yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1370295] Re: Possible SQL Injection vulnerability in hyperv volumeutils2

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Dague <sean@xxxxxxxxx>
Date: Wed, 10 Dec 2014 22:28:59 -0000
Reply-to: Bug 1370295 <1370295@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The patch is stalled. And honestly WQL is not really exposed in a
substantial way here.

** Tags added: hyperv

** Changed in: nova
       Status: In Progress => Opinion

** Changed in: nova
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1370295

Title:
  Possible SQL Injection vulnerability in hyperv volumeutils2

Status in OpenStack Compute (Nova):
  Opinion
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  This line:
  https://github.com/openstack/nova/blob/master/nova/virt/hyperv/volumeutilsv2.py#L54
  makes a raw SQL query using input from target_address and target_port.
  If an attacker is able to manipulate either of these parameters, they
  can exploit a SQL injection vulnerability.

  If neither of these parameters can be controlled by an attacker, it's
  probably OK to fix this in public.  These should definitely at least
  be strengthened by using prepared statements, or even better, a secure
  SQL library such as sqlalchemy.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1370295/+subscriptions