VMware: Disable suds caching

The default cache implementation in suds store pickled objects in a
predictable path in /tmp which could lead to attacks. This patch
turns off suds caching to address this security issue.

Change-Id: I7daaa25a0677004e03896298e9c3026d5c33c6ac
Closes-Bug: #1341954

diff --git a/cinder/volume/drivers/vmware/pbm.py b/cinder/volume/drivers/vmware/pbm.py
index 1baa69b8e4fec1c138faedb73c7893b568b81cce..5c4818118e6440237bbb2a941586b43a1453bb07 100644 (file)
--- a/cinder/volume/drivers/vmware/pbm.py
+++ b/cinder/volume/drivers/vmware/pbm.py
@@ -58,7 +58,8 @@ class PBMClient(vim_module.Vim):
         self._vimSession = vimSession
         self._url = vim_util.get_soap_url(protocol, host, 'pbm')
         # create the pbm client
-        self._client = suds.client.Client(pbm_wsdl, location=self._url)
+        self._client = suds.client.Client(pbm_wsdl, location=self._url,
+                                          cache=suds.cache.NoCache())
         PBMClient._copy_client_cookie(self._vimSession, self._client)
         # Get the PBM service content
         si_moref = vim_module.get_moref(SERVICE_INSTANCE, SERVICE_TYPE)

diff --git a/cinder/volume/drivers/vmware/vim.py b/cinder/volume/drivers/vmware/vim.py
index 84fd63376d775f88fe51d4919ad090146353ee6d..c8056c67567e5d67133ad37ae4a659cd7df52f0d 100644 (file)
--- a/cinder/volume/drivers/vmware/vim.py
+++ b/cinder/volume/drivers/vmware/vim.py
@@ -86,7 +86,8 @@ class Vim(object):
             wsdl_loc = Vim._get_wsdl_loc(protocol, host)
         soap_url = vim_util.get_soap_url(protocol, host)
         self._client = suds.client.Client(wsdl_loc, location=soap_url,
-                                          plugins=[VIMMessagePlugin()])
+                                          plugins=[VIMMessagePlugin()],
+                                          cache=suds.cache.NoCache())
         self._service_content = self.RetrieveServiceContent('ServiceInstance')
 
     @staticmethod