Code Review
/
releng.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Fix security issues of eval-s in testapi
[releng.git]
/
utils
/
test
/
result_collection_api
/
update
/
templates
/
update_mongodb.py
diff --git
a/utils/test/result_collection_api/update/templates/update_mongodb.py
b/utils/test/result_collection_api/update/templates/update_mongodb.py
index
b1e378d
..
ba4334a
100644
(file)
--- a/
utils/test/result_collection_api/update/templates/update_mongodb.py
+++ b/
utils/test/result_collection_api/update/templates/update_mongodb.py
@@
-10,7
+10,8
@@
import argparse
from pymongo import MongoClient
from pymongo import MongoClient
-from changes_in_mongodb import collections_old2New, fields_old2New, docs_old2New
+from changes_in_mongodb import collections_old2New, \
+ fields_old2New, docs_old2New
from utils import main, parse_mongodb_url
parser = argparse.ArgumentParser(description='Update MongoDBs')
from utils import main, parse_mongodb_url
parser = argparse.ArgumentParser(description='Update MongoDBs')
@@
-54,11
+55,13
@@
def change_docs(a_dict):
def eval_db(method, *args, **kwargs):
def eval_db(method, *args, **kwargs):
- return eval('db.%s(*args, **kwargs)' % method)
+ exec_db = db.__getattribute__(method)
+ return exec_db(*args, **kwargs)
def eval_collection(collection, method, *args, **kwargs):
def eval_collection(collection, method, *args, **kwargs):
- return eval('db.%s.%s(*args, **kwargs)' % (collection, method))
+ exec_collection = db.__getattr__(collection)
+ return exec_collection.__getattribute__(method)(*args, **kwargs)
def collection_update(a_dict, operator):
def collection_update(a_dict, operator):