OpenStack Compute (nova)

Use safer ast.literal_eval instead of eval

Bug #1731850 reported by Spencer Yu on 2017-11-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Invalid	Undecided	Unassigned

Bug Description

Due to https://docs.openstack.org/bandit/latest/blacklists/blacklist_calls.html#b307-eval, we shoud use safer ast.literal_eval instead of eval.

Spencer Yu (yushb) on 2017-11-13

Changed in nova:
assignee:	nobody → Spencer Yu (yushb)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-13: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/519268

Changed in nova:
status:	New → In Progress

Revision history for this message

Matt Riedemann (mriedem) wrote on 2019-05-30:

The patch was just on test code, which bandit shouldn't be scanning.

Changed in nova:
status:	In Progress → Invalid
assignee:	Spencer Yu (yushb) → nobody

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-30: Change abandoned on nova (master)

Change abandoned by Matt Riedemann (<email address hidden>) on branch: master
Review: https://review.opendev.org/519268
Reason: We shouldn't care about bandit scans on test code, it should be skipped:

https://github.com/openstack/nova/blob/7cdec00676e86786fdb3eedcaf0a69a052085ec2/tox.ini#L221

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.