From 8adf61ea90f60707abb33bfa7dc48e172d405b16 Mon Sep 17 00:00:00 2001 From: Steven Dake Date: Sun, 12 Apr 2015 14:42:30 -0700 Subject: [PATCH] Validate scheme used in urlopen An invalid url scheme could be used in urlopen in the python k8s swagger client to violate security. Validate that the URL is either http or https and turn off noise from bandit. Change-Id: I15fe8f9953e526beb25d84895ed3925a758ccda4 Implements: blueprint gate-bandit --- magnum/common/pythonk8sclient/client/swagger.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/magnum/common/pythonk8sclient/client/swagger.py b/magnum/common/pythonk8sclient/client/swagger.py index 1625763..71ddd6c 100644 --- a/magnum/common/pythonk8sclient/client/swagger.py +++ b/magnum/common/pythonk8sclient/client/swagger.py @@ -17,6 +17,7 @@ import mimetypes import random import string +from magnum import utils from models import * @@ -94,11 +95,13 @@ class ApiClient(object): else: raise Exception('Method ' + method + ' is not recognized.') + utils.raise_exception_invalid_scheme(url) + request = MethodRequest(method=method, url=url, headers=headers, data=data) # Make the request - response = urllib2.urlopen(request) + response = urllib2.urlopen(request) #nosec if 'Set-Cookie' in response.headers: self.cookie = response.headers['Set-Cookie'] string = response.read()