Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Python static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your PYTHON code

Filtered: 3 rules found

obsolete

Impact

Clean code attribute

The "exec" statement should not be used

consistency - conventional

maintainability

Code Smell

BlockerSonarSource default severity
click to learn more

This rule raises an issue when the exec statement is used.

Why is this an issue?

Use of the exec statement could be dangerous, and should be avoided. Moreover, the exec statement was removed in Python 3.0. Instead, the built-in exec() function can be used.

Use of the exec statement is strongly discouraged for several reasons such as:

Security Risks: Executing code from a string opens up the possibility of code injection attacks.
Readability and Maintainability: Code executed with exec statement is often harder to read and understand since it is not explicitly written in the source code.
Performance Implications: The use of exec statement can have performance implications since the code is compiled and executed at runtime.
Limited Static Analysis: Since the code executed with exec statement is only known at runtime, static code analysis tools may not be able to catch certain errors or issues, leading to potential bugs.

Code examples

Noncompliant code example

exec 'print 1' # Noncompliant

Compliant solution

exec('print 1')

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

In-IDE

SaaS

Self-Hosted