[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1732155] Fix merged to cinder (master)


Reviewed:  https://review.openstack.org/519618
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=21362156125cadc0cddbffdc911d15a29c949902
Submitter: Zuul
Branch:    master

commit 21362156125cadc0cddbffdc911d15a29c949902
Author: lijing <lijing at gohighsec.com>
Date:   Tue Nov 14 18:59:29 2017 +0800

    use defusedxml to avoid XML attack
    
    According to https://docs.openstack.org/bandit/latest/api/bandit.blacklists.html
    
    Using various XML methods to parse untrusted XML data is known to be vulnerable
    to XML attacks. Methods should be replaced with their defusedxml equivalents.
    
    Change-Id: Icdd807c8fd47ce0df3e292eef910e6e6e7610686
    Partial-Bug: #1732155

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1732155

Title:
  bandit report: use defusedxml to avoid XML attack

Status in Cinder:
  In Progress
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  According to
  https://docs.openstack.org/bandit/latest/api/bandit.blacklists.html

  Using various XLM methods to parse untrusted XML data is known to be
  vulnerable to XML attacks. Methods should be replaced with their
  defusedxml equivalents.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1732155/+subscriptions