Which Python function is prone to a potential code injection attack?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Get ready for your WGU ITEC2034 D385 Software Security and Testing Test. Study with multiple choice questions that include hints and explanations. Boost your confidence for your exam day!

Multiple Choice

Which Python function is prone to a potential code injection attack?

Explanation:
The key idea is recognizing which function actually runs a string as Python code. eval takes a string and executes it as Python instructions. If that string comes from user input or any untrusted source, it can run arbitrary code on your machine, access files, or perform actions you didn’t intend. That exposure is what makes it susceptible to code injection. The other functions don’t execute code themselves. print just displays data, input reads a line from the user and returns it as a string, and len computes the number of items in a sequence or collection. None of them interpret the content as Python code, so they don’t pose the same risk by themselves. To stay safe, avoid eval on untrusted input. If you need to parse data, use safer alternatives like ast.literal_eval for literal values, or implement strict parsing with whitelisting or JSON parsing, depending on the context.

The key idea is recognizing which function actually runs a string as Python code. eval takes a string and executes it as Python instructions. If that string comes from user input or any untrusted source, it can run arbitrary code on your machine, access files, or perform actions you didn’t intend. That exposure is what makes it susceptible to code injection.

The other functions don’t execute code themselves. print just displays data, input reads a line from the user and returns it as a string, and len computes the number of items in a sequence or collection. None of them interpret the content as Python code, so they don’t pose the same risk by themselves.

To stay safe, avoid eval on untrusted input. If you need to parse data, use safer alternatives like ast.literal_eval for literal values, or implement strict parsing with whitelisting or JSON parsing, depending on the context.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy