review.fuel-infra Code Review - openstack-build/cinder-build.git/commit

]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commit

Code Review / openstack-build / cinder-build.git / commit

author	Dan Prince <dprince@redhat.com>
	Mon, 4 Feb 2013 02:54:33 +0000 (21:54 -0500)
committer	Dan Prince <dprince@redhat.com>
	Tue, 19 Feb 2013 14:14:31 +0000 (09:14 -0500)
commit	91ccd1501acb1316b05a0dc010601ad85a9ebd3b
tree	9ab1f406191daa633c43ff5b91cd93c1669b2b29	tree \| snapshot
parent	0c5216265d87fe27077b653a367edbc1af75dd5e	commit \| diff

Add a safe_minidom_parse_string function.

Adds a new utils.safe_minidom_parse_string function and
updates external API facing Cinder modules to use it.
This ensures we have safe defaults on our incoming API XML parsing.

Internally safe_minidom_parse_string uses a ProtectedExpatParser
class to disable DTDs and entities from being parsed when using
minidom.

Fixes LP Bug #1100282.

Change-Id: Iff8340033c8e8db58184944a1bf705e16b8b3e03

RSS Atom

cinder/api/common.py		diff \| blob \| history
cinder/api/contrib/hosts.py		diff \| blob \| history
cinder/api/contrib/volume_actions.py		diff \| blob \| history
cinder/api/openstack/wsgi.py		diff \| blob \| history
cinder/api/v1/volumes.py		diff \| blob \| history
cinder/api/v2/volumes.py		diff \| blob \| history
cinder/tests/test_utils.py		diff \| blob \| history
cinder/utils.py		diff \| blob \| history