cinder drivers using ETree for xml parsing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
New
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Bandit blacklists calls to xml.etree for security purposes
see: http://
Calls to xml.etree are made in the following locations:
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
Location: cinder/
tags: | added: drivers fujitsu hitachi huawei qnap |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.