From 8c4799c63424bf322ddbb2e9589a5caeb1bec3e8 Mon Sep 17 00:00:00 2001
From: mirai <mirai.lucky.dev@gmail.com>
Date: Mon, 27 Nov 2023 05:45:45 +0300
Subject: [PATCH] Removed eval, fixed security vulnerability

---
 cmd_chat/client/client.py   | 3 ++-
 cmd_chat/server/services.py | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/cmd_chat/client/client.py b/cmd_chat/client/client.py
index 8261b58..af8bfe0 100644
--- a/cmd_chat/client/client.py
+++ b/cmd_chat/client/client.py
@@ -1,4 +1,5 @@
 import os 
+import ast 
 import time
 import platform
 import threading
@@ -115,7 +116,7 @@ class Client(RSAService):
         while True:
             try:
                 time.sleep(0.05)
-                response = eval(ws.recv())
+                response = ast.literal_eval(ws.recv().decode('utf-8'))
                 if last_try == response:
                     continue
                 last_try = response
diff --git a/cmd_chat/server/services.py b/cmd_chat/server/services.py
index e4206d5..0b114a8 100644
--- a/cmd_chat/server/services.py
+++ b/cmd_chat/server/services.py
@@ -1,3 +1,4 @@
+import ast
 from sanic import Websocket
 from cmd_chat.server.models import Message
 
@@ -5,7 +6,8 @@ from cmd_chat.server.models import Message
 async def _get_bytes_and_serialize(
     ws: Websocket
 ) -> dict:
-    return eval(await ws.recv())
+    ws_data = await ws.recv()
+    return ast.literal_eval(ws_data.decode('utf-8'))
 
 
 async def _check_ws_for_close_status(