From 4356da97cd8b04a4a19c802ae68ea4e69b19a865 Mon Sep 17 00:00:00 2001 From: Daniel STAN Date: Thu, 19 Jan 2012 13:16:55 +0100 Subject: [PATCH] [gestion/ipt.py] Eval is evil Python nazis are back darcs-hash:20120119121655-28565-ec11f555ca24cb553d4f9fc4c5a33b2241c2c6c0.gz --- gestion/ipt.py | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/gestion/ipt.py b/gestion/ipt.py index a53c6e79..4a4e683e 100755 --- a/gestion/ipt.py +++ b/gestion/ipt.py @@ -116,39 +116,39 @@ class Ip6tables(object): def macip(self, mac, type_m): '''Fait la correspondance MAC-IP''' type_mm = re.sub('-', '', type_m) - eval('self.filter.mac' + type_mm)(" ".join(['-m mac --mac-source', mac, + getattr(self.filter,'mac' + type_mm)(" ".join(['-m mac --mac-source', mac, '-j RETURN'])) # self.filter.mac(" ".join(['-m mac --mac-source', mac, # '-j RETURN'])) def extcrans(self, type_machine, ports, mac, dev): '''Ouverture des ports de l'extérieur vers la zone crans''' - tab = { 'fil' : 'self.filter.extfil', 'fil-v6' : 'self.filter.extfilv6', - 'wifi' : 'self.filter.extwifi', - 'wifi-v6' : 'self.filter.extwifiv6' } + tab = { 'fil' : 'extfil', 'fil-v6' : 'extfilv6', + 'wifi' : 'extwifi', + 'wifi-v6' : 'extwifiv6' } ip = ipv6_addr(mac, type_machine) for proto in ['tcp', 'udp']: for port in ports[proto]: if port != ':': - eval(tab[type_machine])('-i %s -p %s -d %s --dport %s -j \ + getattr(self.filter,tab[type_machine])('-i %s -p %s -d %s --dport %s -j \ ACCEPT' % (dev, proto, ip, port)) else: - eval(tab[type_machine])('-i %s -p %s -s %s -j ACCEPT' % + getattr(self.filter,tab[type_machine])('-i %s -p %s -s %s -j ACCEPT' % (dev, proto, ip)) def cransext(self, type_machine, ports, mac, dev): '''Ouverture des ports de la zone crans vers l'extérieur''' - tab = { 'fil' : 'self.filter.cransfil', 'fil-v6' : - 'self.filter.cransfilv6', 'wifi' : 'self.filter.cranswifi', - 'wifi-v6' : 'self.filter.cranswifiv6' } + tab = { 'fil' : 'cransfil', 'fil-v6' : + 'cransfilv6', 'wifi' : 'cranswifi', + 'wifi-v6' : 'cranswifiv6' } ip = ipv6_addr(mac, type_machine) for proto in ['tcp', 'udp']: for port in ports[proto]: if port != ':': - eval(tab[type_machine])('-i %s -p %s -s %s --sport %s -j \ + getattr(self.filter,tab[type_machine])('-i %s -p %s -s %s --sport %s -j \ ACCEPT' % (dev, proto, ip, port)) else: - eval(tab[type_machine])('-i %s -p %s -s %s -j ACCEPT' % + getattr(self.filter,tab[type_machine])('-i %s -p %s -s %s -j ACCEPT' % (dev, proto, ip)) def blacklist(self, machine): @@ -207,8 +207,7 @@ class Update(object): # On vérifie si la machine a déjà des entrées dans les chaînes # On est un peu sous optimal ici for sens in ['crans', 'ext']: - items = eval('ipt_p.filter.%s.items' % (sens + re.sub('-', '', - net))) + items = getattr(ipt_p.filter,sens + re.sub('-', '',net)).items i = 0 while i < len(items): if ip in items[i] or 'REJECT' in items[i]: @@ -216,9 +215,9 @@ class Update(object): else: i = i + 1 ports_io(ipt_p, machine[0], net, dev_ext, dev_crans) - eval('ipt_p.filter.ext' + re.sub('-', '', net))('-j \ + getattr(ipt_p.filter,'ext' + re.sub('-', '', net))('-j \ REJECT --reject-with icmp6-port-unreachable') - eval('ipt_p.filter.crans' + re.sub('-', '', net))('-j \ + getattr(ipt_p.filter,'crans' + re.sub('-', '', net))('-j \ REJECT --reject-with icmp6-port-unreachable') # On écrit et applique les règles write_rules(ipt_p) @@ -254,7 +253,7 @@ REJECT --reject-with icmp6-port-unreachable') ipt_p = open_pickle(ip_proto) for type_m in ['fil', 'fil-v6', 'adm']: type_mm = re.sub('-', '', type_m) - eval('ipt_p.filter.mac%s.items' % type_mm)[:] = [] + getattr(ipt_p.filter,'mac%s' % type_mm).items[:] = [] machines = db.all_machines(graphic = True) macips(ipt_p, machines, ['fil', 'fil-v6', 'adm']) @@ -728,7 +727,7 @@ def macips(ipt, machines, types_machines): break for type_m in types_machines: type_mm = re.sub('-', '', type_m) - eval('ipt.filter.mac' + type_mm)('-j DROP') + getattr(ipt.filter,'mac' + type_mm)('-j DROP') #eval('ipt.filter.mac' + type_mm)('-j REJECT') return 0