fix security problem of some RESTful apps - ryu - Component-based software defined networking framework

diff options

author	Yusuke Iwase <iwase.yusuke0@gmail.com>	2014-11-10 13:44:33 +0900
committer	FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>	2014-11-26 12:46:24 +0900
commit	31353a95dd4fb43a13a67b549cad214c214c2302 (patch)
tree	b127752ab72d2e1cb01d3cacbd771003063758bd /doc/source/app
parent	6a133b0cacbac79d5b99e363a076b26bf316dd62 (diff)

fix security problem of some RESTful apps

I'm very sorry I didn't include rest_firewall.py and rest_qos.py in my patch. I suggested for ofctl_rest.py only... Here is the patch for rest_firewall.py and rest_qos.py. --------------------------------------------------------------- Subject: [PATCH] fix security problem of some RESTful apps It is not safe to use eval function because input data(request body) is not checked For example, someone can send this data to remove all files in the directory "import('os').system('rm -rf .')" I suggest to use json.loads to parse the request body if the data is json format or disable builtin functions like: eval(req.body, {"__builtins__":None}) Signed-off-by: Takeshi <a86487817@gmail.com> Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com> Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>

Diffstat (limited to 'doc/source/app')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: