From f1826586b01ffada91e99d93d4c2d28c148d8239 Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Tue, 11 Oct 2022 10:17:09 -0400
Subject: [PATCH] Replace eval (#12103)

Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`eval()` - not secure against maliciously constructed input, can be dangerous if used to evaluate dynamic content. This may be a code injection vulnerability.
#### How I did it
`eval()` - use `literal_eval()`
---
 device/common/pddf/plugins/fanutil.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/device/common/pddf/plugins/fanutil.py b/device/common/pddf/plugins/fanutil.py
index f34c260035..c2944e7b5b 100755
--- a/device/common/pddf/plugins/fanutil.py
+++ b/device/common/pddf/plugins/fanutil.py
@@ -11,6 +11,7 @@
 
 import os.path
 import sys
+import ast
 sys.path.append('/usr/share/sonic/platform/plugins')
 import pddfparse
 import json
@@ -170,7 +171,7 @@ class FanUtil(FanBase):
             print("Setting fan speed is not allowed !")
             return False
         else:
-            duty_cycle_to_pwm = eval(plugin_data['FAN']['duty_cycle_to_pwm'])
+            duty_cycle_to_pwm = ast.literal_eval(plugin_data['FAN']['duty_cycle_to_pwm'])
             pwm = duty_cycle_to_pwm(val)
             print("New Speed: %d%% - PWM value to be set is %d\n" % (val, pwm))