1deef56cc6
this change will suppress the warnings from bandit about the pickle usages in the remote ssh related modules. this also adds TODO items to remind of future investigation. Change-Id: Iefd8fd240189a5a4e35c2ee433ba0a8ed899da91 Closes-Bug: 1552465
47 lines
1.7 KiB
Python
47 lines
1.7 KiB
Python
# Copyright (c) 2013 Mirantis Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import pickle # nosec
|
|
import sys
|
|
import traceback
|
|
|
|
from oslo_utils import reflection
|
|
|
|
|
|
def main():
|
|
# NOTE(dmitryme): since we do not read stderr in the main process,
|
|
# we need to flush it somewhere, otherwise both processes might
|
|
# hang because of i/o buffer overflow.
|
|
with open('/dev/null', 'w') as sys.stderr:
|
|
while True:
|
|
result = dict()
|
|
|
|
try:
|
|
# TODO(elmiko) these pickle usages should be
|
|
# reinvestigated to determine a more secure manner to
|
|
# deploy remote commands.
|
|
func = pickle.load(sys.stdin) # nosec
|
|
args = pickle.load(sys.stdin) # nosec
|
|
kwargs = pickle.load(sys.stdin) # nosec
|
|
|
|
result['output'] = func(*args, **kwargs)
|
|
except BaseException as e:
|
|
cls_name = reflection.get_class_name(e, fully_qualified=False)
|
|
result['exception'] = cls_name + ': ' + str(e)
|
|
result['traceback'] = traceback.format_exc()
|
|
|
|
pickle.dump(result, sys.stdout) # nosec
|
|
sys.stdout.flush()
|