Fix security issues of eval-s in testapi

[releng.git] / utils / test / result_collection_api / opnfv_testapi / dashboard / dashboard_utils.py

diff --git a/utils/test/result_collection_api/opnfv_testapi/dashboard/dashboard_utils.py b/utils/test/result_collection_api/opnfv_testapi/dashboard/dashboard_utils.py
index f331e28..42c6358 100644 (file)
--- a/utils/test/result_collection_api/opnfv_testapi/dashboard/dashboard_utils.py
+++ b/utils/test/result_collection_api/opnfv_testapi/dashboard/dashboard_utils.py
@@ -14,7 +14,6 @@
 #
 # v0.1: basic example
 #
-import os
 import re
 import sys
 from functest2Dashboard import format_functest_for_dashboard, \
@@ -47,24 +46,8 @@ def check_dashboard_ready_project(test_project):
 
 
 def check_dashboard_ready_case(project, case):
-    cmd = "check_" + project + "_case_exist(case)"
-    return eval(cmd)
-
-
-def get_dashboard_cases():
-    # Retrieve all the test cases that could provide
-    # Dashboard ready graphs
-    # look in the releng repo
-    # search all the project2Dashboard.py files
-    # we assume that dashboard processing of project <Project>
-    # is performed in the <Project>2Dashboard.py file
-    modules = []
-    cp = re.compile('dashboard.*2Dashboard')
-    for module in sys.modules:
-        if re.match(cp, module):
-            modules.append(module)
-
-    return modules
+    cmd = "check_" + project + "_case_exist"
+    return globals()[cmd](case)
 
 
 def get_dashboard_projects():
@@ -89,6 +72,5 @@ def get_dashboard_result(project, case, results=None):
     # project: project name
     # results: array of raw results pre-filterded
     # according to the parameters of the request
-    cmd = "format_" + project + "_for_dashboard(case,results)"
-    res = eval(cmd)
-    return res
+    cmd = "format_" + project + "_for_dashboard"
+    return globals()[cmd](case, results)