[openstack-dev] Hyperv test blobs?

Sean Dague sdague at linux.vnet.ibm.com
Wed Dec 5 12:14:05 UTC 2012 

On 12/04/2012 05:25 PM, Joshua Harlow wrote:
> Hi all,
>
> I was just looking into some of the tests and came across some hyperv
> stuff that I don't understand.
>
> Possibly somehow can help me understand whats happening here.
>
> https://github.com/openstack/nova/tree/master/nova/tests/hyperv/stubs
>
> There seem to be a bunch of binary serialized objects here that contain
> some secret hidden code used during testing (probably not harmful but
> who am I to say when the contents aren't visible). From a little decode
> script that I wrote to try to see whats going on here @
> http://paste.ubuntu.com/1411286/ (that’s just a decode of one of those
> files) is it possible that in the future we can not accept such binary
> blobs (even for testing). Not to set off a /panic/, but if binary blobs
> are allowed in, then who is really sure that said blob isn't executing
> some code on my CI machine (or elsewhere) that could be doing malicious
> activities. Without clear-text source files, its pretty hard to say that
> they aren't (yes its just for testing, but that’s besides the point).
>
> Did anyone besides the committers peek into those files to determine
> what is going on there (reviewers?)?
>
> It looks like a 'future statement' said that json will go in @
> (https://github.com/openstack/nova/blob/master/nova/tests/hyperv/README.rst),
> but shouldn't that have happened to begin with?
>
> Crappy decoder script @ http://paste.ubuntu.com/1411300/
>
> Thoughts welcome.

I agree with you. The last nova meeting actually had the hyperv driver 
as a topic for 30 minutes because of this issue - 
http://eavesdrop.openstack.org/meetings/nova/2012/nova.2012-11-29-21.01.html

I'd be fine saying that new hyper-v patches are blocked until this is 
fixed, but that didn't seem to be the general feeling on things.

It's also incredibly helpful if others raise the issues in the review 
queue as well - https://review.openstack.org/#/c/16843/. You don't need 
-2 powers to raise concerns.

	-Sean

-- 
Sean Dague
IBM Linux Technology Center
email: sdague at linux.vnet.ibm.com
alt-email: sldague at us.ibm.com

More information about the OpenStack-dev mailing list