usertools: replace unsafe input function
Checks
Commit Message
LGTM static code analysis tool reports that the function 'input' is
unsafe. Changed to use raw_input which then converts it using
ast.literal_eval() which is safe.
Fixes: d1b94da4a4e0 ("usertools: add client script for telemetry")
Cc: ciara.power@intel.com
Signed-off-by: Andrius Sirvys <andrius.sirvys@intel.com>
---
usertools/dpdk-telemetry-client.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On 20/03/2019 16:43, Andrius Sirvys wrote:
> LGTM static code analysis tool reports that the function 'input' is
> unsafe. Changed to use raw_input which then converts it using
> ast.literal_eval() which is safe.
>
> Fixes: d1b94da4a4e0 ("usertools: add client script for telemetry")
> Cc: ciara.power@intel.com
>
> Signed-off-by: Andrius Sirvys <andrius.sirvys@intel.com>
> ---
Looks good to me. Thanks!
Acked-by: Kevin Laatz <kevin.laatz@intel.com>
On 20-Mar-19 4:43 PM, Andrius Sirvys wrote:
> LGTM static code analysis tool reports that the function 'input' is
> unsafe. Changed to use raw_input which then converts it using
> ast.literal_eval() which is safe.
>
> Fixes: d1b94da4a4e0 ("usertools: add client script for telemetry")
> Cc: ciara.power@intel.com
>
> Signed-off-by: Andrius Sirvys <andrius.sirvys@intel.com>
> ---
> usertools/dpdk-telemetry-client.py | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/usertools/dpdk-telemetry-client.py b/usertools/dpdk-telemetry-client.py
> index ce0c7a9..c3ba77d 100755
> --- a/usertools/dpdk-telemetry-client.py
> +++ b/usertools/dpdk-telemetry-client.py
> @@ -72,7 +72,7 @@ def requestMetrics(self): # Requests metrics for given client
>
> def repeatedlyRequestMetrics(self, sleep_time): # Recursively requests metrics for given client
> print("\nPlease enter the number of times you'd like to continuously request Metrics:")
> - n_requests = int(input("\n:"))
> + n_requests = int(ast.literal_eval(raw_input("\n:")))
> print("\033[F") #Removes the user input from screen, cleans it up
> print("\033[K")
> for i in range(n_requests):
> @@ -87,7 +87,7 @@ def interactiveMenu(self, sleep_time): # Creates Interactive menu within the scr
> print("[3] Unregister client")
>
> try:
> - self.choice = int(input("\n:"))
> + self.choice = int(ast.literal_eval(raw_input("\n:")))
> print("\033[F") #Removes the user input for screen, cleans it up
> print("\033[K")
> if self.choice == 1:
>
raw_input doesn't exist in Python 3.
Perhaps you should do this at the top of the script:
try:
raw_input # Python 2
except NameError:
raw_input = input # Python 3
That way, all calls to raw_input will call the intended function.
On Wed, Apr 03, 2019 at 11:44:40AM +0100, Burakov, Anatoly wrote:
> On 20-Mar-19 4:43 PM, Andrius Sirvys wrote:
> > LGTM static code analysis tool reports that the function 'input' is
> > unsafe. Changed to use raw_input which then converts it using
> > ast.literal_eval() which is safe.
> >
> > Fixes: d1b94da4a4e0 ("usertools: add client script for telemetry")
> > Cc: ciara.power@intel.com
> >
> > Signed-off-by: Andrius Sirvys <andrius.sirvys@intel.com>
> > ---
> > usertools/dpdk-telemetry-client.py | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/usertools/dpdk-telemetry-client.py b/usertools/dpdk-telemetry-client.py
> > index ce0c7a9..c3ba77d 100755
> > --- a/usertools/dpdk-telemetry-client.py
> > +++ b/usertools/dpdk-telemetry-client.py
> > @@ -72,7 +72,7 @@ def requestMetrics(self): # Requests metrics for given client
> > def repeatedlyRequestMetrics(self, sleep_time): # Recursively requests metrics for given client
> > print("\nPlease enter the number of times you'd like to continuously request Metrics:")
> > - n_requests = int(input("\n:"))
> > + n_requests = int(ast.literal_eval(raw_input("\n:")))
> > print("\033[F") #Removes the user input from screen, cleans it up
> > print("\033[K")
> > for i in range(n_requests):
> > @@ -87,7 +87,7 @@ def interactiveMenu(self, sleep_time): # Creates Interactive menu within the scr
> > print("[3] Unregister client")
> > try:
> > - self.choice = int(input("\n:"))
> > + self.choice = int(ast.literal_eval(raw_input("\n:")))
> > print("\033[F") #Removes the user input for screen, cleans it up
> > print("\033[K")
> > if self.choice == 1:
> >
>
> raw_input doesn't exist in Python 3.
>
> Perhaps you should do this at the top of the script:
>
> try:
> raw_input # Python 2
> except NameError:
> raw_input = input # Python 3
>
> That way, all calls to raw_input will call the intended function.
>
The suggested way in the python docs is a little different:
https://python-future.org/compatible_idioms.html#raw_input()
On 03-Apr-19 2:30 PM, Bruce Richardson wrote:
> On Wed, Apr 03, 2019 at 11:44:40AM +0100, Burakov, Anatoly wrote:
>> On 20-Mar-19 4:43 PM, Andrius Sirvys wrote:
>>> LGTM static code analysis tool reports that the function 'input' is
>>> unsafe. Changed to use raw_input which then converts it using
>>> ast.literal_eval() which is safe.
>>>
>>> Fixes: d1b94da4a4e0 ("usertools: add client script for telemetry")
>>> Cc: ciara.power@intel.com
>>>
>>> Signed-off-by: Andrius Sirvys <andrius.sirvys@intel.com>
>>> ---
>>> usertools/dpdk-telemetry-client.py | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/usertools/dpdk-telemetry-client.py b/usertools/dpdk-telemetry-client.py
>>> index ce0c7a9..c3ba77d 100755
>>> --- a/usertools/dpdk-telemetry-client.py
>>> +++ b/usertools/dpdk-telemetry-client.py
>>> @@ -72,7 +72,7 @@ def requestMetrics(self): # Requests metrics for given client
>>> def repeatedlyRequestMetrics(self, sleep_time): # Recursively requests metrics for given client
>>> print("\nPlease enter the number of times you'd like to continuously request Metrics:")
>>> - n_requests = int(input("\n:"))
>>> + n_requests = int(ast.literal_eval(raw_input("\n:")))
>>> print("\033[F") #Removes the user input from screen, cleans it up
>>> print("\033[K")
>>> for i in range(n_requests):
>>> @@ -87,7 +87,7 @@ def interactiveMenu(self, sleep_time): # Creates Interactive menu within the scr
>>> print("[3] Unregister client")
>>> try:
>>> - self.choice = int(input("\n:"))
>>> + self.choice = int(ast.literal_eval(raw_input("\n:")))
>>> print("\033[F") #Removes the user input for screen, cleans it up
>>> print("\033[K")
>>> if self.choice == 1:
>>>
>>
>> raw_input doesn't exist in Python 3.
>>
>> Perhaps you should do this at the top of the script:
>>
>> try:
>> raw_input # Python 2
>> except NameError:
>> raw_input = input # Python 3
>>
>> That way, all calls to raw_input will call the intended function.
>>
>
> The suggested way in the python docs is a little different:
>
> https://python-future.org/compatible_idioms.html#raw_input()
>
Or that :)
On 03-Apr-19 3:29 PM, Burakov, Anatoly wrote:
> On 03-Apr-19 2:30 PM, Bruce Richardson wrote:
>> On Wed, Apr 03, 2019 at 11:44:40AM +0100, Burakov, Anatoly wrote:
>>> On 20-Mar-19 4:43 PM, Andrius Sirvys wrote:
>>>> LGTM static code analysis tool reports that the function 'input' is
>>>> unsafe. Changed to use raw_input which then converts it using
>>>> ast.literal_eval() which is safe.
>>>>
>>>> Fixes: d1b94da4a4e0 ("usertools: add client script for telemetry")
>>>> Cc: ciara.power@intel.com
>>>>
>>>> Signed-off-by: Andrius Sirvys <andrius.sirvys@intel.com>
>>>> ---
>>>> usertools/dpdk-telemetry-client.py | 4 ++--
>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/usertools/dpdk-telemetry-client.py
>>>> b/usertools/dpdk-telemetry-client.py
>>>> index ce0c7a9..c3ba77d 100755
>>>> --- a/usertools/dpdk-telemetry-client.py
>>>> +++ b/usertools/dpdk-telemetry-client.py
>>>> @@ -72,7 +72,7 @@ def requestMetrics(self): # Requests metrics for
>>>> given client
>>>> def repeatedlyRequestMetrics(self, sleep_time): # Recursively
>>>> requests metrics for given client
>>>> print("\nPlease enter the number of times you'd like to
>>>> continuously request Metrics:")
>>>> - n_requests = int(input("\n:"))
>>>> + n_requests = int(ast.literal_eval(raw_input("\n:")))
>>>> print("\033[F") #Removes the user input from screen,
>>>> cleans it up
>>>> print("\033[K")
>>>> for i in range(n_requests):
>>>> @@ -87,7 +87,7 @@ def interactiveMenu(self, sleep_time): # Creates
>>>> Interactive menu within the scr
>>>> print("[3] Unregister client")
>>>> try:
>>>> - self.choice = int(input("\n:"))
>>>> + self.choice = int(ast.literal_eval(raw_input("\n:")))
>>>> print("\033[F") #Removes the user input for
>>>> screen, cleans it up
>>>> print("\033[K")
>>>> if self.choice == 1:
>>>>
>>>
>>> raw_input doesn't exist in Python 3.
>>>
>>> Perhaps you should do this at the top of the script:
>>>
>>> try:
>>> raw_input # Python 2
>>> except NameError:
>>> raw_input = input # Python 3
>>>
>>> That way, all calls to raw_input will call the intended function.
>>>
>>
>> The suggested way in the python docs is a little different:
>>
>> https://python-future.org/compatible_idioms.html#raw_input()
>>
>
> Or that :)
>
Actually, this requires a dependency. "future" appears to be
preinstalled on most distributions, but "builtins" isn't. In fact, i
can't even find it in pip.
On 03-Apr-19 3:48 PM, Burakov, Anatoly wrote:
> On 03-Apr-19 3:29 PM, Burakov, Anatoly wrote:
>> On 03-Apr-19 2:30 PM, Bruce Richardson wrote:
>>> On Wed, Apr 03, 2019 at 11:44:40AM +0100, Burakov, Anatoly wrote:
>>>> On 20-Mar-19 4:43 PM, Andrius Sirvys wrote:
>>>>> LGTM static code analysis tool reports that the function 'input' is
>>>>> unsafe. Changed to use raw_input which then converts it using
>>>>> ast.literal_eval() which is safe.
>>>>>
>>>>> Fixes: d1b94da4a4e0 ("usertools: add client script for telemetry")
>>>>> Cc: ciara.power@intel.com
>>>>>
>>>>> Signed-off-by: Andrius Sirvys <andrius.sirvys@intel.com>
>>>>> ---
>>>>> usertools/dpdk-telemetry-client.py | 4 ++--
>>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>>>
>>>>> diff --git a/usertools/dpdk-telemetry-client.py
>>>>> b/usertools/dpdk-telemetry-client.py
>>>>> index ce0c7a9..c3ba77d 100755
>>>>> --- a/usertools/dpdk-telemetry-client.py
>>>>> +++ b/usertools/dpdk-telemetry-client.py
>>>>> @@ -72,7 +72,7 @@ def requestMetrics(self): # Requests metrics for
>>>>> given client
>>>>> def repeatedlyRequestMetrics(self, sleep_time): #
>>>>> Recursively requests metrics for given client
>>>>> print("\nPlease enter the number of times you'd like to
>>>>> continuously request Metrics:")
>>>>> - n_requests = int(input("\n:"))
>>>>> + n_requests = int(ast.literal_eval(raw_input("\n:")))
>>>>> print("\033[F") #Removes the user input from screen,
>>>>> cleans it up
>>>>> print("\033[K")
>>>>> for i in range(n_requests):
>>>>> @@ -87,7 +87,7 @@ def interactiveMenu(self, sleep_time): # Creates
>>>>> Interactive menu within the scr
>>>>> print("[3] Unregister client")
>>>>> try:
>>>>> - self.choice = int(input("\n:"))
>>>>> + self.choice = int(ast.literal_eval(raw_input("\n:")))
>>>>> print("\033[F") #Removes the user input for
>>>>> screen, cleans it up
>>>>> print("\033[K")
>>>>> if self.choice == 1:
>>>>>
>>>>
>>>> raw_input doesn't exist in Python 3.
>>>>
>>>> Perhaps you should do this at the top of the script:
>>>>
>>>> try:
>>>> raw_input # Python 2
>>>> except NameError:
>>>> raw_input = input # Python 3
>>>>
>>>> That way, all calls to raw_input will call the intended function.
>>>>
>>>
>>> The suggested way in the python docs is a little different:
>>>
>>> https://python-future.org/compatible_idioms.html#raw_input()
>>>
>>
>> Or that :)
>>
>
> Actually, this requires a dependency. "future" appears to be
> preinstalled on most distributions, but "builtins" isn't. In fact, i
> can't even find it in pip.
>
So, it does work on python2 and python3, however it indeed requires a
"future" package to be install through pip, which makes it an external
dependency. The way i have quoted above doesn't require the 'future'
package. I'm of no opinion on whether we should make the 'future'
package a requirement for all of our Python code, however if we were to
use this, it adds one extra step during setup and thus should be documented.
> -----Original Message-----
> From: Burakov, Anatoly
> Sent: Wednesday, April 3, 2019 3:59 PM
> To: Richardson, Bruce <bruce.richardson@intel.com>
> Cc: Sirvys, Andrius <andrius.sirvys@intel.com>; dev@dpdk.org; Laatz, Kevin
> <kevin.laatz@intel.com>; stable@dpdk.org; ciara.power@intel.com
> Subject: Re: [dpdk-dev] [PATCH] usertools: replace unsafe input function
>
> On 03-Apr-19 3:48 PM, Burakov, Anatoly wrote:
> > On 03-Apr-19 3:29 PM, Burakov, Anatoly wrote:
> >> On 03-Apr-19 2:30 PM, Bruce Richardson wrote:
> >>> On Wed, Apr 03, 2019 at 11:44:40AM +0100, Burakov, Anatoly wrote:
> >>>> On 20-Mar-19 4:43 PM, Andrius Sirvys wrote:
> >>>>> LGTM static code analysis tool reports that the function 'input'
> >>>>> is unsafe. Changed to use raw_input which then converts it using
> >>>>> ast.literal_eval() which is safe.
> >>>>>
> >>>>> Fixes: d1b94da4a4e0 ("usertools: add client script for telemetry")
> >>>>> Cc: ciara.power@intel.com
> >>>>>
> >>>>> Signed-off-by: Andrius Sirvys <andrius.sirvys@intel.com>
> >>>>> ---
> >>>>> usertools/dpdk-telemetry-client.py | 4 ++--
> >>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
> >>>>>
> >>>>> diff --git a/usertools/dpdk-telemetry-client.py
> >>>>> b/usertools/dpdk-telemetry-client.py
> >>>>> index ce0c7a9..c3ba77d 100755
> >>>>> --- a/usertools/dpdk-telemetry-client.py
> >>>>> +++ b/usertools/dpdk-telemetry-client.py
> >>>>> @@ -72,7 +72,7 @@ def requestMetrics(self): # Requests metrics for
> >>>>> given client
> >>>>> def repeatedlyRequestMetrics(self, sleep_time): #
> >>>>> Recursively requests metrics for given client
> >>>>> print("\nPlease enter the number of times you'd like to
> >>>>> continuously request Metrics:")
> >>>>> - n_requests = int(input("\n:"))
> >>>>> + n_requests = int(ast.literal_eval(raw_input("\n:")))
> >>>>> print("\033[F") #Removes the user input from screen,
> >>>>> cleans it up
> >>>>> print("\033[K")
> >>>>> for i in range(n_requests):
> >>>>> @@ -87,7 +87,7 @@ def interactiveMenu(self, sleep_time): # Creates
> >>>>> Interactive menu within the scr
> >>>>> print("[3] Unregister client")
> >>>>> try:
> >>>>> - self.choice = int(input("\n:"))
> >>>>> + self.choice =
> >>>>> +int(ast.literal_eval(raw_input("\n:")))
> >>>>> print("\033[F") #Removes the user input for
> >>>>> screen, cleans it up
> >>>>> print("\033[K")
> >>>>> if self.choice == 1:
> >>>>>
> >>>>
> >>>> raw_input doesn't exist in Python 3.
> >>>>
> >>>> Perhaps you should do this at the top of the script:
> >>>>
> >>>> try:
> >>>> raw_input # Python 2
> >>>> except NameError:
> >>>> raw_input = input # Python 3
> >>>>
> >>>> That way, all calls to raw_input will call the intended function.
> >>>>
> >>>
> >>> The suggested way in the python docs is a little different:
> >>>
> >>> https://python-future.org/compatible_idioms.html#raw_input()
> >>>
> >>
> >> Or that :)
> >>
> >
> > Actually, this requires a dependency. "future" appears to be
> > preinstalled on most distributions, but "builtins" isn't. In fact, i
> > can't even find it in pip.
> >
>
> So, it does work on python2 and python3, however it indeed requires a
> "future" package to be install through pip, which makes it an external
> dependency. The way i have quoted above doesn't require the 'future'
> package. I'm of no opinion on whether we should make the 'future'
> package a requirement for all of our Python code, however if we were to
> use this, it adds one extra step during setup and thus should be
> documented.
>
Going with your way is fine, and it does seem cleaner to me.
However, we should also question if we need to still support python2?
Even if we do right now, we probably can drop support
for it at some point in the very near future.
/Bruce
@@ -72,7 +72,7 @@ def requestMetrics(self): # Requests metrics for given client
def repeatedlyRequestMetrics(self, sleep_time): # Recursively requests metrics for given client
print("\nPlease enter the number of times you'd like to continuously request Metrics:")
- n_requests = int(input("\n:"))
+ n_requests = int(ast.literal_eval(raw_input("\n:")))
print("\033[F") #Removes the user input from screen, cleans it up
print("\033[K")
for i in range(n_requests):
@@ -87,7 +87,7 @@ def interactiveMenu(self, sleep_time): # Creates Interactive menu within the scr
print("[3] Unregister client")
try:
- self.choice = int(input("\n:"))
+ self.choice = int(ast.literal_eval(raw_input("\n:")))
print("\033[F") #Removes the user input for screen, cleans it up
print("\033[K")
if self.choice == 1: