Adds specific rule to no sec comment for ZFSSA driver.
Follow up to change Id71c0ee4138b695ff19085a284ccced6b1a9dbba
Depends-On: I532ff3f0b2613340e0cb46c3b7e57a22cfa50c61
Change-Id: I997d45d3d3850af30510af41ef335242f02642fc
This is mostly a copy-paste from Nova (which was also copied to Cinder).
It should probably live in oslo.service or elsewhere, but for now we
vendor the code here. The main change is that we use the Draft 2020-12
schema rather than the Draft 4 schemes currently used elsewhere (though
those will be changing too).
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I76285d95bd7b9a6489c7839220fc941f1acdc263
Partially-implements: bp json-schema-validation
Adds correct rule to nosec in QNAP driver
Follow up to change I171c90a281c7b62c2601131293f9f00a926641e2
Change-Id: Ice0621cd20345cea04539588bdadc93ad6a15a15
Use low-level os.path function + __file__ which are already used in
the other places.
Also consistency use os.path.join to compose file paths instead of
bare +, to avoid confusions about trailing / .
Change-Id: I1363e4befe41f3bb63b66b2589011e51828bcbbe
cElementTree was deprecated in Python 3.3 .
Use defusedxml instead of the built-in xml module to avoid potentially
malicious operation[1].
[1] https://docs.python.org/3/library/xml.html#xml-vulnerabilities
Change-Id: I7b2d2843fb82873e6194c040c6cdfd515de2cefe
The periodic database queries made by the share manager service to
process deferred deletion of shares has been fixed to consider the
host in addition to the share's state. This both improves performance
of the periodic task, as well as fixes incorrect behavior where
incorrect shares are retrieved by the query.
Partially-implements: bp/deferred-deletion
Change-Id: I813a3130ae015a6b8778bb2a288075b949313c73
These are detected as errors since the clean up was done[1] in
the requirements repository. Minimum versions are bumped to avoid
installing known bad versions.
[1] 314734e938f107cbd5ebcc7af4d9167c11347406
Change-Id: I9ce84c193903b36109bc81c08bd760a50bbfd473
Replaces qnap driver's use of Python's
Standard XML library methods with defusedxml's
methods instead.The defusedXML protects the app
from XML attacks.
Instructed bandit to skip the line 86 of api.py
of qnap driver. _create_unverified_context was
intentionally used by developer which bandit
wasn't happy about.
Change-Id: I171c90a281c7b62c2601131293f9f00a926641e2
Bandit is yelling about possible SQL injection
because an SQL command is being amended, but
it's being amended onto a blank string so I
do not think this is a security issue. Also,
Bandit is yelling about 0.0.0.0 being binded
but this is intentional and will break stuff
if changed.
Change-Id: I3e974a2113b29af1111f27ca1afeb78091a0ec75
Bandit is yelling but these aren't used for security
purposes, I think, so this will sort out Bandit
Change-Id: I0e686c91ce02ea42719d00d17f6ed659e97470ac
Make sure that all password options is defined with secret=True so that
the given values do not appear in debug logs.
Also remove the redundant default=None .
Change-Id: I989e825ef160a65a5a72c58d6fd4e8099044bcd5
The purpose of md5 was not specified.
Veritas drivers use mds hashes which pop on bandit as security issues
Putting "usedforsecurity=False" properly shows the hash function
is not use for security.
Change-Id: I78a5b708cd970dcb60f480d8e6a201d0768645fc
To appease Bandit, timeouts have to be
everywhere. So here are some timeouts
so Bandit stops crying.
Change-Id: I2a913f3b87e16554b1bd68543fcf254cc4226031
To appease Bandit since SHA1 angers
the beast, usedforsecurity=False will be
bolted to the hash function
Change-Id: I33bbb7070ada5509ca05c90d7a38077d38f54a1f
Bandit yelled at this use of urlopen
but the security issue it's worried about
does not apply in this case
Change-Id: Id71c0ee4138b695ff19085a284ccced6b1a9dbba
If we are manually creating these things, we don't want any
automatically created. This is a latent issue that was being exposed by
SQLAlchemy 2.0's tweaked session management.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I9d760ebbfcca176a39b44f20fb92e16eaf6284c5
This patch adds a delete cli command to ShareCommands
The helper CLI command checks if service if up. If service
is down, it deletes the share instance
Closes-Bug: #1867030
Change-Id: I6a0575c1ed86213010e50fe1b7a733cdf7fa1736
This is reported upstream [1] but I suspect the root cause is that we
were relying on a bug in Alembic: renaming tables doesn't really make
sense as a batch operation, which by definition works by recreating
tables with an updated schema (to support SQLite and its lack of full
'ALTER' support).
[1] https://github.com/sqlalchemy/alembic/issues/1453
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I1da6d117778bbbad64b2df2dfd2f8aeef8a7084c
Zuul