openstack
/
horizon
Code Issues Proposed changes
horizon/openstack_dashboard
History
Adam Harwell 70629916fe Use quoting for CSV Writing 
An attacker could create an instance with a malicious name beginning
with an equals sign (=) or at sign (‘@’).
These are both recognized in Excel as metacharacters for a formula. The
attacker can create an instance name that includes a payload that will
execute code such as:
=cmd|' /C calc'!A0
This payload opens the calculator program when the resulting CSV is
opened on a Windows machine with Microsoft Excel. An attacker could
easily substitute this payload with another that runs any arbitrary
shell commands.

Quote the CSV output so this is no longer a possibility.

Closes-Bug: #1842749
Change-Id: I937fa2a14bb483d87f057b3e8be219ecdc9363eb
 		2019-10-11 19:52:08 +00:00
..
api Drop deprecated Glance V1 API support 2019-10-08 13:18:22 +03:00
conf Drop cinder consistency group support 2019-05-03 18:16:23 +00:00
contrib Handle partial dict setting 2019-09-26 14:31:17 +09:00
dashboards Use quoting for CSV Writing 2019-10-11 19:52:08 +00:00
django_pyscss_fix Handle log message interpolation by the logger 2017-03-31 20:59:16 +09:00
enabled Drop cinder consistency group support 2019-05-03 18:16:23 +00:00
local Relnote: default values are moved to openstack_dashboard/defaults.py 2019-10-03 08:41:12 +00:00
locale Imported Translations from Zanata 2019-10-06 08:31:37 +00:00
management Use the python real executable 2019-07-17 16:23:33 +02:00
static Merge "Add the unit test for trunks" 2019-10-10 07:40:03 +00:00
templates Remove unused 'not_list' template argument 2019-09-10 08:41:51 +00:00
templatetags Define default settings explicitly (openstack_dashboard 5/5) 2019-07-08 18:20:32 +09:00
test Use quoting for CSV Writing 2019-10-11 19:52:08 +00:00
themes Rework old customization templates and add new blocks 2019-01-03 17:45:29 +13:00
usage Remove the check which causes plugin's quotas update failure 2019-09-03 12:29:53 -07:00
utils Handle partial dict setting 2019-09-26 14:31:17 +09:00
wsgi Create new wsgi.py file and deprecate old file 2018-05-15 01:41:01 +00:00
.eslintrc
__init__.py
context_processors.py Define default settings explicitly (openstack_dashboard 5/5) 2019-07-08 18:20:32 +09:00
defaults.py Merge "Downloadable Kubernetes configuration file" 2019-09-12 17:54:02 +00:00
exceptions.py Drop Heat related code from horizon 2017-12-05 07:38:55 +00:00
hooks.py pylint: fix import-error 2019-01-16 00:00:58 +09:00
karma.conf.js Makes the xstatic files lookup dynamic in the tests 2017-07-27 10:01:33 -04:00
policy.py Specify POLICY_CHECK_FUNCTION as a string 2016-11-25 13:06:14 +01:00
settings.py Move default values defined in settings.py to defaults.py 2019-09-12 15:05:56 +09:00
theme_settings.py pylint: fix several warnings 2019-01-15 00:22:27 +09:00
urls.py Define default settings explicitly (openstack_dashboard 5/5) 2019-07-08 18:20:32 +09:00
views.py trivial: Add TODOs for remaining function-based views 2019-09-11 07:29:49 +09:00
wsgi.py Fixed path after moving wsgi/django.wsgi to wsgi.py 2018-09-06 12:05:37 +02:00