Trilltechnician/hack-house
1
2
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Removed eval, fixed security vulnerability

Browse Source
This commit is contained in:
mirai 2023-11-27 05:45:45 +03:00
parent 5506b2d8a6
commit 8c4799c634
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd_chat/client/client.py
View File

@ -1,4 +1,5 @@
import os import os
import ast
import time import time
import platform import platform
import threading import threading
@ -115,7 +116,7 @@ class Client(RSAService):
while True: while True:
try: try:
time.sleep(0.05) time.sleep(0.05)
response = eval(ws.recv()) response = ast.literal_eval(ws.recv().decode('utf-8'))
if last_try == response: if last_try == response:
continue continue
last_try = response last_try = response

4
cmd_chat/server/services.py
View File

@ -1,3 +1,4 @@
import ast
from sanic import Websocket from sanic import Websocket
from cmd_chat.server.models import Message from cmd_chat.server.models import Message
@ -5,7 +6,8 @@ from cmd_chat.server.models import Message
async def _get_bytes_and_serialize( async def _get_bytes_and_serialize(
ws: Websocket ws: Websocket
) -> dict: ) -> dict:
return eval(await ws.recv()) ws_data = await ws.recv()
return ast.literal_eval(ws_data.decode('utf-8'))
async def _check_ws_for_close_status( async def _check_ws_for_close_status(