动态评估代码中指令的不当中和 ('Eval Injection')

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

为什么我会收到评估注入错误?

 if len(sys.argv) > 1:
   eval(sys.argv[1])(logger, *sys.argv[2:])

使用 ast.literal_eval 而不是 eval

代码:

from ast import literal_eval as eval
if len(sys.argv) > 1:
     eval(sys.argv[1])(logger, *sys.argv[2:])

Eval is dangerous