[openstack-dev] [Cinder] cinder not support query volume/snapshot with regular expression

laserjetyang laserjetyang at gmail.com
Tue Apr 29 05:48:39 UTC 2014


It looks to me the Nova API will be dangerous source of DoS attacks due to
the regexp?


On Mon, Apr 28, 2014 at 7:04 PM, Duncan Thomas <duncan.thomas at gmail.com>wrote:

> Regex matching in APIs can be a dangerous source of DoS attacks - see
> http://en.wikipedia.org/wiki/ReDoS. Unless this is mitigated sensibly,
> I will continue to resist any cinder patch that adds them.
>
> Glob matches might be safer?
>
> On 26 April 2014 05:02, Zhangleiqiang (Trump) <zhangleiqiang at huawei.com>
> wrote:
> > Hi, all:
> >
> >         I see Nova allows search instances by name, ip and ip6 fields
> which can be normal string and regular expression:
> >
> >         [stack at leiqzhang-stack cinder]$ nova help list
> >
> >         List active servers.
> >
> >         Optional arguments:
> >                 --ip <ip-regexp>      Search with regular expression
> match by IP address
> >                                 (Admin only).
> >                 --ip6 <ip6-regexp>    Search with regular expression
> match by IPv6 address
> >                          (Admin only).
> >                 --name <name-regexp>  Search with regular expression
> match by name
> >                 --instance-name <name-regexp> Search with regular
> expression match by server name
> >                                 (Admin only).
> >
> >         I think it is also needed for Cinder when query the
> volume/snapshot/backup by name. Any advice?
> >
> > ----------
> > zhangleiqiang (Trump)
> >
> > Best Regards
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> --
> Duncan Thomas
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140429/3ec4d842/attachment.html>


More information about the OpenStack-dev mailing list