tripleo

Writing files uses unsafe patterns in the tripleo client

Bug #1751284 reported by Bogdan Dobrelya
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Invalid
High
Radoslaw Smigielski
tripleo rocky-1

Bug Description

As Steve noticed in https://review.openstack.org/#/c/542875/26/tripleoclient/v1/undercloud_config.py, such a pattern risks a corrupted file if a new file is shorter than the old file. At some point this needs to be changed to http://git.openstack.org/cgit/openstack/heat-agents/tree/heat-config-ansible/install.d/hook-ansible.py#n73

There are more places to inspect.

Tags: tech-debt
Bogdan Dobrelya (bogdando)
Changed in tripleo:
importance: Undecided → High
milestone: none → queens-rc1
tags: added: tech-debt
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: queens-rc1 → rocky-1
Radoslaw Smigielski (radoslaw-smigielski)
Changed in tripleo:
assignee: nobody → Radoslaw Smigielski (radoslaw-smigielski)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-tripleoclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/553604

Revision history for this message
Ben Nemec (bnemec) wrote :

This is not true. Opening a file for 'w' access in Python truncates it immediately. You don't even have to write anything to it.

[bnemec@RedHat tmp]$ echo foo > foo
[bnemec@RedHat tmp]$ cat foo
foo
[bnemec@RedHat tmp]$ python
Python 2.7.14 (default, Dec 11 2017, 16:08:01)
[GCC 7.2.1 20170915 (Red Hat 7.2.1-2)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> open('foo', 'w')
<open file 'foo', mode 'w' at 0x7f97e4ff7660>
>>>
 [bnemec@RedHat tmp]$ cat foo
[bnemec@RedHat tmp]$

The same test with 'wb' behaves the same, so I don't think this is necessary in the heat-agents case either.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on python-tripleoclient (master)

Change abandoned by Radoslaw Smigielski (<email address hidden>) on branch: master
Review: https://review.openstack.org/553604

Radoslaw Smigielski (radoslaw-smigielski)
Changed in tripleo:
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.