mgood
commented
10 years ago Oh, it seems that you're using the Jenkins "Python" flavored API instead of JSON. I don't see the Jenkins docs mention explicitly what types might be encoded in the Python responses, but if it's equivalent to the JSON types (dict, list, etc) using JSON would be a safer alternative. Or you could possibly use this to safely parse Python's literal types without allowing code execution: http://docs.python.org/2/library/ast.html#ast.literal_eval
Requests has a convenient way to parse JSON responses:
http://docs.python-requests.org/en/latest/user/quickstart/#json-response-content
Not only is this easy to use, but it prevents the major security issue of calling eval() on a response from a remote service.