Skip to content

Security auditing detected exec( ) use in setup.py #107

@dv4harr10

Description

@dv4harr10

🐛 Summary

Detected the use of exec( ). exec( ) can be a security risk if used to evaluate dynamic
content. If content can be input from outside the program, this may be a code injection
vulnerability. Ensure evaluated content is not definable by external sources.

Noticed at file setup.py line 25 reads 'exec(f,read(), pkg_vars) # nosec'.

Expected behavior

Per Dev team: Please make an issue to convert this to the same logic used in
cisagov/skeleton-python-library (https://github.com/cisagov/skeleton-python-library/blob/b2b9dd9c3fedbf2069173b116b22a07691d84507/setup.py#L35-L41)

Add any screenshots of the problem here.

Metadata

Metadata

Assignees

Labels

improvementThis issue or pull request will add or improve functionality, maintainability, or ease of usepythonPull requests that update Python code

Type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions