7x31/cmdb
1
0
Fork 0
mirror of https://github.com/veops/cmdb.git synced 2025-08-26 04:00:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(api): 使用 ast.literal_eval 代替 eval,取消不正确的计算属性值返回。 (#688)

Browse Source 
* fix(api): 使用 ast.literal_eval 代替 eval,取消不正确的计算属性值返回。

* fix(api): 修复属性值计算逻辑,直接返回渲染结果。
This commit is contained in:
thexqn
2025-04-04 19:19:42 +08:00
committed by GitHub
parent 5ceb8ff6f9
commit 435bb2a2c8
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cmdb-api/api/lib/cmdb/value.py
View File

@@ -180,14 +180,15 @@ class AttributeValueManager(object):
@staticmethod @staticmethod
def _compute_attr_value_from_expr(expr, ci_dict): def _compute_attr_value_from_expr(expr, ci_dict):
t = jinja2.Template(expr).render(ci_dict)
try: try:
return eval(t) result = jinja2.Template(expr).render(ci_dict)
return result
except Exception as e: except Exception as e:
current_app.logger.warning(str(e)) current_app.logger.warning(
return t f"Expression evaluation error - Expression: '{expr}'"
f"Input parameters: {ci_dict}, Error type: {type(e).__name__}, Error message: {str(e)}"
)
return None
@staticmethod @staticmethod
def _compute_attr_value_from_script(script, ci_dict): def _compute_attr_value_from_script(script, ci_dict):
script = jinja2.Template(script).render(ci_dict) script = jinja2.Template(script).render(ci_dict)