From a496c575e6d313d32ab498a10bcb4e16f246d1c3 Mon Sep 17 00:00:00 2001 From: Lukas Euler Date: Tue, 15 Sep 2020 15:25:40 +0200 Subject: [PATCH] Using json.loads instead of eval for JSON parsing. Fixed error messages. --- blazar_dashboard/api/client.py | 3 ++- blazar_dashboard/content/hosts/forms.py | 7 ++++--- blazar_dashboard/content/hosts/workflows.py | 7 ++++--- blazar_dashboard/content/leases/forms.py | 7 ++++--- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/blazar_dashboard/api/client.py b/blazar_dashboard/api/client.py index efe07cd..270532c 100644 --- a/blazar_dashboard/api/client.py +++ b/blazar_dashboard/api/client.py @@ -11,6 +11,7 @@ # under the License. import logging +import json from horizon import exceptions from horizon.utils.memoized import memoized @@ -46,7 +47,7 @@ class Host(base.APIDictWrapper): cpu_info_dict = getattr(self, 'cpu_info', '{}') if not cpu_info_dict: cpu_info_dict = '{}' - return eval(cpu_info_dict) + return json.loads(cpu_info_dict) def extra_capabilities(self): excaps = {} diff --git a/blazar_dashboard/content/hosts/forms.py b/blazar_dashboard/content/hosts/forms.py index 3082479..060a219 100644 --- a/blazar_dashboard/content/hosts/forms.py +++ b/blazar_dashboard/content/hosts/forms.py @@ -11,6 +11,7 @@ # under the License. import logging +import json from django.utils.translation import ugettext_lazy as _ from horizon import exceptions @@ -54,11 +55,11 @@ class UpdateForm(forms.SelfHandlingForm): values = cleaned_data.get('values') try: - values = eval(values) + values = json.loads(values) cleaned_data['values'] = values - except (SyntaxError, NameError): + except json.JSONDecodeError: raise forms.ValidationError( - _('Values must written in JSON') + _('Values must be written in JSON') ) return cleaned_data diff --git a/blazar_dashboard/content/hosts/workflows.py b/blazar_dashboard/content/hosts/workflows.py index 1e5fd04..8c6bc21 100644 --- a/blazar_dashboard/content/hosts/workflows.py +++ b/blazar_dashboard/content/hosts/workflows.py @@ -11,6 +11,7 @@ # under the License. import logging +import json from django.utils.translation import ugettext_lazy as _ from horizon import exceptions @@ -79,11 +80,11 @@ class AddExtraCapsAction(workflows.Action): if extra_caps: try: - extra_caps = eval(extra_caps) + extra_caps = json.loads(extra_caps) cleaned_data['extra_caps'] = extra_caps - except (SyntaxError, NameError): + except json.JSONDecodeError: raise forms.ValidationError( - _('Extra capabilities must written in JSON') + _('Extra capabilities must be written in JSON') ) return cleaned_data diff --git a/blazar_dashboard/content/leases/forms.py b/blazar_dashboard/content/leases/forms.py index 1cd4f6e..f884615 100644 --- a/blazar_dashboard/content/leases/forms.py +++ b/blazar_dashboard/content/leases/forms.py @@ -16,6 +16,7 @@ import datetime import logging import re +import json from django.utils.translation import ugettext_lazy as _ from horizon import exceptions @@ -339,11 +340,11 @@ class UpdateForm(forms.SelfHandlingForm): if reservations: try: - reservations = eval(reservations) + reservations = json.loads(reservations) cleaned_data['reservations'] = reservations - except (SyntaxError, NameError): + except json.JSONDecodeError: raise forms.ValidationError( - _('Reservation values must written in JSON') + _('Reservation values must be written in JSON') ) if not (lease_name or start_time or end_time or reservations): -- 2.17.1