Project

General

Profile

Actions
Copy link

action #64412

open

Get rid of eval in OpenQA::WebAPI::Plugin::HashedParams

Added by tinita about 4 years ago. Updated about 4 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Feature requests
Target version:
QA - future
Start date:
2020-03-11
Due date:
% Done:

0%

Estimated time:

Description

Problem

This plugin is a helper to receive nested data structures, as it can turn query parameters like

"settings[FOO][BAR]=baz"

into a data structure.

It is used only in the OpenQA::WebAPI::Controller::API::V1::Table.

The code removes unsafe characters and creates perl code which is then loaded with eval.

Suggestion

  1. The code could probably be replaced without eval, so we wouldn't need to clean the input.
  2. The Table API endpoints could also be changed to accept JSON instead, and we could get rid of the whole module.
Actions
Copy link
 #1

Updated by tinita about 4 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by okurz about 4 years ago

  • Priority changed from Normal to Low
Actions
Copy link

Also available in: Atom PDF