Fixes for Bandit Issues in Nexenta Drivers

Adds a timeout to a post so Bandit stops crying. Adds a nosec comment to an MD5 hash because I can't tell if it's used for security or not. Change-Id: I46ad1a7ca723157488525ca7239cbd0ef421b975
2024-04-09 03:30:11 +00:00 · 2024-04-09 03:30:11 +00:00 · 67f95a49e1
commit 67f95a49e1
parent 36549c8b97
3 changed files with 23 additions and 13 deletions
--- a/manila/share/drivers/nexenta/ns4/jsonrpc.py
+++ b/manila/share/drivers/nexenta/ns4/jsonrpc.py
@ -83,7 +83,7 @@ class NexentaJSONProxy(object):
            'Authorization': 'Basic %s' % auth,
        }
        LOG.debug('Sending JSON data: %s', data)
-        r = requests.post(self.url, data=data, headers=headers)
+        r = requests.post(self.url, data=data, headers=headers, timeout=60)
        response = json.loads(r.content) if r.content else None
        LOG.debug('Got response: %s', response)
        if response.get('error') is not None:
--- a/manila/share/drivers/nexenta/ns5/jsonrpc.py
+++ b/manila/share/drivers/nexenta/ns5/jsonrpc.py
@ -551,7 +551,7 @@ class NefProxy(object):
        path = '%s:%s' % (guid, self.path)
        if isinstance(path, str):
            path = path.encode('utf-8')
-        self.lock = hashlib.md5(path).hexdigest()
+        self.lock = hashlib.md5(path).hexdigest()  # nosec B324

    def url(self, path):
        netloc = '%s:%d' % (self.host, int(self.port))
--- a/manila/tests/share/drivers/nexenta/ns4/test_nexenta_nas.py
+++ b/manila/tests/share/drivers/nexenta/ns4/test_nexenta_nas.py
@ -172,11 +172,13 @@ class TestNexentaNasDriver(test.TestCase):
        post.assert_any_call(
            self.request_params.url, data=self.request_params.build_post_args(
                'volume', 'object_exists', self.volume),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)
        post.assert_any_call(
            self.request_params.url, data=self.request_params.build_post_args(
                'folder', 'object_exists', folder),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)

    @mock.patch(PATH_TO_RPC)
    def test_create_share(self, post):
@ -229,7 +231,8 @@ class TestNexentaNasDriver(test.TestCase):
                parent_path,
                share['name'],
                create_folder_props),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)

    @mock.patch(PATH_TO_RPC)
    def test_create_share__thick_provisioning(self, post):
@ -259,7 +262,8 @@ class TestNexentaNasDriver(test.TestCase):
                parent_path,
                share['name'],
                create_folder_props),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)

    @mock.patch(PATH_TO_RPC)
    def test_create_share_from_snapshot(self, post):
@ -285,7 +289,8 @@ class TestNexentaNasDriver(test.TestCase):
                'clone',
                snapshot_name,
                '%s/%s/%s' % (self.volume, self.share, share['name'])),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)

    @mock.patch(PATH_TO_RPC)
    def test_delete_share(self, post):
@ -306,7 +311,8 @@ class TestNexentaNasDriver(test.TestCase):
                'destroy',
                folder.strip(),
                '-r'),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)

    @mock.patch(PATH_TO_RPC)
    def test_delete_share__exists_error(self, post):
@ -354,7 +360,8 @@ class TestNexentaNasDriver(test.TestCase):
                'set_child_prop',
                '%s/%s/%s' % (self.volume, self.share, share['name']),
                'quota', quota),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)

    @mock.patch(PATH_TO_RPC)
    def test_extend_share__thick_provisoning(self, post):
@ -382,7 +389,7 @@ class TestNexentaNasDriver(test.TestCase):
        post.assert_called_with(
            self.request_params.url, data=self.request_params.build_post_args(
                'folder', 'create_snapshot', folder, snapshot['name'], '-r'),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers, timeout=60)

    @mock.patch(PATH_TO_RPC)
    def test_delete_snapshot(self, post):
@ -397,7 +404,8 @@ class TestNexentaNasDriver(test.TestCase):
                    self._get_share_path(snapshot['share_name']),
                    snapshot['name']),
                ''),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)

    @mock.patch(PATH_TO_RPC)
    def test_delete_snapshot__nexenta_error_1(self, post):
@ -492,7 +500,8 @@ class TestNexentaNasDriver(test.TestCase):
                'netstorsvc', 'share_folder',
                'svc:/network/nfs/server:default',
                self._get_share_path(share['name']), share_opts),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)
        self.assertRaises(exception.ManilaException, self.drv.update_access,
                          self.ctx, share,
                          [access1, {'access_type': 'ip',
@ -543,7 +552,8 @@ class TestNexentaNasDriver(test.TestCase):
                'netstorsvc', 'share_folder',
                'svc:/network/nfs/server:default',
                self._get_share_path(share['name']), share_opts),
-            headers=self.request_params.headers)
+            headers=self.request_params.headers,
+            timeout=60)

        post.side_effect = my_side_effect