Remove insecure code
szuliq opened this issue · comments
The env variables might come form insecure sources.
You're using eval
for getting dicts. This is insecure.
This function can also be used to execute arbitrary code objects (such as those created by compile()).
Instead, use https://docs.python.org/2/library/ast.html#ast.literal_eval
Done! Version 1.1.0 was shipped to PyPi. Thank you!