Proposed Check: Warn use of `eval`

[gopar]

Thoughts?

[cooperlees]

Can you elaborate a little more on you exact idea of: a) What it check for? (Seems like if it's used you want to warn) b) What you're going to suggest or state as the remediation for the developer.

[ambv]

There's nothing inherently wrong with the use of eval. What would you like the warning to say?

[gopar]

I was taught to never use eval, for the times that I thought I needed eval, I instead went with ast.literal_eval. I guess it depends what you're passing into the function.

[joaoe]

If someone uses eval it is quite explicit that eval is being used.

The original problems with eval come from the old javascript days of developers having no idea how to code the language and using eval and copy-pasting the same code snippets everywhere.

In python so far, all use of eval I've seen and that I've used myself has been solely to work around syntax that is invalid in Python2 or 3, e.g., print or exec being keywords and not functions, or the syntax differences of the raise statement.

I do think eval should be used sparingly, but I doubt there is a big benefit about warning about its use, since it is very explicit that eval is being used somewhere.