[Openstack-security] [openstack/glance] SecurityImpact review request change Ic17c330eff701ff63701c0029b26db7093a1d73d
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Apr 15 07:29:49 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/87475
Log:
commit bebe906ee7ddcc8785c927b559c930d62e972cbb
Author: Brian Cline <bcline at softlayer.com>
Date: Tue Apr 15 02:10:28 2014 -0500
Uses None instead of mutables for function param defaults
Addressing bug 1307878, changes use of mutable lists and dicts as
default arguments and defaults them within the function. Otherwise,
those defaults can be unexpectedly persisted with the function between
invocations and erupt into mass hysteria on the streets.
To my knowledge there aren't known cases of the current use causing
specific issues, but needs addressing (even stylistically) to avoid
problems in the future -- ones that may crop up as extremely subtle or
intermittent bugs...or worse, security vulnerabilities.
In Glance's case there are ACL-related methods using this, so
although I haven't confirmed one way or the other yet, I've marked it
with SecurityImpact so that a more knowledgeable set of eyes can
review it in this context as well.
Closes-Bug: #1307878
SecurityImpact
Change-Id: Ic17c330eff701ff63701c0029b26db7093a1d73d
More information about the Openstack-security
mailing list