Reduce use of eval()

Calling eval() is less than ideal security practice, and does not appear to be needed in these instances. Convert to ast.literal_eval() which is a safer mechanism for parsing inputs like this. Change-Id: I102f28cfa2a643f36a4d4174cef09c6f7576a804
2016-01-15 16:52:56 -05:00 · 2016-01-15 16:52:56 -05:00 · 2336d789d4
parent aa44c8b281
commit 2336d789d4
4 changed files with 9 additions and 5 deletions
--- a/cinder/tests/unit/test_ssh_utils.py
+++ b/cinder/tests/unit/test_ssh_utils.py
@ -175,7 +175,7 @@ class SSHPoolTestCase(test.TestCase):
    @mock.patch('six.moves.builtins.open')
    @mock.patch('paramiko.SSHClient')
    def test_closed_reopened_ssh_connections(self, mock_sshclient, mock_open):
-        mock_sshclient.return_value = eval('FakeSSHClient')()
+        mock_sshclient.return_value = FakeSSHClient()
        sshpool = ssh_utils.SSHPool("127.0.0.1", 22, 10,
                                    "test",
                                    password="test",
--- a/cinder/volume/drivers/emc/emc_vmax_common.py
+++ b/cinder/volume/drivers/emc/emc_vmax_common.py
@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+import ast
 import inspect
 import os.path

@ -1325,7 +1326,7 @@ class EMCVMAXCommon(object):
            self.conn = self._get_ecom_connection()

        if isinstance(loc, six.string_types):
-            name = eval(loc)
+            name = ast.literal_eval(loc)
            keys = name['keybindings']
            systemName = keys['SystemName']

@ -3948,7 +3949,7 @@ class EMCVMAXCommon(object):
        version = None
        try:
            if isinstance(loc, six.string_types):
-                name = eval(loc)
+                name = ast.literal_eval(loc)
                version = name['version']
        except KeyError:
            pass
--- a/cinder/volume/drivers/emc/emc_vmax_fc.py
+++ b/cinder/volume/drivers/emc/emc_vmax_fc.py
@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+import ast
+
 from oslo_log import log as logging
 import six

@ -201,7 +203,7 @@ class EMCVMAXFCDriver(driver.FibreChannelDriver):
        data = {'driver_volume_type': 'fibre_channel',
                'data': {}}
        loc = volume['provider_location']
-        name = eval(loc)
+        name = ast.literal_eval(loc)
        storage_system = name['keybindings']['SystemName']
        LOG.debug("Start FC detach process for volume: %(volume)s.",
                  {'volume': volume['name']})
--- a/cinder/volume/drivers/fujitsu/eternus_dx_common.py
+++ b/cinder/volume/drivers/fujitsu/eternus_dx_common.py
@ -19,6 +19,7 @@
 """
 Cinder Volume driver for Fujitsu ETERNUS DX S3 series.
 """
+import ast
 import base64
 import hashlib
 import six
@ -1293,7 +1294,7 @@ class FJDXCommon(object):
        volumename = self._create_volume_name(volume['id'])

        try:
-            location = eval(volume['provider_location'])
+            location = ast.literal_eval(volume['provider_location'])
            classname = location['classname']
            bindings = location['keybindings']