[Openstack-security] [openstack/glance] SecurityImpact review request change I60b42d5a5d71602be7adc321406ea87dfcf93f46
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Feb 23 23:36:06 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/158480
Log:
commit f42af53af1f1568dc9221754f611b0f16fee9889
Author: Geetika Batra <geetika791 at gmail.com>
Date: Tue Feb 24 04:32:51 2015 +0530
"Fixes insecure use of asserts in cache.py"
The assert statement is replaced by
if not condition:
raise AssertionError.
As stated in the Python documentation assert statements will not be evaluated
when the Python code is compiled with optimization flags. This means that these
checks will not be properly executed and one can in that case call a specific
method with a completely different HTTP verb. This can result in security
issues.
SecurityImpact
Closes-bug: #1414532
Change-Id: I60b42d5a5d71602be7adc321406ea87dfcf93f46
More information about the Openstack-security
mailing list