Disclaimer: This article is a blogger original article, shall not be reproduced without the bloggers allowed. https://blog.csdn.net/qq1124794084/article/details/89086970
A built-critical function
Exec
execfile
eval
II. The standard library modules danger
os
subprocess
Commands
III hazard third-party libraries.
Template (user_input): code template injection (SSTI) arising from the implementation of
subprocess32
IV. Deserialize
Marshal
PyYAML
pickle and cPickle
shelve
PIL
the unzip