Avoid dynamic code execution with eval or exec | Critiq Docs

#Metadata

Rule ID: py.security.dynamic-code-execution
Severity: high
Confidence: 0.95
Languages: python
Presets: security, strict
Stability: stable
Applies to: block
Tags: execution, injection, python, rules-catalog, security

#Why it matters

Dynamic code execution turns untrusted data into executable behavior and expands code-injection risk.

#Remediation

Replace dynamic execution with explicit parsing, allowlisted operations, or fixed function dispatch tables.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/python/py.security.dynamic-code-execution.rule.yaml.

Back to directory Open rule in repository