-
Notifications
You must be signed in to change notification settings - Fork 66
Labels
improvementThis issue or pull request will add or improve functionality, maintainability, or ease of useThis issue or pull request will add or improve functionality, maintainability, or ease of usepythonPull requests that update Python codePull requests that update Python code
Description
🐛 Summary
Detected the use of exec( ). exec( ) can be a security risk if used to evaluate dynamic
content. If content can be input from outside the program, this may be a code injection
vulnerability. Ensure evaluated content is not definable by external sources.
Noticed at file setup.py line 25 reads 'exec(f,read(), pkg_vars) # nosec'.
Expected behavior
Per Dev team: Please make an issue to convert this to the same logic used in
cisagov/skeleton-python-library (https://github.com/cisagov/skeleton-python-library/blob/b2b9dd9c3fedbf2069173b116b22a07691d84507/setup.py#L35-L41)
Add any screenshots of the problem here.
Metadata
Metadata
Assignees
Labels
improvementThis issue or pull request will add or improve functionality, maintainability, or ease of useThis issue or pull request will add or improve functionality, maintainability, or ease of usepythonPull requests that update Python codePull requests that update Python code