From 4f9f9405b85a2af7b6ccc42ef3debc9b52f3502b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mathias=20Panzenb=C3=B6ck?=
 <134175+panzi@users.noreply.github.com>
Date: Mon, 20 Jan 2025 02:52:30 +0100
Subject: [PATCH] Remove use of eval() from ocr.py (#4481)

`eval(op_name)` -> `getattr(operators, op_name)`

### What problem does this PR solve?

Using `eval()` can lead to code injections and is entirely unnecessary
here.

### Type of change

- [x] Other (please describe):

Best practice code improvement, preventing the possibility of code
injection.
---
 deepdoc/vision/ocr.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deepdoc/vision/ocr.py b/deepdoc/vision/ocr.py
index f014d755b..b6f815741 100644
--- a/deepdoc/vision/ocr.py
+++ b/deepdoc/vision/ocr.py
@@ -19,6 +19,7 @@ from huggingface_hub import snapshot_download
 
 from api.utils.file_utils import get_project_base_directory
 from .operators import *  # noqa: F403
+from . import operators
 import math
 import numpy as np
 import cv2
@@ -55,7 +56,7 @@ def create_operators(op_param_list, global_config=None):
         param = {} if operator[op_name] is None else operator[op_name]
         if global_config is not None:
             param.update(global_config)
-        op = eval(op_name)(**param)
+        op = getattr(operators, op_name)(**param)
         ops.append(op)
     return ops