[BUG] Severe security Vulnerability in telegram python bot

[Nishith-Savla]

Hello, I'm a GSSoC '23 Contributor.

The tg_bot which executes python code is directly calling the exec function with the user-provided source code. This can be a severe security vulnerability as the attacker can gain complete control of the system by executing some malicious python code.

To solve this, we can use RestrictedPython which allows us to restrict imports, mutating globals and so on. Also, the folder should be renamed to indicate the use case of the specific bot.

Also, it would be better to change the command from /eval to /run as eval in python only supports expressions and the user may misinterpret the command

I want to work on this. It would be great if you assign this to me.

E.g.