Changing eval for getattr because security reasons, spotted by @jmesquita

2016-05-12 16:32:33 -03:00 · 2016-05-12 16:32:33 -03:00 · eb14f1afb6
commit eb14f1afb6
parent 6031f3e694
3 changed files with 7 additions and 5 deletions
--- a/integrations/mailer/README.md
+++ b/integrations/mailer/README.md
@ -58,12 +58,12 @@ above.

 ```
 [notification:foo]
-field = alert.resource
+field = resource
 regex = db-\w+
 contacts = dba@lists.mycompany.com, dev@lists.mycompany.com

 [notification:bar]
-field = alert.resource
+field = resource
 regex = web-\w+
 contacts = dev@lists.mycompany.com 
 ```
--- a/integrations/mailer/mailer.py
+++ b/integrations/mailer/mailer.py
@ -197,8 +197,10 @@ class MailSender(threading.Thread):
            LOG.debug('Checking %d group rules' % len(OPTIONS['group_rules']))
            for rules in OPTIONS['group_rules']:
                LOG.debug('Matching regex %s to %s (%s)' % (rules['regex'],
-                         rules['field'], eval(rules['field'])))
-                if re.match(rules['regex'], eval(rules['field'])):
+                          rules['field'],
+                          getattr(alert, rules['field'], None)))
+                if re.match(rules['regex'],
+                            getattr(alert, rules['field'], None)):
                    LOG.debug('Regex matched')
                    # Add up any new contacts
                    new_contacts = [x.strip() for x in rules['contacts'].split(',')
--- a/integrations/mailer/setup.py
+++ b/integrations/mailer/setup.py
@ -2,7 +2,7 @@

 import setuptools

-version = '3.3.1'
+version = '3.3.2'

 setuptools.setup(
    name="alerta-mailer",