diff options
| author |   SerenaFeng <feng.xiaowei@zte.com.cn> | 2016-09-09 16:50:48 +0800 |
|---|---|---|
| committer | SerenaFeng <feng.xiaowei@zte.com.cn> | 2016-09-14 10:53:33 +0800 |
| commit | dd9e8643b72497eecdb4c80dc64f161b1562033b (patch) | |
| tree | 29f8cd29a44ccac033bad571544df7aa3c487618 /utils/test/result_collection_api/update | |
| parent | 21f8156390bfaba48f8427f5cda8515becf675b3 (diff) | |
Fix security issues of eval-s in testapi
results from security audit show risks and recommendations to fix them
JIRA: RELENG-144
Change-Id: If128cc3ae230150a912b581dfb1ded543d851eb5
Signed-off-by: SerenaFeng <feng.xiaowei@zte.com.cn>
Diffstat (limited to 'utils/test/result_collection_api/update')
| -rw-r--r-- | utils/test/result_collection_api/update/templates/changes_in_mongodb.py | 3 | ||||
| -rw-r--r-- | utils/test/result_collection_api/update/templates/update_mongodb.py | 9 |
2 files changed, 8 insertions, 4 deletions
diff --git a/utils/test/result_collection_api/update/templates/changes_in_mongodb.py b/utils/test/result_collection_api/update/templates/changes_in_mongodb.py index 9744dd9fe..1a4d5a16f 100644 --- a/utils/test/result_collection_api/update/templates/changes_in_mongodb.py +++ b/utils/test/result_collection_api/update/templates/changes_in_mongodb.py @@ -45,6 +45,7 @@ docs_old2New = { # ({'case_name': 'ovno'}, {'case_name': 'ocl'}) # ] 'results': [ - ({'trust_indicator': 0}, {'trust_indicator': {'current': 0, 'histories': []}}) + ({'trust_indicator': 0}, + {'trust_indicator': {'current': 0, 'histories': []}}) ] } diff --git a/utils/test/result_collection_api/update/templates/update_mongodb.py b/utils/test/result_collection_api/update/templates/update_mongodb.py index b1e378dd7..ba4334aa3 100644 --- a/utils/test/result_collection_api/update/templates/update_mongodb.py +++ b/utils/test/result_collection_api/update/templates/update_mongodb.py @@ -10,7 +10,8 @@ import argparse from pymongo import MongoClient -from changes_in_mongodb import collections_old2New, fields_old2New, docs_old2New +from changes_in_mongodb import collections_old2New, \ + fields_old2New, docs_old2New from utils import main, parse_mongodb_url parser = argparse.ArgumentParser(description='Update MongoDBs') @@ -54,11 +55,13 @@ def change_docs(a_dict): def eval_db(method, *args, **kwargs): - return eval('db.%s(*args, **kwargs)' % method) + exec_db = db.__getattribute__(method) + return exec_db(*args, **kwargs) def eval_collection(collection, method, *args, **kwargs): - return eval('db.%s.%s(*args, **kwargs)' % (collection, method)) + exec_collection = db.__getattr__(collection) + return exec_collection.__getattribute__(method)(*args, **kwargs) def collection_update(a_dict, operator): |