From 7b1385dd3e487380883012319cfb52b1f2eb5e49 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Fri, 22 Apr 2016 14:12:34 -0400
Subject: [PATCH] Remove unsafe usage of eval

eval will execute a function before it has been determined to be
a python data type.  Instead, use ast.literal_eval which validates
the object is a data type before executing it.

See:
    http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html

(copied from Ia3d74747e66d72e97a3fb9029bd51331c902f874)

Change-Id: Iae0d42f8d14f66d6ea6cf2201646d8a796cc0cc9
---
 k8sclient/client/api_client.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/k8sclient/client/api_client.py b/k8sclient/client/api_client.py
index 02099f0..9d075c0 100644
--- a/k8sclient/client/api_client.py
+++ b/k8sclient/client/api_client.py
@@ -21,6 +21,7 @@ from . import models
 from .rest import RESTClient
 from .rest import ApiException
 
+import ast
 import os
 import re
 import urllib
@@ -259,10 +260,10 @@ class ApiClient(object):
             # for native types
             if klass in ['int', 'float', 'str', 'bool',
                          "date", 'datetime', "object"]:
-                klass = eval(klass)
+                klass = ast.literal_eval(klass)
             # for model types
             else:
-                klass = eval('models.' + klass)
+                klass = ast.literal_eval('models.' + klass)
 
         if klass in [int, float, str, bool]:
             return self.__deserialize_primitive(data, klass)