[issue37418] Code execution without calling it
Paul Ganssle
report at bugs.python.org
Wed Jun 26 15:11:21 EDT 2019
Paul Ganssle <p.ganssle at gmail.com> added the comment:
> why the code is executed?
> I could do a library or a package and include evil code instead of a
> print...
The code is executed because the decorator syntax
@decorator
def f():
...
Is equivalent to
def f():
...
f = decorator(f)
So you are indeed calling the `decorator` function.
It is true that you could put evil code in the decorator function, but it's also true that you can execute evil code directly in the Python function as well, e.g.:
execute_evil_code()
def f():
...
Importing such a package would call `execute_evil_code()`.
----------
nosy: +p-ganssle
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37418>
_______________________________________
More information about the Python-bugs-list
mailing list