used.
KOLANICH opened this issue · comments
KOLANICH commented
Describe the bug
The library contains exec
call
System information
A clear and concise description of your system information.
- OS Version: any
- Python Version: any
- Python Implementation:any
Traceback stack
Was not executed.
Expected behavior
Must not contain any dynamic code execution.
Additional context
Dynamic code execution is always a security issue.
Jarry Shaw commented
Thanks for reporting. The exec
call was inevitable to implement pcapkit.corekit.infoclass.Info
, which is actually borrowed from Python's built-in module dataclasses
.
KOLANICH commented
Thanks for the info. I could never imagine that this kind of code could ever land into the standard library.