yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1466894] [NEW] potential default value leakage in LaunchImageNG

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Yves-Gwenael Bourhis <yves-gwenael.bourhis@xxxxxxxxxxxxx>
Date: Fri, 19 Jun 2015 14:29:08 -0000
Reply-to: Bug 1466894 <1466894@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

LaunchImageNG uses a mutable as default parameter.

This can lead to potential leakage because the default value is
evaluated only once and any potential changes done to the default
arguments will be kept for further instances.

I don't think it's a security vulnerability at this stage, but it can
potentially lead to it.

** Affects: horizon
     Importance: Undecided
     Assignee: Yves-Gwenael Bourhis (yves-gwenael-bourhis)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1466894

Title:
  potential default value leakage in LaunchImageNG

Status in OpenStack Dashboard (Horizon):
  In Progress

Bug description:
  LaunchImageNG uses a mutable as default parameter.

  This can lead to potential leakage because the default value is
  evaluated only once and any potential changes done to the default
  arguments will be kept for further instances.

  I don't think it's a security vulnerability at this stage, but it can
  potentially lead to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1466894/+subscriptions

Follow ups

[Bug 1466894] Re: potential default value leakage in LaunchImageNG
From: Doug Hellmann, 2015-06-23
[Bug 1466894] [NEW] potential default value leakage in LaunchImageNG
From: Yves-Gwenael Bourhis, 2015-06-19

References

[Bug 1466894] [NEW] potential default value leakage in LaunchImageNG
From: Yves-Gwenael Bourhis, 2015-06-19