Replace use of eval with ast.literal_eval
literal_eval supports a limited subset of Python, and is therefore safer than eval. Close-bug: 1414529 Change-Id: Ib6145408360fa57cccc8d77c590a203e5088b193
This commit is contained in:
parent
5a7e273901
commit
9955d1685d
|
@ -12,6 +12,7 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import ast
|
||||
import contextlib
|
||||
|
||||
try:
|
||||
|
@ -291,8 +292,7 @@ class XenAPISession(object):
|
|||
exc.details[2] == 'Failure'):
|
||||
params = None
|
||||
try:
|
||||
# FIXME(comstud): eval is evil.
|
||||
params = eval(exc.details[3])
|
||||
params = ast.literal_eval(exc.details[3])
|
||||
except Exception:
|
||||
raise exc
|
||||
raise self.XenAPI.Failure(params)
|
||||
|
|
Loading…
Reference in New Issue