From 9955d1685d3a5a4357f405b442abaa43f60cd6d0 Mon Sep 17 00:00:00 2001
From: abhilash-goyal <abhilash.goyal@tcs.com>
Date: Tue, 9 Feb 2016 16:25:13 +0530
Subject: [PATCH] Replace use of eval with ast.literal_eval

literal_eval supports a limited subset of Python, and is therefore
safer than eval.

Close-bug: 1414529
Change-Id: Ib6145408360fa57cccc8d77c590a203e5088b193
---
 nova/virt/xenapi/client/session.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nova/virt/xenapi/client/session.py b/nova/virt/xenapi/client/session.py
index b0f16ddd2eab..17609b480b99 100644
--- a/nova/virt/xenapi/client/session.py
+++ b/nova/virt/xenapi/client/session.py
@@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import ast
 import contextlib
 
 try:
@@ -291,8 +292,7 @@ class XenAPISession(object):
                     exc.details[2] == 'Failure'):
                 params = None
                 try:
-                    # FIXME(comstud): eval is evil.
-                    params = eval(exc.details[3])
+                    params = ast.literal_eval(exc.details[3])
                 except Exception:
                     raise exc
                 raise self.XenAPI.Failure(params)