Go to file

Sean McGinnis 4137c33922 Use defusedxml for XML parsing

The built-in xml module has some vulnerabilities to several known
XML attacks. While the chances of this are limited with the way
it is being used by some of the volume drivers, it is still a
security risk that has been identified and has a mostly painless
way to be mitigated with the defusedxml package [1].

There are still some drivers performing XML parsing that are not
covered by this patch. They need closer analysis to see how to
best switch to the defusedxml equivalents.

This patch covers the instances where it was a mostly drop in and
replace from the native xml functionality to the defusedxml
alternatives.

[1] https://github.com/tiran/defusedxml/blob/master/README.md

Change-Id: I083fc23eab6f712264919a250c6fb57cc0f6a11b
Partial-bug: #1732155

2017-12-16 17:44:14 -06:00

api-ref/source

Merge "Fix discrepancy in api-ref for volume_types APIs"

2017-12-14 00:59:32 +00:00

cinder

Use defusedxml for XML parsing

2017-12-16 17:44:14 -06:00

contrib/block-box

Update BlockBox

2017-10-04 13:59:01 -06:00

doc

Merge "added clarification in docs for usage of "volume_clear*" options"

2017-12-14 00:29:45 +00:00

etc/cinder

Add cg policies and clean up old policy handling

2017-12-04 10:07:54 +08:00

playbooks/legacy/cinder-tempest-dsvm-lvm-lio

Test os-brick master in LIO gate job

2017-11-16 11:23:54 -05:00

rally-jobs

Switch Rally Task To format V2

2017-10-13 08:37:57 +00:00

releasenotes

Merge "NetApp ONTAP: Copy offload bugfix"

2017-12-15 19:17:05 +00:00

tools

Add policy documentation and sample file

2017-10-20 10:47:34 +08:00

.coveragerc

Update .coveragerc after the removal of openstack directory

2016-10-17 19:09:37 +05:30

.gitignore

Add doc/source/_static/cinder.policy.yaml.sample to .gitignore

2017-11-15 16:46:57 +09:00

.gitreview

Initial fork out of Nova.

2012-05-03 10:48:26 -07:00

.stestr.conf

Add .stestr.conf configuration

2017-10-10 00:46:42 +00:00

.zuul.yaml

Move legacy-cinder-tox-* jobs in-tree

2017-11-27 09:57:06 -06:00

babel.cfg

Initial fork out of Nova.

2012-05-03 10:48:26 -07:00

bindep.txt

Update bindep.txt for doc builds

2017-11-21 21:06:13 +01:00

CONTRIBUTING.rst

Optimize the link address

2017-04-08 15:03:44 +08:00

driver-requirements.txt

Adds DataCore Volume Drivers

2017-11-23 10:11:34 +03:00

HACKING.rst

Fix wrong links in Cinder

2017-09-07 11:55:44 +08:00

LICENSE

Initial fork out of Nova.

2012-05-03 10:48:26 -07:00

pylintrc

Use six to fix imports on Python 3

2015-06-11 17:19:19 +02:00

README.rst

Update Documentation link

2017-07-13 12:12:20 +00:00

requirements.txt

Use defusedxml for XML parsing

2017-12-16 17:44:14 -06:00

setup.cfg

Add cg policies and clean up old policy handling

2017-12-04 10:07:54 +08:00

setup.py

Updated from global requirements

2017-03-02 23:53:29 +00:00

test-requirements.txt

Updated from global requirements

2017-12-05 02:58:54 +00:00

tox.ini

Add output of slowest tests to UT runs

2017-12-11 10:25:29 -06:00

README.rst

Team and repository tags

CINDER

You have come across a storage service for an open cloud computing service. It has identified itself as Cinder. It was abstracted from the Nova project.

Wiki: https://wiki.openstack.org/Cinder
Developer docs: https://docs.openstack.org/cinder/latest/

Getting Started

If you'd like to run from the master branch, you can clone the git repo:

git clone https://git.openstack.org/openstack/cinder.git

For developer information please see HACKING.rst

You can raise bugs here https://bugs.launchpad.net/cinder

Python client

https://git.openstack.org/cgit/openstack/python-cinderclient