file_open is not safe and performs too many useless syscalls
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Server (MOVED TO GITHUB) |
Fix Released
|
Low
|
OpenERP's Framework R&D |
Bug Description
It happens with 5.0 and certainly with 6.1 too.
When you update the list of modules, the application calls:
tools.
And file_open will browse all the parents of the "addons_path" for a zip file ...
I've added a statement to trace the call to "open()" :
open('/
open('/
open('/
open('/
open('/
open('/
open('/
open('/home.zip', 'rb')
open('/.zip', 'rb')
This behaviour is seen on module installation or upgrade too.
It is probably a security issue which impacts performance as well.
Related branches
- Florent (community): Approve
- Olivier Dony (Odoo): Approve
-
Diff: 185 lines (+68/-54)2 files modifiedopenerp/modules/module.py (+14/-11)
openerp/tools/misc.py (+54/-43)
visibility: | private → public |
Changed in openobject-server: | |
milestone: | 6.1 → none |
Hi Florent,
Would you elaborate on the security implications you are referring to (given that these calls to open() are coming from zipfile. is_zipfile( )), in order to evaluate the importance of this bug report?
I can see a lot of room for optimization in this behavior too, indeed.
Thanks,