Executing of external code on the server (ExecuteExternalCode)¶

Type	Scope	Severity	Activated by default	Minutes to fix	Tags
`Vulnerability`	`BSL`	`Critical`	`Yes`	`1`	`error` `standard`

Description¶

When you develop applications, note that not only execution of a code written in the Enterprise mode is unsafe, but also places, where the Execute or Eval methods are used to execute the code created based on parameters passed to server functions and procedures. It is forbidden to use the Execute andEval methods in server methods of form modules, commands, objects, etc.

This restriction is not applicable to the code being executed on the client

Examples¶

Sources¶

Restrictions on the use of Execute and Eval on the server (RU)

Snippets¶

Diagnostic ignorance in code¶

// BSLLS:ExecuteExternalCode-off
// BSLLS:ExecuteExternalCode-on

Parameter for config¶

"ExecuteExternalCode": false