neutron

recursive module import not working correctly in utils.py

Bug #1634735 reported by Martin Matyáš on 2016-10-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Low	Ihar Hrachyshka

Bug Description

Recursive module import not working correctly. Recurse is called without full path in import_modules_recursively causing performing module imports on inappropriate/unwanted directories.

https://github.com/openstack/neutron/blob/71f2d2bc90aaf9ee696cd4e4f29879ba6c5703b5/neutron/common/utils.py#L865

One of impacts:
https://bugs.launchpad.net/kolla/+bug/1634712

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-19: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/388340

Changed in neutron:
assignee:	nobody → Martin Matyáš (martinx-maty)
status:	New → In Progress

Anindita Das (anindita-das) on 2016-10-19

Changed in neutron:
importance:	Undecided → Low

Revision history for this message

Martin Matyáš (martinx-maty) wrote on 2016-10-19:

please reconsider the "importance" taking in account:
- the issue is blocking part of functionality in kolla installer https://bugs.launchpad.net/kolla/+bug/1634712
- possible security threat due to automatic module imports from unpredictable/unwanted directories

OpenStack Infra (hudson-openstack) on 2016-10-21

Changed in neutron:
assignee:	Martin Matyáš (martinx-maty) → Ihar Hrachyshka (ihar-hrachyshka)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-22: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/388340
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=676257cea09b736328caacc61182e27d369e254b
Submitter: Jenkins
Branch: master

commit 676257cea09b736328caacc61182e27d369e254b
Author: Martin Matyáš <email address hidden>
Date: Tue Oct 18 21:05:15 2016 -0700

Remove recursion from import_modules_recursively

    Since the function already uses os.walk that will iterate through all
    subdirectories for us, there is no need to recursively call the
    function.

    The recursive call was not just redundant, but also had another problem,
    where we were passing relative paths to subdirectories, which made the
    function to attempt importing modules that are not located under the
    topdir. It could crash, or, worse, import a module that is
    not under the expected parent directory.

    This patch also modifies an existing unit test for the function to
    validate that modules from subdirectories are also imported, even
    without the recursive call.

Change-Id: I8b3a844460e4987b8a8375b01353d01e57d91604
Closes-Bug: #1634735

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-22: Fix proposed to neutron (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/390012

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-01: Fix merged to neutron (stable/newton)

Reviewed: https://review.openstack.org/390012
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ec0e5d3bf434e7e409196c79f42a1fc92ce7ca96
Submitter: Jenkins
Branch: stable/newton

commit ec0e5d3bf434e7e409196c79f42a1fc92ce7ca96
Author: Martin Matyáš <email address hidden>
Date: Tue Oct 18 21:05:15 2016 -0700

Remove recursion from import_modules_recursively

    Since the function already uses os.walk that will iterate through all
    subdirectories for us, there is no need to recursively call the
    function.

    This patch also modifies an existing unit test for the function to
    validate that modules from subdirectories are also imported, even
    without the recursive call.

    Change-Id: I8b3a844460e4987b8a8375b01353d01e57d91604
    Closes-Bug: #1634735
    (cherry picked from commit 676257cea09b736328caacc61182e27d369e254b)