Replace use of eval with ast.literal_eval

literal_eval supports a limited subset of Python, and is therefore safer than eval. Close-bug: 1414529 Change-Id: Ib6145408360fa57cccc8d77c590a203e5088b193
2016-02-09 16:25:13 +05:30 · 2016-02-09 16:25:13 +05:30 · 9955d1685d
parent 5a7e273901
commit 9955d1685d
1 changed files with 2 additions and 2 deletions
--- a/nova/virt/xenapi/client/session.py
+++ b/nova/virt/xenapi/client/session.py
@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

+import ast
 import contextlib

 try:
@ -291,8 +292,7 @@ class XenAPISession(object):
                    exc.details[2] == 'Failure'):
                params = None
                try:
-                    # FIXME(comstud): eval is evil.
-                    params = eval(exc.details[3])
+                    params = ast.literal_eval(exc.details[3])
                except Exception:
                    raise exc
                raise self.XenAPI.Failure(params)