check_ssh_injection does not guard against all uses of special characters
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Undecided
|
git-harry |
Bug Description
I don't know if there are any practical implications of this, based on how the code currently uses this function, however check_ssh_injection does not raise an exception for all occurrences of special characters.
This correctly identifies the sem-colon:
>>> cinder.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "cinder/utils.py", line 177, in check_ssh_injection
raise exception.
cinder.
This doesn't detect the semi-colon:
>>> cinder.
Changed in cinder: | |
assignee: | nobody → git-harry (git-harry) |
Changed in cinder: | |
milestone: | none → kilo-1 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | kilo-1 → 2015.1.0 |
Fix proposed to branch: master /review. openstack. org/138068
Review: https:/