Hi, today my colleague found an interesting bug in EC2 driver. When you try to delete a key, instead of removing specified key (referenced by ID) it deletes the first key in list.
In programming speak: original_key = keys(credentials, opts) client.delete_key(original_key.id) .... Looks fine but what if opts doesn't include :id => ID? In this case, there was a 'typo' in server.rb and instead of sending :id => KEY_ID it sends :key_name => KEY_ID which lead in behavior described above. This was really easy to fix but we should consider using this keys(credentials, opts) and replace it with key(credentials, id). This of course apply to all other collections. IMHO it worth to do a small security audit just for this :) -- Michal ------------------------------------------------------ Michal Fojtik, [email protected] Deltacloud API: http://deltacloud.org
