diff options
| author |   SerenaFeng <feng.xiaowei@zte.com.cn> | 2016-09-09 16:50:48 +0800 |
|---|---|---|
| committer | SerenaFeng <feng.xiaowei@zte.com.cn> | 2016-09-14 10:53:33 +0800 |
| commit | 6e52f48dbad2d39ebe124e6926e78fd0bca29adb (patch) | |
| tree | bd39217f7d4eccef1eb5acdbdd8f2325665e7a86 /result_collection_api/opnfv_testapi/dashboard | |
| parent | 4f3f6bd997e5bdc528da6c36da59e0d2d464ef83 (diff) | |
Fix security issues of eval-s in testapi
results from security audit show risks and recommendations to fix them
JIRA: RELENG-144
Change-Id: If128cc3ae230150a912b581dfb1ded543d851eb5
Signed-off-by: SerenaFeng <feng.xiaowei@zte.com.cn>
Diffstat (limited to 'result_collection_api/opnfv_testapi/dashboard')
6 files changed, 14 insertions, 20 deletions
diff --git a/result_collection_api/opnfv_testapi/dashboard/bottlenecks2Dashboard.py b/result_collection_api/opnfv_testapi/dashboard/bottlenecks2Dashboard.py index 2e106be..f5e3d9a 100755 --- a/result_collection_api/opnfv_testapi/dashboard/bottlenecks2Dashboard.py +++ b/result_collection_api/opnfv_testapi/dashboard/bottlenecks2Dashboard.py @@ -48,8 +48,8 @@ def format_bottlenecks_for_dashboard(case, results): then build the call to the specific method """ if check_bottlenecks_case_exist(case): - cmd = "format_" + case + "_for_dashboard(results)" - res = eval(cmd) + cmd = "format_" + case + "_for_dashboard" + res = globals()[cmd](results) else: res = [] print "Test cases not declared" diff --git a/result_collection_api/opnfv_testapi/dashboard/dashboard_utils.py b/result_collection_api/opnfv_testapi/dashboard/dashboard_utils.py index 121875d..42c6358 100644 --- a/result_collection_api/opnfv_testapi/dashboard/dashboard_utils.py +++ b/result_collection_api/opnfv_testapi/dashboard/dashboard_utils.py @@ -14,7 +14,6 @@ # # v0.1: basic example # -import os import re import sys from functest2Dashboard import format_functest_for_dashboard, \ @@ -47,8 +46,8 @@ def check_dashboard_ready_project(test_project): def check_dashboard_ready_case(project, case): - cmd = "check_" + project + "_case_exist(case)" - return eval(cmd) + cmd = "check_" + project + "_case_exist" + return globals()[cmd](case) def get_dashboard_projects(): @@ -73,6 +72,5 @@ def get_dashboard_result(project, case, results=None): # project: project name # results: array of raw results pre-filterded # according to the parameters of the request - cmd = "format_" + project + "_for_dashboard(case,results)" - res = eval(cmd) - return res + cmd = "format_" + project + "_for_dashboard" + return globals()[cmd](case, results) diff --git a/result_collection_api/opnfv_testapi/dashboard/doctor2Dashboard.py b/result_collection_api/opnfv_testapi/dashboard/doctor2Dashboard.py index 38b23ab..5b1f190 100644 --- a/result_collection_api/opnfv_testapi/dashboard/doctor2Dashboard.py +++ b/result_collection_api/opnfv_testapi/dashboard/doctor2Dashboard.py @@ -36,8 +36,8 @@ def format_doctor_for_dashboard(case, results): # note we add _case because testcase and project had the same name # TODO refactoring...looks fine at the beginning wit only 1 project # not very ugly now and clearly not optimized... - cmd = "format_" + case.replace('-','_') + "_case_for_dashboard(results)" - res = eval(cmd) + cmd = "format_" + case.replace('-','_') + "_case_for_dashboard" + res = globals()[cmd](results) else: res = [] return res diff --git a/result_collection_api/opnfv_testapi/dashboard/functest2Dashboard.py b/result_collection_api/opnfv_testapi/dashboard/functest2Dashboard.py index 86521b9..01697f7 100644 --- a/result_collection_api/opnfv_testapi/dashboard/functest2Dashboard.py +++ b/result_collection_api/opnfv_testapi/dashboard/functest2Dashboard.py @@ -34,8 +34,8 @@ def format_functest_for_dashboard(case, results): then build the call to the specific method """ if check_functest_case_exist(case): - cmd = "format_" + case + "_for_dashboard(results)" - res = eval(cmd) + cmd = "format_" + case + "_for_dashboard" + res = globals()[cmd](results) else: res = [] print "Test cases not declared" diff --git a/result_collection_api/opnfv_testapi/dashboard/promise2Dashboard.py b/result_collection_api/opnfv_testapi/dashboard/promise2Dashboard.py index 84f43a7..c96341f 100644 --- a/result_collection_api/opnfv_testapi/dashboard/promise2Dashboard.py +++ b/result_collection_api/opnfv_testapi/dashboard/promise2Dashboard.py @@ -14,9 +14,6 @@ # a new method format_<Test_case>_for_dashboard(results) # v0.1: basic example with methods for odl, Tempest, Rally and vPing # -import re -import datetime - def get_promise_cases(): """ @@ -36,8 +33,8 @@ def format_promise_for_dashboard(case, results): # note we add _case because testcase and project had the same name # TODO refactoring...looks fine at the beginning wit only 1 project # not very ugly now and clearly not optimized... - cmd = "format_" + case + "_case_for_dashboard(results)" - res = eval(cmd) + cmd = "format_" + case + "_case_for_dashboard" + res = globals()[cmd](results) else: res = [] print "Test cases not declared" diff --git a/result_collection_api/opnfv_testapi/dashboard/yardstick2Dashboard.py b/result_collection_api/opnfv_testapi/dashboard/yardstick2Dashboard.py index 4f022d5..4df4b50 100644 --- a/result_collection_api/opnfv_testapi/dashboard/yardstick2Dashboard.py +++ b/result_collection_api/opnfv_testapi/dashboard/yardstick2Dashboard.py @@ -16,7 +16,6 @@ # Fio, Lmbench, Perf, Cyclictest. # - def get_yardstick_cases(): """ get the list of the supported test cases @@ -33,8 +32,8 @@ def format_yardstick_for_dashboard(case, results): then build the call to the specific method """ if check_yardstick_case_exist(case): - cmd = "format_" + case + "_for_dashboard(results)" - res = eval(cmd) + cmd = "format_" + case + "_for_dashboard" + res = globals()[cmd](results) else: res = [] print "Test cases not declared" |