Changed eval() to ast.literal_eval() for safety

author Aleksey Maksimov <ctpeko3a@gmail.com>

Sat, 23 Nov 2013 09:28:34 +0000 (17:28 +0800)

committer Aleksey Maksimov <ctpeko3a@gmail.com>

Sat, 23 Nov 2013 09:28:34 +0000 (17:28 +0800)
author Aleksey Maksimov <ctpeko3a@gmail.com>
Sat, 23 Nov 2013 09:28:34 +0000 (17:28 +0800)
committer Aleksey Maksimov <ctpeko3a@gmail.com>
Sat, 23 Nov 2013 09:28:34 +0000 (17:28 +0800)
diff --git a/jenkinsapi/jenkinsbase.py b/jenkinsapi/jenkinsbase.py

index 00840c9..bc5624b 100644 (file)
--- a/jenkinsapi/jenkinsbase.py
+++ b/jenkinsapi/jenkinsbase.py
@@ -2,6 +2,7 @@
  Module for JenkinsBase class
  """
  
+import ast
  import logging
  from jenkinsapi import config
  from jenkinsapi.custom_exceptions import JenkinsAPIException
@@ -61,7 +62,7 @@ class JenkinsBase(object):
          requester = self.get_jenkins_obj().requester
          response = requester.get_url(url, params)
          try:
-            return eval(response.text)
+            return ast.literal_eval(response.text)
          except Exception:
              log.exception('Inappropriate content found at %s', url)
              raise JenkinsAPIException('Cannot parse %s' % response.content)
author	Aleksey Maksimov <ctpeko3a@gmail.com>
	Sat, 23 Nov 2013 09:28:34 +0000 (17:28 +0800)
committer	Aleksey Maksimov <ctpeko3a@gmail.com>
	Sat, 23 Nov 2013 09:28:34 +0000 (17:28 +0800)