summaryrefslogtreecommitdiffhomepage
path: root/doc/source
diff options
context:
space:
mode:
authorYusuke Iwase <iwase.yusuke0@gmail.com>2014-11-10 13:44:33 +0900
committerFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>2014-11-26 12:46:24 +0900
commit31353a95dd4fb43a13a67b549cad214c214c2302 (patch)
treeb127752ab72d2e1cb01d3cacbd771003063758bd /doc/source
parent6a133b0cacbac79d5b99e363a076b26bf316dd62 (diff)
fix security problem of some RESTful apps
I'm very sorry I didn't include rest_firewall.py and rest_qos.py in my patch. I suggested for ofctl_rest.py only... Here is the patch for rest_firewall.py and rest_qos.py. --------------------------------------------------------------- Subject: [PATCH] fix security problem of some RESTful apps It is not safe to use eval function because input data(request body) is not checked For example, someone can send this data to remove all files in the directory "import('os').system('rm -rf .')" I suggest to use json.loads to parse the request body if the data is json format or disable builtin functions like: eval(req.body, {"__builtins__":None}) Signed-off-by: Takeshi <a86487817@gmail.com> Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com> Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Diffstat (limited to 'doc/source')
0 files changed, 0 insertions, 0 deletions