congress

Data source drivers allow execution of client methods not declared executable

Bug #1501097 reported by Eric K on 2015-09-29

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	congress	In Progress	Medium	Madhu Mohan Nelemane	congress 3.0.0

Bug Description

The data source drivers* allow the API invocation of client methods not declared to be executable and not intended to be called this way. For example, the drivers allow the execution of the client __init__ method.

*Affected: ceilometer, cinder, cloudfoundry, glance, heat, ironic, keystone, neutron, nova, swift, and vCenter
Unaffected: murano, plexxi

Revision history for this message

Eric K (ekcs) wrote on 2015-09-29:

The problem is that the method ExecutionDriver._execute_api(...) [in datasource_driver.py] doesn't check that an input action has been declared executable (and thus listed in ExecutionDriver.executable_methods). A solution is to change ExecutionDriver._execute_api(...) so that the check is performed.

Madhu Mohan Nelemane (mmohan-9) on 2015-09-30

Changed in congress:
assignee:	nobody → Madhu Mohan Nelemane (mmohan-9)

Madhu Mohan Nelemane (mmohan-9) on 2015-10-02

Changed in congress:
status:	New → In Progress

Eric K (ekcs) on 2015-10-02

tags:

removed: liberty-rc2

Revision history for this message

Eric K (ekcs) wrote on 2015-10-02:

Madhu, just a quick note for you:
You may want to wait until this other fix is merged: https://bugs.launchpad.net/congress/+bug/1499025 (it should be merged by Monday: https://review.openstack.org/#/c/228706/ )

If you fix this bug before the other fix is merged, some tests will fail.

Revision history for this message

Madhu Mohan Nelemane (mmohan-9) wrote on 2015-10-05:

Thanks Eric, I have cherry-picked the from https://review.openstack.org/#/c/228706/ and adding my changes to that.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-06: Fix proposed to congress (master)

Fix proposed to branch: master
Review: https://review.openstack.org/231411

Revision history for this message

Madhu Mohan Nelemane (mmohan-9) wrote on 2015-10-06:

Work in progress in: https://review.openstack.org/#/c/231411/

Tim Hinrichs (thinrichs) on 2016-04-13

Changed in congress:
status:	In Progress → Fix Released
milestone:	none → mitaka

Revision history for this message

Tim Hinrichs (thinrichs) wrote on 2016-04-14:

Mismarked this as having been finished. Was thinking we already had it finished b/c the inspect method in datasource_util ignores methods starting with an _.

Changed in congress:
status:	Fix Released → In Progress

Tim Hinrichs (thinrichs) on 2016-04-22

Changed in congress:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-10: Change abandoned on congress (master)

Change abandoned by Tim Hinrichs (<email address hidden>) on branch: master
Review: https://review.openstack.org/231411
Reason: No progress in 6 months. Definitely WIP. Madhu, feel free to resurrect when you return to this.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.