fix: replace eval mechanism with builtins to prevent security vulnerabilities

httprunner/__about__.py

@@ -1,7 +1,7 @@
 __title__ = 'HttpRunner'
 __description__ = 'One-stop solution for HTTP(S) testing.'
 __url__ = 'https://github.com/HttpRunner/HttpRunner'
-__version__ = '2.1.2'
+__version__ = '2.1.3'
 __author__ = 'debugtalk'
 __author_email__ = 'mail@debugtalk.com'
 __license__ = 'Apache-2.0'

httprunner/parser.py

@@ -1,6 +1,7 @@
 # encoding: utf-8
 
 import ast
+import builtins
 import os
 import re
 
@@ -277,11 +278,8 @@ def get_mapping_function(function_name, functions_mapping):
 
     try:
         # check if Python builtin functions
-        item_func = eval(function_name)
-        if callable(item_func):
-            # is builtin function
-            return item_func
-    except (NameError, TypeError):
+        return getattr(builtins, function_name)
+    except AttributeError:
         # is not builtin function
         raise exceptions.FunctionNotFound("{} is not found.".format(function_name))