Fix instances of mutable default arguments to functions/methods
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Undecided
|
Brian Cline |
Bug Description
In a few points throughout the codebase, mutable lists and mutable dicts are being used as default function/method arguments.
In Python, this is an issue since functions are treated as objects that can maintain state between calls. As a result, this only gets set once, and it's possible for it to stack list values over time in cases when you might expect them to be empty. Depending on use, this can cause incredibly complex and yet very subtle bugs in code that reads just fine. In Glance's case, since a few instances of this are in several ACL-related methods in glance.store.*, there is *potential* for security concern (not confirmed).
Here's some additional information illustrating and explaining this behavior in Python:
http://
http://
There are no comments in the code I've seen that indicate this usage is meant specifically to take advantage of this subtlety in the language. We'd definitely want to document that if it is the case.
Wanted to create this as a discussion point if needed, and as a courtesy to attach it to the patch I'm going to push in a few minutes. The full test suites seem to pass locally, so will be curious what Jenkins has to say.
Changed in glance: | |
milestone: | none → juno-1 |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | juno-1 → 2014.2 |
For some reason recent patch sets aren't being automatically annotated here.
This is the patch pushed for this issue: /review. openstack. org/87475
https:/