[Openstack-security] [openstack/nova] SecurityImpact review request change Ic5f4d4c26794550a92481bf2b725ef5eafa581b2
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Dec 7 00:26:00 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/249239
Log:
commit ef1ccdaca9512b88878155f7d8c2c77853d91252
Author: Matt Riedemann <mriedem at us.ibm.com>
Date: Mon Nov 16 13:11:09 2015 -0800
xen: mask passwords in volume connection_data dict
The connection_data dict can have credentials in it, so we need to scrub
those before putting the stringified dict into the StorageError message
and raising that up and when logging the dict.
Note that strutils.mask_password converts the dict to a string using
six.text_type so we don't have to do that conversion first.
SecurityImpact
Change-Id: Ic5f4d4c26794550a92481bf2b725ef5eafa581b2
Closes-Bug: #1516765
(cherry picked from commit 8b289237ed6d53738c22878decf0c429301cf3d0)
(cherry picked from commit cf197ec2d682fb4da777df2291ca7ef101f73b77)
More information about the Openstack-security
mailing list