matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace eval (#12103)

Browse Source 
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`eval()` - not secure against maliciously constructed input, can be dangerous if used to evaluate dynamic content. This may be a code injection vulnerability.
#### How I did it
`eval()` - use `literal_eval()`
This commit is contained in:
Mai Bui 2022-10-11 10:17:09 -04:00 committed by GitHub
parent cb707b7969
commit f1826586b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
device/common/pddf/plugins/fanutil.py
View File

@ -11,6 +11,7 @@
import os.path import os.path
import sys import sys
import ast
sys.path.append('/usr/share/sonic/platform/plugins') sys.path.append('/usr/share/sonic/platform/plugins')
import pddfparse import pddfparse
import json import json
@ -170,7 +171,7 @@ class FanUtil(FanBase):
print("Setting fan speed is not allowed !") print("Setting fan speed is not allowed !")
return False return False
else: else:
duty_cycle_to_pwm = eval(plugin_data['FAN']['duty_cycle_to_pwm']) duty_cycle_to_pwm = ast.literal_eval(plugin_data['FAN']['duty_cycle_to_pwm'])
pwm = duty_cycle_to_pwm(val) pwm = duty_cycle_to_pwm(val)
print("New Speed: %d%% - PWM value to be set is %d\n" % (val, pwm)) print("New Speed: %d%% - PWM value to be set is %d\n" % (val, pwm))