Reduce use of eval()

Calling eval() is less than ideal security practice,
and does not appear to be needed in these instances.
Convert to ast.literal_eval() which is a safer
mechanism for parsing inputs like this.

Change-Id: I102f28cfa2a643f36a4d4174cef09c6f7576a804

diff --git a/cinder/tests/unit/test_ssh_utils.py b/cinder/tests/unit/test_ssh_utils.py
index ecc9595879e670a7ae595d75280e93405a06da7d..552b82d38c98b675142a9ae7e81e230c0bf3a3eb 100644 (file)
--- a/cinder/tests/unit/test_ssh_utils.py
+++ b/cinder/tests/unit/test_ssh_utils.py
@@ -175,7 +175,7 @@ class SSHPoolTestCase(test.TestCase):
     @mock.patch('six.moves.builtins.open')
     @mock.patch('paramiko.SSHClient')
     def test_closed_reopened_ssh_connections(self, mock_sshclient, mock_open):
-        mock_sshclient.return_value = eval('FakeSSHClient')()
+        mock_sshclient.return_value = FakeSSHClient()
         sshpool = ssh_utils.SSHPool("127.0.0.1", 22, 10,
                                     "test",
                                     password="test",

diff --git a/cinder/volume/drivers/emc/emc_vmax_common.py b/cinder/volume/drivers/emc/emc_vmax_common.py
index 08950224608ef7a3e53e242d8b3aca1dd00140d4..e6501f8ad54d4d97a017ec038429dff795306c96 100644 (file)
--- a/cinder/volume/drivers/emc/emc_vmax_common.py
+++ b/cinder/volume/drivers/emc/emc_vmax_common.py
@@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import ast
 import inspect
 import os.path
 
@@ -1325,7 +1326,7 @@ class EMCVMAXCommon(object):
             self.conn = self._get_ecom_connection()
 
         if isinstance(loc, six.string_types):
-            name = eval(loc)
+            name = ast.literal_eval(loc)
             keys = name['keybindings']
             systemName = keys['SystemName']
 
@@ -3948,7 +3949,7 @@ class EMCVMAXCommon(object):
         version = None
         try:
             if isinstance(loc, six.string_types):
-                name = eval(loc)
+                name = ast.literal_eval(loc)
                 version = name['version']
         except KeyError:
             pass

diff --git a/cinder/volume/drivers/emc/emc_vmax_fc.py b/cinder/volume/drivers/emc/emc_vmax_fc.py
index cf33cc6fbe630524ffa82edc596e9936749a0161..6df21ebce19230d1260f4f04b9dc4019a009c72b 100644 (file)
--- a/cinder/volume/drivers/emc/emc_vmax_fc.py
+++ b/cinder/volume/drivers/emc/emc_vmax_fc.py
@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import ast
+
 from oslo_log import log as logging
 import six
 
@@ -201,7 +203,7 @@ class EMCVMAXFCDriver(driver.FibreChannelDriver):
         data = {'driver_volume_type': 'fibre_channel',
                 'data': {}}
         loc = volume['provider_location']
-        name = eval(loc)
+        name = ast.literal_eval(loc)
         storage_system = name['keybindings']['SystemName']
         LOG.debug("Start FC detach process for volume: %(volume)s.",
                   {'volume': volume['name']})

diff --git a/cinder/volume/drivers/fujitsu/eternus_dx_common.py b/cinder/volume/drivers/fujitsu/eternus_dx_common.py
index 5a4d25f9d4be09c90be7f20f2665ecc51afe6a9d..561c44a146beb1748557197e93479ce193a8c78c 100644 (file)
--- a/cinder/volume/drivers/fujitsu/eternus_dx_common.py
+++ b/cinder/volume/drivers/fujitsu/eternus_dx_common.py
@@ -19,6 +19,7 @@
 """
 Cinder Volume driver for Fujitsu ETERNUS DX S3 series.
 """
+import ast
 import base64
 import hashlib
 import six
@@ -1293,7 +1294,7 @@ class FJDXCommon(object):
         volumename = self._create_volume_name(volume['id'])
 
         try:
-            location = eval(volume['provider_location'])
+            location = ast.literal_eval(volume['provider_location'])
             classname = location['classname']
             bindings = location['keybindings']