ironic

History

Julia Kreger 25cc871450 Block ability update callback_url A malicious user with: * API access normally reserved for the provisioning, cleaning, rescue networks. * Insight about a node, such as a MAC address, or baremetal node UUID. * Insight into the state of the node, such as the access provided to Compute API users, or other Bare Metal API users. Can submit an erroneous ``heartbeat`` to the ironic-api endpoint with a ``callback_url`` that is not of the actual intended agent. This can potentially cause a rescue, cleaning, or deployment operation to be derailed, or at worst commands to be sent to to an endpoint the malicious user controls. Story: 2006773 Task: 37295 Change-Id: I1a5e3c2b34d45c06fb74e82d0f30735ce9041914 (cherry picked from commit `931c125982`)		2019-12-16 22:17:22 +00:00
..
api	Block ability update callback_url	2019-12-16 22:17:22 +00:00
cmd	Fix :param: in docstring	2019-06-14 14:23:57 +08:00
common	Mask secrets when logging in json_rpc	2019-10-22 09:18:20 +00:00
conductor	Block ability update callback_url	2019-12-16 22:17:22 +00:00
conf	Merge "Allow retrying PXE boot if it takes too long"	2019-09-23 12:58:26 +00:00
db	Allow retrying PXE boot if it takes too long	2019-09-20 15:24:28 +02:00
dhcp	Merge "Enable no IP address to be returned"	2019-08-12 10:57:43 +00:00
drivers	Fix use of urlparse.urljoin	2019-12-16 14:18:33 +00:00
hacking	Fix regex string in the hacking check	2019-06-06 14:42:58 +08:00
objects	Truncate node text fields when too long	2019-04-19 10:27:00 +02:00
tests	Block ability update callback_url	2019-12-16 22:17:22 +00:00
__init__.py	Move eventlet monkey patch code	2017-03-02 13:48:18 +02:00
version.py	Correct version.py and update current version string	2014-03-21 13:50:05 -07:00