[Openstack-security] [openstack/glance] SecurityImpact review request change I60b42d5a5d71602be7adc321406ea87dfcf93f46
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Mar 3 10:45:53 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/158480
Log:
commit 565566f417876a84ae815a7381d93d62597a9196
Author: Geetika Batra <geetika791 at gmail.com>
Date: Tue Feb 24 04:32:51 2015 +0530
Fixes insecure use of asserts in cache.py
The assert statement is replaced by
if image_id == 'detail':
continue
As stated in the Python documentation assert statements will not be evaluated
when the Python code is compiled with optimization flags. This means that these
checks will not be properly executed and one can in that case call a specific
method with a completely different HTTP verb. This can result in security
issues.
SecurityImpact
Closes-bug: #1414532
Change-Id: I60b42d5a5d71602be7adc321406ea87dfcf93f46
More information about the Openstack-security
mailing list