I’m trying to clear out some of the uses of “eval” and “exec” in my code, thinking that they may introduce security issues. To that end, I’m currently replacing them with calls to “getattr”. Something like this:
Instead of:
eval("someObj.scriptObj." + someObj.scriptToCall + "(parameter1, parameter2)")
I’m now using this:
getattr(someObj.scriptObj, someObj.scriptToCall)(parameter1, parameter2)
Now, this seems reasonable and functional. However, I’m not all that familiar with the particulars of using “getattr”, and find myself a little anxious that there might be lurking caveats, or performance considerations.
So, I’d like to check, if I may: Are there any problems with my new approach? Does it introduce new security concerns, or problems with certain usages, or an impact to performance? Or other issues that may not have occurred to me?