.. _exec-used:
exec-used / W0122
=================
**Message emitted:**
``Use of exec``
**Description:**
*Raised when the 'exec' statement is used. It's dangerous to use this function for a user input, and it's also slower than actual code in general. This doesn't mean you should never use it, but you should consider alternatives first and restrict the functions available.*
**Problematic code:**
.. literalinclude:: /data/messages/e/exec-used/bad.py
:language: python
**Correct code:**
.. literalinclude:: /data/messages/e/exec-used/good.py
:language: python
**Additional details:**
The available methods and variables used in ``exec()`` may introduce a security hole.
You can restrict the use of these variables and methods by passing optional globals
and locals parameters (dictionaries) to the ``exec()`` method.
However, use of ``exec`` is still insecure. For example, consider the following call
that writes a file to the user's system:
.. code-block:: python
exec("""\nwith open("file.txt", "w", encoding="utf-8") as file:\n file.write("# code as nefarious as imaginable")\n""")
**Related links:**
- `Be careful with exec and eval in Python `_
Created by the `basic `__ checker.