Have you ever considered the constraints of a single line of Python code? There are no boundaries if you know how to use the powerful Python exec() built-in function. Python exec() is something similar to eval() function, the only difference is that the exec() function can accept large blocks of code, unlike the eval() function where only a single expression is passed as a parameter. Let us understand the concept of the Python exec() function and how it is been used.
Definition
- Python exec() function is used to dynamically execute Python programs that are passed as either a string or an object code to the function.
- The Python exec() method is a built-in function that runs the dynamically written programs, which can be parsed as either a string or a code object.
Python exec()
A string is parsed as Python statements, which are then executed and checked for any syntax errors. If there are no syntax errors, the parsed string is executed. If it’s an object code, then it is simply executed.
-
Syntax
exec(object, globals, locals)
-
exec() Parameters
Python exec() function accepts 3 parameters:
object = It can either be a string or a code object
globals (optional) = Dictionary containing global methods and variables
locals (optional) = Mapping object. Dictionary containing local variables and methods
-
Return value from exec()
Python exec() does not return a value; instead, it returns None.
Difference between eval() and exec()
The python exec() function is used for dynamic execution of Python programs that can be either strings or object code, and it takes huge blocks of code, as opposed to the eval() method, which only accepts a single expression. Furthermore, the Python exec() function returns nothing, but the eval() function evaluates the expression and returns the value to the caller code.
Example 1: How exec() works?
-
Passing String:
Example
# Python program to illustrate exec()
exec('print("Hello World")')
exec('a=5; b=10; print("Multiplication:", a*b)')
x = 100
exec('print(x == 100)')
exec ('print(x / 20)')
Output
Hello World
Multiplication: 50
True
5.0
In the above program, we pass a single line of code as a string to the Python exec() function. The globals and locals parameters are omitted.
-
Passing code of object:
Example
prog = 'x = 2 \nif(x < 5): \n print(x*10)'
exec(prog)
Output
20
Because it is a code object, it is performed directly and returns the result. Please take note of how we used \n and space to make a suitable indented python code block.
Example 2: Allow user to provide input
The exec() method can be used to execute code that the user has typed in dynamically. This is extremely risky because the user has the ability to run any code in your environment. So be cautious when requesting that a user enter a string or object code into the exec() function.
Example
# Python program to illustrate exec() by accepting user input code
code = input('Enter a Python code: ')
exec(code)
Output
Enter a Python code: [print(i*2) for i in range(0,6)]
0
2
4
6
8
10
Be careful while using exec()
Let us assume we have imported an ‘os’ module while working on a Unix system such as MacOS, Linux, etc. Now, this ‘os’ module provides a flexible way to exploit operating system features such as reading and writing to files. If you allow users to enter a value using exec(input()), the user can use the command: os.system(‘rm -rf *’) to modify, alter or even remove all files of the OS. Furthermore, you should never directly send an untrusted source to exec(). Because it is quite simple for a rogue user to cause havoc to the system.
One solution to avoid this problem is to use the dir() method. You may view all of the variables and methods that are available. It’s a good idea to double-check the variables and methods that the user has access to.
from math import *
print(exec(‘dir()’))
Output
['__annotations__', '__builtins__', '__doc__', '__loader__', '__name__', '__package__', '__spec__',
'acos', 'acosh', 'asin', 'asinh', 'atan', 'atan2', 'atanh', 'ceil', 'comb', 'copysign', 'cos', 'cosh', 'degrees',
'dist', 'e', 'erf', 'erfc', 'exp', 'expm1', 'fabs', 'factorial', 'floor', 'fmod', 'frexp', 'fsum', 'gamma', 'gcd', 'hypot',
'inf', 'isclose', 'isfinite', 'isinf', 'isnan', 'isqrt', 'ldexp', 'lgamma', 'log', 'log10', 'log1p', 'log2', 'modf', 'nan',
'perm', 'pi', 'pow', 'prod', 'radians', 'remainder', 'sin', 'sinh', 'sqrt', 'tan', 'tanh', 'tau', 'trunc']
Restricting the use of Available Methods and Variables in exec()
Another solution is to limit exec() to only the functions and variables that we want to use and expose. This is when global and local parameters come into play. Limiting the use of exec() by passing globals and locals dictionaries makes the code more secure, especially when providing user input to the exec() method.
-
When both the globals and the locals parameters are ignored
As we have discussed in the above example, the expression is executed in the current scope.
print(exec(‘dir()’))
-
Passing globals parameter & locals parameter omitted
In this case, if the locals dictionary parameter is not specified, then it automatically defaults to the globals dictionary. It means the global variables and methods will be used for both the globals and locals variables.
Note – In Python, you may check the current global and local dictionaries using the built-in functions globals() and locals().
-
Passing empty dictionary as a globals parameter
Let’s explore what happens if we pass the globals value as an empty dictionary to the exec() function.
Example
from math import *
exec('print(dir())', {})
print('')
# This will raise an exception
exec('print(sqrt(9))', {})
Output
['__builtins__']
Traceback (most recent call last):
File "", line 5, in
File "", line 1, in
NameError: name 'sqrt' is not defined
In the first print statement, we have passed an empty dictionary as a globals parameter. This will only return __builtins__ that denotes only this module will be available for the ‘object. Even if we imported the math module in the above program, attempting to access any of the math module’s functions will result in an exception.
-
Making certain methods and functions available
Considering the above example, if we want to make only a specific function available for functioning, we can specify it by using the following method:
Example
from math import *
fnc = {'sqrt': sqrt}
exec('print(dir())', fnc)Â Â # fnc passed as globals parameter
exec('print(sqrt(36))', fnc)
#OR
exec('print(dir())', {'sqrt': sqrt})Â Â # entire dictionary passed as globals parameter
exec('print(sqrt(36))', {'__builtins__':{'sqrt': sqrt, 'print': print}})
Output
['__builtins__', 'sqrt']
6.0
['__builtins__', 'sqrt']
6.0
Here, you can see that the sqrt built-in function has been activated and the expression has been executed in the next print statement.
-
Passing both globals and local dictionary
Here, we have defined both the globals dictionary and locals mapping objects. In the program below, the ‘object’ parameter can only access the floor() method along with variables ‘a’ and ‘num’. All the other functions and methods will be unavailable.
Example
from math import *
Â
globals = {'a': 10.6439, 'floor': floor}
locals = {'num': 10}
exec('print(floor(a) + num)', globals, locals)
Output
20
Frequently Asked Questions
Q1. What does exec do in Python?
Python exec() built-in function is used to dynamically execute Python programs that are passed as either a string or an object code to the function. An entire block of code can be parsed as a string or object code argument to the Python exec() function dynamically. This function will execute that block of code and return the value as per the Python statements defined.
Q2. What does exec return in Python?
Python exec() does not return a value; instead, it returns None.
A string is parsed as Python statements, which are then executed and checked for any syntax errors. If there are no syntax errors, the parsed string is executed. If it’s an object code, then it is simply executed.
Q3. How do you execute a command in Python?
Python provides a built-in exec() function that helps a programmer to parse a set of Python code as an argument and return the executed value.
Example
exec('for x in range(0,3): \n print(x)')
exec('print("Python Programming")')
num = 10
exec('print(num == 20)')
Output
0
1
2
Python Programming
False
Q4. How do you pass arguments to exec in Python?
The syntax for Python’s exec() function is:
exec(object, globals, locals)
Python exec() function accepts 3 parameters:
object = It can either be a string or a code object
globals (optional) = Dictionary containing global methods and variables
locals (optional) = Mapping object. Dictionary containing local variables and methods
- Passing string as an object:
Example
exec('print("Hello World")')
Output
Hello World
- Passing code object:
Example
prog = 'x = 2 \nif(x < 5): \n print(x*10)'
exec(prog)
Output
20
Leave a Reply