You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 15, 2019. It is now read-only.
Instead of supporting EC2 parsers+validators and EC2 output formatters it seems like there is some weird python hack that dynamically converts a input param into a function call, or at least it is attempted.
Also the same goes with that functions args (if a function is found) where this EC2 layer just basically blindly converts request parameters into function arguments instead of doing proper validation.
Instead of supporting EC2 parsers+validators and EC2 output formatters it seems like there is some weird python hack that dynamically converts a input param into a function call, or at least it is attempted.
See: https://github.com/openstack/nova/blob/stable/essex/nova/api/ec2/apirequest.py#L58
This seems like a very odd hack.
Also the same goes with that functions args (if a function is found) where this EC2 layer just basically blindly converts request parameters into function arguments instead of doing proper validation.
https://github.com/openstack/nova/blob/stable/essex/nova/api/ec2/apirequest.py#L71
This seems like a very odd hack.
From a security standpoint and from a odd hack point of view, these seem bad...
The text was updated successfully, but these errors were encountered: