Bug 1248031
| Summary: | python-docker-py: harden request URL construction | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Florian Weimer <fweimer> |
| Component: | python-docker-py | Assignee: | Tomas Tomecek <ttomecek> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | atomic-bugs <atomic-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | ttomecek |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | python-docker-py-1.7.2-1.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-04-13 09:12:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1234952 | ||
Upstream issue: https://github.com/docker/docker-py/issues/697 Fixed upstream: https://github.com/docker/docker-py/pull/752 Fix for this should already be available in python-docker-py-1.7.2-1.el7 |
The Client class performs a lot URL construction like this: res = self._get(self._url("/exec/{0}/json".format(exec_id))) This can be used to manipulate the query string if exec_id contains characters like '?' and '/', which can lead to vulnerabilities elsewhere. The client code should be fixed to reject such invalid parameters.