Reduce use of eval()
Calling eval() is less than ideal security practice, and does not appear to be needed in these instances. Convert to ast.literal_eval() which is a safer mechanism for parsing inputs like this. Change-Id: I102f28cfa2a643f36a4d4174cef09c6f7576a804
This commit is contained in:
parent
aa44c8b281
commit
2336d789d4
|
@ -175,7 +175,7 @@ class SSHPoolTestCase(test.TestCase):
|
|||
@mock.patch('six.moves.builtins.open')
|
||||
@mock.patch('paramiko.SSHClient')
|
||||
def test_closed_reopened_ssh_connections(self, mock_sshclient, mock_open):
|
||||
mock_sshclient.return_value = eval('FakeSSHClient')()
|
||||
mock_sshclient.return_value = FakeSSHClient()
|
||||
sshpool = ssh_utils.SSHPool("127.0.0.1", 22, 10,
|
||||
"test",
|
||||
password="test",
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import ast
|
||||
import inspect
|
||||
import os.path
|
||||
|
||||
|
@ -1325,7 +1326,7 @@ class EMCVMAXCommon(object):
|
|||
self.conn = self._get_ecom_connection()
|
||||
|
||||
if isinstance(loc, six.string_types):
|
||||
name = eval(loc)
|
||||
name = ast.literal_eval(loc)
|
||||
keys = name['keybindings']
|
||||
systemName = keys['SystemName']
|
||||
|
||||
|
@ -3948,7 +3949,7 @@ class EMCVMAXCommon(object):
|
|||
version = None
|
||||
try:
|
||||
if isinstance(loc, six.string_types):
|
||||
name = eval(loc)
|
||||
name = ast.literal_eval(loc)
|
||||
version = name['version']
|
||||
except KeyError:
|
||||
pass
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import ast
|
||||
|
||||
from oslo_log import log as logging
|
||||
import six
|
||||
|
||||
|
@ -201,7 +203,7 @@ class EMCVMAXFCDriver(driver.FibreChannelDriver):
|
|||
data = {'driver_volume_type': 'fibre_channel',
|
||||
'data': {}}
|
||||
loc = volume['provider_location']
|
||||
name = eval(loc)
|
||||
name = ast.literal_eval(loc)
|
||||
storage_system = name['keybindings']['SystemName']
|
||||
LOG.debug("Start FC detach process for volume: %(volume)s.",
|
||||
{'volume': volume['name']})
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
"""
|
||||
Cinder Volume driver for Fujitsu ETERNUS DX S3 series.
|
||||
"""
|
||||
import ast
|
||||
import base64
|
||||
import hashlib
|
||||
import six
|
||||
|
@ -1293,7 +1294,7 @@ class FJDXCommon(object):
|
|||
volumename = self._create_volume_name(volume['id'])
|
||||
|
||||
try:
|
||||
location = eval(volume['provider_location'])
|
||||
location = ast.literal_eval(volume['provider_location'])
|
||||
classname = location['classname']
|
||||
bindings = location['keybindings']
|
||||
|
||||
|
|
Loading…
Reference in New Issue