PyCharm Python Security plugin
Contents:
Use of builtin exec() function can leave code open to arbitrary execution.
exec()
Check will ignore instances where the first argument (code to executed) is a string literal.
exec(f)