As a result, the 'if' conditions specified in the metric definition file can use any Python builtin.
Even though the metric definition file is under the control of the user of the exporter, it would be safer to disable some of the more dangerous builtins (e.g. eval(), open(), breakpoint(), ...) or even all of them.
It needs to be double checked whether the current standard metric definition file uses any of the builtins, but probably that is not the case.
The current use of
eval()for the evaluation of fetch-condtion and export-condition leads to an automatic addition of all Python builtins. For details, see https://docs.python.org/3/library/functions.html#evalAs a result, the 'if' conditions specified in the metric definition file can use any Python builtin.
Even though the metric definition file is under the control of the user of the exporter, it would be safer to disable some of the more dangerous builtins (e.g. eval(), open(), breakpoint(), ...) or even all of them.
It needs to be double checked whether the current standard metric definition file uses any of the builtins, but probably that is not the case.