[Yahoo-eng-team] [Bug 1190226] Re: Raw SQL used in swift/swift/common/db.py could be escaped

Sat, 06 Jun 2015 13:46:08 -0700 

** Changed in: swift
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1190226

Title:
  Raw SQL used in swift/swift/common/db.py could be escaped

Status in OpenStack Compute (Nova):
  Invalid
Status in OpenStack Object Storage (Swift):
  Invalid

Bug description:
  Grant Murphy (gmur...@redhat.com) conducted an audit of OpenStack and
  reported the following potential SQL injection vulnerabilities in
  Swift and Nova. These may well not be exploitable, we need to
  doublecheck them.

  swift/swift/common/db.py:376: UPDATE %s_stat SET id=?
  swift/swift/common/db.py:379: SELECT ROWID FROM %s ORDER BY ROWID DESC LIMIT 1
  swift/swift/common/db.py:403: UPDATE %s_stat SET created_at=MIN(?, 
created_at),
  swift/swift/common/db.py:424: SELECT * FROM %s WHERE ROWID > ? ...
  swift/swift/common/db.py:440: "SELECT sync_point FROM %s_sync WHERE 
remote_id=?"
  swift/swift/common/db.py:456: SELECT remote_id, sync_point FROM %s_sync
  swift/swift/common/db.py:512: INSERT INTO %s_sync (sync_point, remote_id)
  swift/swift/common/db.py:518: UPDATE %s_sync SET sync_point=max(?, sync_point)
  swift/swift/common/db.py:561: metadata = conn.execute('SELECT metadata FROM 
%s_stat' %
  swift/swift/common/db.py:592: md = conn.execute('SELECT metadata FROM 
%s_stat' %
  swift/swift/common/db.py:607: conn.execute('UPDATE %s_stat SET metadata = ?' %
  swift/swift/common/db.py:633: md = conn.execute('SELECT metadata FROM 
%s_stat' %
  swift/swift/common/db.py:644: conn.execute('UPDATE %s_stat SET metadata = ?' %

  nova/nova/virt/hyperv/volumeutils.py:78: "WHERE TargetName='%s'" % target_iqn)
  nova/nova/virt/hyperv/hostutils.py:66: "WHERE DeviceID='%s'"
  nova/nova/virt/hyperv/basevolumeutils.py:123: "Class WHERE TargetName='%s'"
  nova/nova/db/sqlalchemy/utils.py:64:    return "INSERT INTO %s %s" % (
  
nova/nova/db/sqlalchemy/migrate_repo/versions/152_change_type_of_deleted_column.py:40:
     return "INSERT INTO %s %s" % (

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1190226/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to