| Argument | Details |
| --- | --- |
| expression | The expression code as a string, or a code object |
| object | The statement code as a string, or a code object |
| globals | The dictionary to use for global variables. If locals is not specified, this is also used for locals. If omitted, the globals() of calling scope are used. |
| locals | A mapping object that is used for local variables. If omitted, the one passed for globals is used instead. If both are omitted, then the globals() and locals() of the calling scope are used for globals and locals respectively. |

### Section 102.1: Executing code provided by untrusted userusing exec, eval, or ast.literal_eval

### Section 102.2: Evaluating a string containing a Python literal with ast.literal_eval

In [1]:
import ast
code = """(1, 2, {'foo': 'bar'})"""
object = ast.literal_eval(code)
object

(1, 2, {'foo': 'bar'})

In [3]:
type(object)

tuple

In [None]:
ast.literal_eval('()' * 1000000)

### Section 102.3: Evaluating statements with exec

In [1]:
code = """for i in range(5):\n print('Hello world!')"""
exec(code)

Hello world!
Hello world!
Hello world!
Hello world!
Hello world!


### Section 102.4: Evaluating an expression with eval

In [2]:
expression = '5 + 3 * a'
a = 5
result = eval(expression)
result

20

### Section 102.5: Precompiling an expression to evaluate it multiple times

In [3]:
code = compile('a * b + c', '<string>', 'eval')
code

<code object <module> at 0x00000272EF4B1A50, file "<string>", line 1>

In [4]:
a,b,c = 1,2,3

In [5]:
eval(code)

5

### Section 102.6: Evaluating an expression with eval using custom globals

In [11]:
variables = {'a': 6, 'b': 7}
eval('a * b', variables)

42

In [9]:
help(eval)

Help on built-in function eval in module builtins:

eval(source, globals=None, locals=None, /)
    Evaluate the given source in the context of globals and locals.
    
    The source may be a string representing a Python expression
    or a code object as returned by compile().
    The globals must be a dictionary and locals can be any mapping,
    defaulting to the current globals and locals.
    If only globals is given, locals defaults to it.



In [12]:
eval('variables')

{'__builtins__': {'ArithmeticError': ArithmeticError,
  'AssertionError': AssertionError,
  'AttributeError': AttributeError,
  'BaseException': BaseException,
  'BlockingIOError': BlockingIOError,
  'BrokenPipeError': BrokenPipeError,
  'BufferError': BufferError,
  'ChildProcessError': ChildProcessError,
  'ConnectionAbortedError': ConnectionAbortedError,
  'ConnectionError': ConnectionError,
  'ConnectionRefusedError': ConnectionRefusedError,
  'ConnectionResetError': ConnectionResetError,
  'EOFError': EOFError,
  'Ellipsis': Ellipsis,
  'EnvironmentError': OSError,
  'Exception': Exception,
  'False': False,
  'FileExistsError': FileExistsError,
  'FileNotFoundError': FileNotFoundError,
  'FloatingPointError': FloatingPointError,
  'GeneratorExit': GeneratorExit,
  'IOError': OSError,
  'ImportError': ImportError,
  'IndentationError': IndentationError,
  'IndexError': IndexError,
  'InterruptedError': InterruptedError,
  'IsADirectoryError': IsADirectoryError,
  'KeyError': KeyEr

In [14]:
eval('variables', variables)

NameError: name 'variables' is not defined

In [17]:
from collections import defaultdict
variables = defaultdict(int, {'a': 42})
eval('a * c', variables)
# note that 'c' is not explicitly defined

0