Data source drivers allow execution of client methods not declared executable
Bug #1501097 reported by
Eric K
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
congress |
In Progress
|
Medium
|
Madhu Mohan Nelemane |
Bug Description
The data source drivers* allow the API invocation of client methods not declared to be executable and not intended to be called this way. For example, the drivers allow the execution of the client __init__ method.
*Affected: ceilometer, cinder, cloudfoundry, glance, heat, ironic, keystone, neutron, nova, swift, and vCenter
Unaffected: murano, plexxi
Changed in congress: | |
assignee: | nobody → Madhu Mohan Nelemane (mmohan-9) |
Changed in congress: | |
status: | New → In Progress |
tags: | removed: liberty-rc2 |
Changed in congress: | |
status: | In Progress → Fix Released |
milestone: | none → mitaka |
Changed in congress: | |
importance: | Undecided → Medium |
To post a comment you must log in.
The problem is that the method ExecutionDriver ._execute_ api(... ) [in datasource_ driver. py] doesn't check that an input action has been declared executable (and thus listed in ExecutionDriver .executable_ methods) . A solution is to change ExecutionDriver ._execute_ api(... ) so that the check is performed.