Mathias Panzenböck
commited on
Commit
·
93f905e
1
Parent(s):
3bd9061
Remove usage of eval() from postprocess.py (#4571)
Browse filesRemove usage of `eval()` from postprocess.py
### What problem does this PR solve?
The use of `eval()` is a potential security risk. While the use of
`eval()` is guarded and thus not a security risk normally, `assert`s
aren't run if `-O` or `-OO` is passed to the interpreter, and as such
then the guard would not apply. In any case there is no reason to use
`eval()` here at all.
### Type of change
- [x] Bug Fix (non-breaking change which fixes an issue)
- [x] Other (please describe):
Potential security fix if somehow the passed `modul_name` could be user
controlled.
deepdoc/vision/postprocess.py
CHANGED
|
@@ -23,7 +23,7 @@ import pyclipper
|
|
| 23 |
|
| 24 |
|
| 25 |
def build_post_process(config, global_config=None):
|
| 26 |
-
support_dict =
|
| 27 |
|
| 28 |
config = copy.deepcopy(config)
|
| 29 |
module_name = config.pop('name')
|
|
@@ -31,10 +31,11 @@ def build_post_process(config, global_config=None):
|
|
| 31 |
return
|
| 32 |
if global_config is not None:
|
| 33 |
config.update(global_config)
|
| 34 |
-
|
| 35 |
-
|
| 36 |
-
|
| 37 |
-
|
|
|
|
| 38 |
|
| 39 |
|
| 40 |
class DBPostProcess(object):
|
|
|
|
| 23 |
|
| 24 |
|
| 25 |
def build_post_process(config, global_config=None):
|
| 26 |
+
support_dict = {'DBPostProcess': DBPostProcess, 'CTCLabelDecode': CTCLabelDecode}
|
| 27 |
|
| 28 |
config = copy.deepcopy(config)
|
| 29 |
module_name = config.pop('name')
|
|
|
|
| 31 |
return
|
| 32 |
if global_config is not None:
|
| 33 |
config.update(global_config)
|
| 34 |
+
module_class = support_dict.get(module_name)
|
| 35 |
+
if module_class is None:
|
| 36 |
+
raise ValueError(
|
| 37 |
+
'post process only support {}'.format(list(support_dict)))
|
| 38 |
+
return module_class(**config)
|
| 39 |
|
| 40 |
|
| 41 |
class DBPostProcess(object):
|