diff options
| author |   Morgan Richomme <morgan.richomme@orange.com> | 2016-09-14 07:18:45 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@172.30.200.206> | 2016-09-14 07:18:46 +0000 |
| commit | 63b063d3901cc0ebf66be40c87a44abe60648558 (patch) | |
| tree | defc7ead1212e21d29df32095ab51998f9348aac /utils/test/result_collection_api/opnfv_testapi/resources/handlers.py | |
| parent | 5facf6e1c57439569284b08ccf03e35cfb6a1672 (diff) | |
| parent | dd9e8643b72497eecdb4c80dc64f161b1562033b (diff) | |
Merge "Fix security issues of eval-s in testapi"
Diffstat (limited to 'utils/test/result_collection_api/opnfv_testapi/resources/handlers.py')
| -rw-r--r-- | utils/test/result_collection_api/opnfv_testapi/resources/handlers.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/utils/test/result_collection_api/opnfv_testapi/resources/handlers.py b/utils/test/result_collection_api/opnfv_testapi/resources/handlers.py index f98c35e8f..5059f5d77 100644 --- a/utils/test/result_collection_api/opnfv_testapi/resources/handlers.py +++ b/utils/test/result_collection_api/opnfv_testapi/resources/handlers.py @@ -23,8 +23,8 @@ import json from datetime import datetime -from tornado.web import RequestHandler, asynchronous, HTTPError from tornado import gen +from tornado.web import RequestHandler, asynchronous, HTTPError from models import CreateResponse from opnfv_testapi.common.constants import DEFAULT_REPRESENTATION, \ @@ -217,7 +217,8 @@ class GenericApiHandler(RequestHandler): return equal, query def _eval_db(self, table, method, *args, **kwargs): - return eval('self.db.%s.%s(*args, **kwargs)' % (table, method)) + exec_collection = self.db.__getattr__(table) + return exec_collection.__getattribute__(method)(*args, **kwargs) def _eval_db_find_one(self, query, table=None): if table is None: |