glance.common.utils.execute is not used anywhere in the Glance code
base:
jpipes@serialcoder:~/repos/glance/glance$ ack-grep --ignore-dir=tests execute
registry/db/migrate_repo/versions/003_add_disk_format.py
99: image_records = conn.execute(sel).fetchall()
102: conn.execute(property_insert,
136: type_property_records = conn.execute(sel).fetchall()
140: conn.execute(upd)
143: conn.execute(dlt)
common/utils.py
99: execute("curl --fail %s -o %s" % (url, target))
102:def execute(cmd, process_input=None, addl_env=None, check_exit_code=True):
common/wsgi.py
98: executed. If it returns a response then that response will be
returned
It can be removed.
-jay
** Changed in: glance
Status: New => Triaged
** Changed in: glance
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/829064
Title:
glance/common/utils.py creates dangerous "execute" function that uses
the shell to run commands without filtering meta characters
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/829064/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
