[Piglit] [PATCH] framework: Don't use eval in PiglitTest.interpret_result()

Dylan Baker baker.dylan.c at gmail.com
Mon Apr 21 16:23:30 PDT 2014


On Monday, April 21, 2014 19:15:24 Ilia Mirkin wrote:
> On Mon, Apr 21, 2014 at 7:04 PM, Dylan Baker 
<baker.dylan.c at gmail.com> wrote:
> > Python's eval() is not recommended for use anywhere at anytime, 
because
> > it allows arbitrary code to be executed. Not using it is minimally
> > invasive and is just a good idea.
> 
> FWIW for an even more minimally invasive strategy might be to make the
> output json-compliant (s/'/"/) and using json.loads instead of eval.
> Although both require changing the format... my concern is that there
> exist tests that manually create these output strings. Did you check
> for that? Perhaps the json module can be coaxed into not being idiotic
> and accepting the single quotes (which, admittedly, are not legal
> JSON, but... come on.) Or you could try replacing the ' with "
> wholesale in the strings. It would mess up someone encoding 'that\'s'
> into "that\"s" but... I can't really bring myself to care about that
> either.
> 

I ran quick.py with and without my patch and the results were identical.

We've (Ken Graunke, Matt Turner, and I) discussed this before and agreed 
that any tests that don't use piglit-util.c for formatting results should be 
considered a bug and should be fixed.

[snip]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/piglit/attachments/20140421/0b9bd6de/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/piglit/attachments/20140421/0b9bd6de/attachment.sig>


More information about the Piglit mailing list