This repository has been archived by the owner on Jul 15, 2019. It is now read-only.
Bad/hacky function/args finding and calling #10
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Instead of supporting EC2 parsers+validators and EC2 output formatters it seems like there is some weird python hack that dynamically converts a input param into a function call, or at least it is attempted.
See: https://github.com/openstack/nova/blob/stable/essex/nova/api/ec2/apirequest.py#L58
This seems like a very odd hack.
Also the same goes with that functions args (if a function is found) where this EC2 layer just basically blindly converts request parameters into function arguments instead of doing proper validation.
https://github.com/openstack/nova/blob/stable/essex/nova/api/ec2/apirequest.py#L71
This seems like a very odd hack.
From a security standpoint and from a odd hack point of view, these seem bad...
The text was updated successfully, but these errors were encountered: