OpenStack Compute (nova)

  1. Bug #1190229
  2. Comment #1

Comment 1 for bug 1190229

Revision history for this message
Thierry Carrez (ttx) wrote : Re: Potential unsafe XML usage

Analysis in Nova:

nova/nova/virt/libvirt/driver.py
What's getting parsed is XML from libvirt, not user-provided XML requests. So that's safe.

nova/nova/virt/xenapi/vm_utils.py
What's getting parsed is XML from XenServer, not user-provided XML requests, so that's safe.

nova/nova/api/openstack/compute/contrib/security_groups.py
While most calls use xmlutil.safe_minidom_parse_string (which is safe), there is one call in _extend_servers that still uses minidom.parseString(req.body) and therefore looks vulnerable.

nova/nova/api/openstack/compute/contrib/security_group_default_rules.py
Uses pure minidom in its XML deserializer, so probably vulnerable.