yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #03279
[Bug 1190226] Re: Potential SQL injections
Turning into Wishlist bug as suggested by Chuck on comment 2
** Information type changed from Private Security to Public
** No longer affects: ossa
** Changed in: swift
Importance: Undecided => Wishlist
** Changed in: swift
Status: Invalid => Confirmed
** Summary changed:
- Potential SQL injections
+ Raw SQL used in swift/swift/common/db.py could be escaped
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1190226
Title:
Raw SQL used in swift/swift/common/db.py could be escaped
Status in OpenStack Compute (Nova):
Invalid
Status in OpenStack Object Storage (Swift):
Confirmed
Bug description:
Grant Murphy (gmurphy@xxxxxxxxxx) conducted an audit of OpenStack and
reported the following potential SQL injection vulnerabilities in
Swift and Nova. These may well not be exploitable, we need to
doublecheck them.
swift/swift/common/db.py:376: UPDATE %s_stat SET id=?
swift/swift/common/db.py:379: SELECT ROWID FROM %s ORDER BY ROWID DESC LIMIT 1
swift/swift/common/db.py:403: UPDATE %s_stat SET created_at=MIN(?, created_at),
swift/swift/common/db.py:424: SELECT * FROM %s WHERE ROWID > ? ...
swift/swift/common/db.py:440: "SELECT sync_point FROM %s_sync WHERE remote_id=?"
swift/swift/common/db.py:456: SELECT remote_id, sync_point FROM %s_sync
swift/swift/common/db.py:512: INSERT INTO %s_sync (sync_point, remote_id)
swift/swift/common/db.py:518: UPDATE %s_sync SET sync_point=max(?, sync_point)
swift/swift/common/db.py:561: metadata = conn.execute('SELECT metadata FROM %s_stat' %
swift/swift/common/db.py:592: md = conn.execute('SELECT metadata FROM %s_stat' %
swift/swift/common/db.py:607: conn.execute('UPDATE %s_stat SET metadata = ?' %
swift/swift/common/db.py:633: md = conn.execute('SELECT metadata FROM %s_stat' %
swift/swift/common/db.py:644: conn.execute('UPDATE %s_stat SET metadata = ?' %
nova/nova/virt/hyperv/volumeutils.py:78: "WHERE TargetName='%s'" % target_iqn)
nova/nova/virt/hyperv/hostutils.py:66: "WHERE DeviceID='%s'"
nova/nova/virt/hyperv/basevolumeutils.py:123: "Class WHERE TargetName='%s'"
nova/nova/db/sqlalchemy/utils.py:64: return "INSERT INTO %s %s" % (
nova/nova/db/sqlalchemy/migrate_repo/versions/152_change_type_of_deleted_column.py:40:
return "INSERT INTO %s %s" % (
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1190226/+subscriptions