![]() An attacker could create an instance with a malicious name beginning with an equals sign (=) or at sign (‘@’). These are both recognized in Excel as metacharacters for a formula. The attacker can create an instance name that includes a payload that will execute code such as: =cmd|' /C calc'!A0 This payload opens the calculator program when the resulting CSV is opened on a Windows machine with Microsoft Excel. An attacker could easily substitute this payload with another that runs any arbitrary shell commands. Quote the CSV output so this is no longer a possibility. Closes-Bug: #1842749 Change-Id: I937fa2a14bb483d87f057b3e8be219ecdc9363eb |
||
---|---|---|
doc | ||
horizon | ||
openstack_auth | ||
openstack_dashboard | ||
playbooks | ||
releasenotes | ||
roles/setup-selenium-tests | ||
tools | ||
.eslintignore | ||
.eslintrc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.pylintrc | ||
.zuul.yaml | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.rst | ||
babel-django.cfg | ||
babel-djangojs.cfg | ||
bindep.txt | ||
lower-constraints.txt | ||
manage.py | ||
package.json | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
test-shim.js | ||
tox.ini |
README.rst
Horizon (OpenStack Dashboard)
Horizon is a Django-based project aimed at providing a complete
OpenStack Dashboard along with an extensible framework for building new
dashboards from reusable components. The
openstack_dashboard
module is a reference implementation of
a Django site that uses the horizon
app to provide
web-based interactions with the various OpenStack projects.
- Project documentation: https://docs.openstack.org/horizon/latest/
- Release management: https://launchpad.net/horizon
- Blueprints and feature specifications: https://blueprints.launchpad.net/horizon
- Issue tracking: https://bugs.launchpad.net/horizon
- Release notes: https://docs.openstack.org/releasenotes/horizon/
Using Horizon
See doc/source/install/index.rst
about how to install
Horizon in your OpenStack setup. It describes the example steps and has
pointers for more detailed settings and configurations.
It is also available at Installation Guide.
Getting Started for Developers
doc/source/quickstart.rst
or Quickstart
Guide describes how to setup Horizon development environment and
start development.
Building Contributor Documentation
This documentation is written by contributors, for contributors.
The source is maintained in the doc/source
directory
using reStructuredText and
built by Sphinx
To build the docs, use:
$ tox -e docs
Results are in the doc/build/html
directory