** Changed in: glance
Status: Fix Committed => Fix Released
** Changed in: glance
Milestone: None => juno-1
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1307878
Title:
Fix instances of mutable default arguments to functions/methods
Status in OpenStack Image Registry and Delivery Service (Glance):
Fix Released
Bug description:
In a few points throughout the codebase, mutable lists and mutable
dicts are being used as default function/method arguments.
In Python, this is an issue since functions are treated as objects
that can maintain state between calls. As a result, this only gets set
once, and it's possible for it to stack list values over time in cases
when you might expect them to be empty. Depending on use, this can
cause incredibly complex and yet very subtle bugs in code that reads
just fine. In Glance's case, since a few instances of this are in
several ACL-related methods in glance.store.*, there is *potential*
for security concern (not confirmed).
Here's some additional information illustrating and explaining this behavior
in Python:
http://effbot.org/zone/default-values.htm
http://stackoverflow.com/questions/1132941/least-astonishment-in-python-the-mutable-default-argument
There are no comments in the code I've seen that indicate this usage
is meant specifically to take advantage of this subtlety in the
language. We'd definitely want to document that if it is the case.
Wanted to create this as a discussion point if needed, and as a
courtesy to attach it to the patch I'm going to push in a few minutes.
The full test suites seem to pass locally, so will be curious what
Jenkins has to say.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1307878/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
