Python exec()

Have you ever considered the constraints of a single line of Python code? There are no boundaries if you know how to use the powerful Python exec() built-in function. Python exec() is something similar to eval() function, the only difference is that the exec() function can accept large blocks of code, unlike the eval() function where only a single expression is passed as a parameter. Let us understand the concept of the Python exec() function and how it is been used.

Definition

• Python exec() function is used to dynamically execute Python programs that are passed as either a string or an object code to the function.
• The Python exec() method is a built-in function that runs the dynamically written programs, which can be parsed as either a string or a code object.

Python exec()

A string is parsed as Python statements, which are then executed and checked for any syntax errors. If there are no syntax errors, the parsed string is executed. If it’s an object code, then it is simply executed.

• Syntax

                    

exec(object, globals, locals)

                

• exec() Parameters

Python exec() function accepts 3 parameters:

object = It can either be a string or a code object

globals (optional) = Dictionary containing global methods and variables

locals (optional) = Mapping object. Dictionary containing local variables and methods

• Return value from exec()

Python exec() does not return a value; instead, it returns None.

Difference between eval() and exec()

The python exec() function is used for dynamic execution of Python programs that can be either strings or object code, and it takes huge blocks of code, as opposed to the eval() method, which only accepts a single expression. Furthermore, the Python exec() function returns nothing, but the eval() function evaluates the expression and returns the value to the caller code.

Example 1: How exec() works?

1. Passing String:

Example

                    

# Python program to illustrate exec()
exec('print("Hello World")')

exec('a=5; b=10; print("Multiplication:", a*b)')

x = 100
exec('print(x == 100)')
exec ('print(x / 20)')

                

Output

                    

Hello World
Multiplication: 50
True
5.0

                

In the above program, we pass a single line of code as a string to the Python exec() function. The globals and locals parameters are omitted.

2. Passing code of object:

Example

                    

prog = 'x = 2 \nif(x < 5): \n print(x*10)'
exec(prog)

                

Output

                    

20

                

Because it is a code object, it is performed directly and returns the result. Please take note of how we used \n and space to make a suitable indented python code block.

Example 2: Allow user to provide input

The exec() method can be used to execute code that the user has typed in dynamically. This is extremely risky because the user has the ability to run any code in your environment. So be cautious when requesting that a user enter a string or object code into the exec() function.

Example

                    

# Python program to illustrate exec() by accepting user input code
code = input('Enter a Python code: ')
exec(code)

                

Output

                    

Enter a Python code: [print(i*2) for i in range(0,6)]
0
2
4
6
8
10

                

Be careful while using exec()

Let us assume we have imported an ‘os’ module while working on a Unix system such as MacOS, Linux, etc. Now, this ‘os’ module provides a flexible way to exploit operating system features such as reading and writing to files. If you allow users to enter a value using exec(input()), the user can use the command: os.system(‘rm -rf *’) to modify, alter or even remove all files of the OS. Furthermore, you should never directly send an untrusted source to exec(). Because it is quite simple for a rogue user to cause havoc to the system.

One solution to avoid this problem is to use the dir() method. You may view all of the variables and methods that are available. It’s a good idea to double-check the variables and methods that the user has access to.

                    

from math import *
print(exec(‘dir()’))

                

Output

                    

['__annotations__', '__builtins__', '__doc__', '__loader__', '__name__', '__package__', '__spec__', 
'acos', 'acosh', 'asin', 'asinh', 'atan', 'atan2', 'atanh', 'ceil', 'comb', 'copysign', 'cos', 'cosh', 'degrees', 
'dist', 'e', 'erf', 'erfc', 'exp', 'expm1', 'fabs', 'factorial', 'floor', 'fmod', 'frexp', 'fsum', 'gamma', 'gcd', 'hypot', 
'inf', 'isclose', 'isfinite', 'isinf', 'isnan', 'isqrt', 'ldexp', 'lgamma', 'log', 'log10', 'log1p', 'log2', 'modf', 'nan', 
'perm', 'pi', 'pow', 'prod', 'radians', 'remainder', 'sin', 'sinh', 'sqrt', 'tan', 'tanh', 'tau', 'trunc']

                

Restricting the use of Available Methods and Variables in exec()

Another solution is to limit exec() to only the functions and variables that we want to use and expose. This is when global and local parameters come into play. Limiting the use of exec() by passing globals and locals dictionaries makes the code more secure, especially when providing user input to the exec() method.

1. When both the globals and the locals parameters are ignored

As we have discussed in the above example, the expression is executed in the current scope.

                    

print(exec(‘dir()’))

                

2. Passing globals parameter & locals parameter omitted

In this case, if the locals dictionary parameter is not specified, then it automatically defaults to the globals dictionary. It means the global variables and methods will be used for both the globals and locals variables.

Note – In Python, you may check the current global and local dictionaries using the built-in functions globals() and locals().

3. Passing empty dictionary as a globals parameter

Let’s explore what happens if we pass the globals value as an empty dictionary to the exec() function.

Example

                    

from math import *
exec('print(dir())', {})
print('')

# This will raise an exception
exec('print(sqrt(9))', {})

                

Output

                    

['__builtins__']

Traceback (most recent call last):
File "", line 5, in 
File "", line 1, in 
NameError: name 'sqrt' is not defined

                

In the first print statement, we have passed an empty dictionary as a globals parameter. This will only return __builtins__ that denotes only this module will be available for the ‘object. Even if we imported the math module in the above program, attempting to access any of the math module’s functions will result in an exception.

4. Making certain methods and functions available

Considering the above example, if we want to make only a specific function available for functioning, we can specify it by using the following method:

Example

                    

from math import *

fnc = {'sqrt': sqrt}
exec('print(dir())', fnc)   # fnc passed as globals parameter
exec('print(sqrt(36))', fnc)

#OR
exec('print(dir())', {'sqrt': sqrt})   # entire dictionary passed as globals parameter
exec('print(sqrt(36))', {'__builtins__':{'sqrt': sqrt, 'print': print}})

                

Output

                    

['__builtins__', 'sqrt']
6.0
['__builtins__', 'sqrt']
6.0

                

Here, you can see that the sqrt built-in function has been activated and the expression has been executed in the next print statement.

5. Passing both globals and local dictionary

Here, we have defined both the globals dictionary and locals mapping objects. In the program below, the ‘object’ parameter can only access the floor() method along with variables ‘a’ and ‘num’. All the other functions and methods will be unavailable.

Example

                    

from math import *
 
globals = {'a': 10.6439, 'floor': floor}
locals = {'num': 10}

exec('print(floor(a) + num)', globals, locals)

                

Output

                    

20

                

Frequently Asked Questions

Q1. What does exec do in Python?

Python exec() built-in function is used to dynamically execute Python programs that are passed as either a string or an object code to the function. An entire block of code can be parsed as a string or object code argument to the Python exec() function dynamically. This function will execute that block of code and return the value as per the Python statements defined.

Q2. What does exec return in Python?

Python exec() does not return a value; instead, it returns None.

A string is parsed as Python statements, which are then executed and checked for any syntax errors. If there are no syntax errors, the parsed string is executed. If it’s an object code, then it is simply executed.

Q3. How do you execute a command in Python?

Python provides a built-in exec() function that helps a programmer to parse a set of Python code as an argument and return the executed value.

Example

                    

exec('for x in range(0,3): \n print(x)')

exec('print("Python Programming")')

num = 10
exec('print(num == 20)')

                

Output

                    

0
1
2
Python Programming
False

                

Q4. How do you pass arguments to exec in Python?

The syntax for Python’s exec() function is:

                    

exec(object, globals, locals)

                

Python exec() function accepts 3 parameters:

object = It can either be a string or a code object

globals (optional) = Dictionary containing global methods and variables

locals (optional) = Mapping object. Dictionary containing local variables and methods

1. Passing string as an object:

Example

                    

exec('print("Hello World")')

                

Output

                    

Hello World

                

2. Passing code object:

Example

                    

prog = 'x = 2 \nif(x < 5): \n print(x*10)'
exec(prog)

                

Output

                    

20