I've been exploring the possibilities to execute a python function with a servercommand and I came across eval().
Example of what I'm trying to do:
Code: Select all
execute_python test_module test_function <args>
which would then call:
Syntax: Select all
def test_function(args):
in the test_module.
But while looking for examples I often read that its dangerous to use due to security reasons (for example if someone would pass a string to it, that does bad stuff like deleting folders etc).
Would it be possible for someone to exploit said servercommand (or find a way to go around it) and do harm to a server with it?
I also found getattr, which seems to work only with Classes though (please correct me if I'm wrong!)