OpenStack Identity (keystone)

  1. Bug #1354208
  2. Comment #11

Comment 11 for bug 1354208

Revision history for this message
Nathan Kinder (nkinder) wrote : Re: Catalog replacement allows reading config

The patch looks good from a security perspective, so +1.

A minor thing that should probably be addressed is to protect against the whitelist being None. In WhitelistedFormatter:__init__(), the set() function will fail if whitelist is None. This would require one to explicitly set the config to None instead of an empty list, but it's possible and we should protect against it. Here is the code I'm referring to:

+class WhiteListedFormatter(object):
+
+ def __init__(self, whitelist, data):
+ self._whitelist = set(whitelist)