RAFT Fix arbitrary code execution vulnerability in checkpoint feature (…

…ShishirPatil#415) Replaced `eval()` by `int()` when loading the checkpoint file to remove the possibility of executing arbitrary code. Co-authored-by: Shishir Patil <[email protected]>
devanshamin · May 8, 2024 · 8d75023 · 8d75023
1 parent 1bdf381
commit 8d75023
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/raft/raft.py b/raft/raft.py
@@ -285,7 +285,7 @@ def save_checkpoint(state, filename):
 
 def load_checkpoint(filename):
     with open(filename, 'r') as f:
-        return eval(f.read())
+        return int(f.read())
 
 def main():
     global ds