[Openstack-security] Security Anti-Patterns
Clark, Robert Graham
robert.clark at hp.com
Thu May 29 15:06:17 UTC 2014
>On 05/28/2014 11:55 PM, Bhandaru, Malini K wrote:
>> Hello Everyone!
>>
>> Can you think of a security anti-pattern? Share them and help make
>>OpenStack more secure.
>>
>> Below is an excerpt from the wiki under development --
>>https://wiki.openstack.org/wiki/Security/OpenStack_Security_Impact_Checks
>>
>
>Thank you Malini!
>I added some classic anti-pattern to the list.
>
>Now I wonder how to verify those automatically.
>I'm afraid grep won't be enough, we might want to look at a simple ast
>representation that we can use to inspect dangerous function call.
>
>Would a PoC that highlight subprocess call with shell=True still be
>useful or do we already have something in mind ?
>
>Best regards,
>Tristan
Including Jamie (who some of you know as chair6) as he¹s been looking into
AST for exactly this purpose.
-Rob
More information about the Openstack-security
mailing list