)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"e08dabecbbc45ee9b72a2455cd64f03d8634a1c0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"0b25d30c_956ecf03","updated":"2024-09-04 15:19:28.000000000","message":"Am also concerned about the bit in deploy_utils.py","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"e973b129699913226741a41505e4cb8537ac209f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"0c90b86c_66a91ec1","updated":"2024-09-05 00:10:06.000000000","message":"recheck intermittent connectivity related failures","commit_id":"c996aafa6d2fb7cb90da6f6126bf385635cdf32e"}],"doc/source/admin/security.rst":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"3b96c8a87c4d186a064cc0ee7db664a5363c5aa7","unresolved":true,"context_lines":[{"line_number":414,"context_line":""},{"line_number":415,"context_line":"By default, only ``qcow2`` format is supported for this operation, however there"},{"line_number":416,"context_line":"have been reports other formats work when so enabled using the"},{"line_number":417,"context_line":"``[conductor]permitted_image_formats`` configuration option."},{"line_number":418,"context_line":""},{"line_number":419,"context_line":""},{"line_number":420,"context_line":"Ironic takes several steps by default."}],"source_content_type":"text/x-rst","patch_set":2,"id":"e4affdab_a464af34","line":417,"updated":"2024-09-04 17:52:35.000000000","message":"nit: :oslo.config:option:`conductor.permitted_image_formats`","commit_id":"ae4c6ce52bf0261eafc94546c8cf89b2a3cbdb2d"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"3b96c8a87c4d186a064cc0ee7db664a5363c5aa7","unresolved":true,"context_lines":[{"line_number":446,"context_line":"however this can increase the temporary disk utilization of the Conductor"},{"line_number":447,"context_line":"along with network traffic to facilitate the transfer. This check is disabled"},{"line_number":448,"context_line":"by default, but can be enabled using the"},{"line_number":449,"context_line":"``[conductor]conductor_always_validates_images`` configuration option."},{"line_number":450,"context_line":""},{"line_number":451,"context_line":"An option exists which forces all files to be served from the conductor, and"},{"line_number":452,"context_line":"thus force image inspection before involvement of the ``ironic-python-agent``"}],"source_content_type":"text/x-rst","patch_set":2,"id":"95a3cb8e_77c2c26c","line":449,"updated":"2024-09-04 17:52:35.000000000","message":"similarly here","commit_id":"ae4c6ce52bf0261eafc94546c8cf89b2a3cbdb2d"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"3b96c8a87c4d186a064cc0ee7db664a5363c5aa7","unresolved":true,"context_lines":[{"line_number":450,"context_line":""},{"line_number":451,"context_line":"An option exists which forces all files to be served from the conductor, and"},{"line_number":452,"context_line":"thus force image inspection before involvement of the ``ironic-python-agent``"},{"line_number":453,"context_line":"is the use of the ``[agent]image_download_source`` configuration parameter"},{"line_number":454,"context_line":"when set to ``local`` which proxies all disk images through the conductor."},{"line_number":455,"context_line":"This setting is also available in the node ``driver_info`` and"},{"line_number":456,"context_line":"``instance_info`` fields."}],"source_content_type":"text/x-rst","patch_set":2,"id":"10e8d8dc_5b30a6c1","line":453,"updated":"2024-09-04 17:52:35.000000000","message":"and here","commit_id":"ae4c6ce52bf0261eafc94546c8cf89b2a3cbdb2d"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"3b96c8a87c4d186a064cc0ee7db664a5363c5aa7","unresolved":true,"context_lines":[{"line_number":453,"context_line":"is the use of the ``[agent]image_download_source`` configuration parameter"},{"line_number":454,"context_line":"when set to ``local`` which proxies all disk images through the conductor."},{"line_number":455,"context_line":"This setting is also available in the node ``driver_info`` and"},{"line_number":456,"context_line":"``instance_info`` fields."},{"line_number":457,"context_line":""},{"line_number":458,"context_line":"Mitigating Factors to disk images"},{"line_number":459,"context_line":"---------------------------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3cb86764_3c70c6da","line":456,"updated":"2024-09-04 17:52:35.000000000","message":"You\u0027re saying \"force image inspection\", so maybe it\u0027s worth mentioning that instance_info takes priority (i.e. users can opt out of the conductor-wide image_download_source setting)","commit_id":"ae4c6ce52bf0261eafc94546c8cf89b2a3cbdb2d"}],"doc/source/admin/troubleshooting.rst":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"3b96c8a87c4d186a064cc0ee7db664a5363c5aa7","unresolved":true,"context_lines":[{"line_number":1273,"context_line":"  Image service will necessitate uploading a new image as that property"},{"line_number":1274,"context_line":"  cannot be changed in the image service *after* creation of an image."},{"line_number":1275,"context_line":"* Enforces that the input file format to be written is ``qcow2`` or ``raw``."},{"line_number":1276,"context_line":"  This can be extended by modifying ``[conductor]permitted_image_formats`` in"},{"line_number":1277,"context_line":"  ``ironic.conf``."},{"line_number":1278,"context_line":"* Performs safety and sanity check assessment against the file, which can be"},{"line_number":1279,"context_line":"  disabled by modifying ``[conductor]disable_deep_image_inspection`` and"}],"source_content_type":"text/x-rst","patch_set":2,"id":"f4eed267_3cdd801c","line":1276,"updated":"2024-09-04 17:52:35.000000000","message":"use :oslo.config: link","commit_id":"ae4c6ce52bf0261eafc94546c8cf89b2a3cbdb2d"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"3b96c8a87c4d186a064cc0ee7db664a5363c5aa7","unresolved":true,"context_lines":[{"line_number":1276,"context_line":"  This can be extended by modifying ``[conductor]permitted_image_formats`` in"},{"line_number":1277,"context_line":"  ``ironic.conf``."},{"line_number":1278,"context_line":"* Performs safety and sanity check assessment against the file, which can be"},{"line_number":1279,"context_line":"  disabled by modifying ``[conductor]disable_deep_image_inspection`` and"},{"line_number":1280,"context_line":"  setting it to ``True``. Doing so is not considered safe and should only"},{"line_number":1281,"context_line":"  be done by operators accepting the inherent risk that the image they"},{"line_number":1282,"context_line":"  are attempting to use may have a bad or malicious structure."}],"source_content_type":"text/x-rst","patch_set":2,"id":"898c0c1a_b78ed59a","line":1279,"updated":"2024-09-04 17:52:35.000000000","message":"same","commit_id":"ae4c6ce52bf0261eafc94546c8cf89b2a3cbdb2d"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"3b96c8a87c4d186a064cc0ee7db664a5363c5aa7","unresolved":true,"context_lines":[{"line_number":1279,"context_line":"  disabled by modifying ``[conductor]disable_deep_image_inspection`` and"},{"line_number":1280,"context_line":"  setting it to ``True``. Doing so is not considered safe and should only"},{"line_number":1281,"context_line":"  be done by operators accepting the inherent risk that the image they"},{"line_number":1282,"context_line":"  are attempting to use may have a bad or malicious structure."},{"line_number":1283,"context_line":"  Image safety checks are generally performed as the deployment process begins"},{"line_number":1284,"context_line":"  and stages artifacts, however a late stage check is performed when"},{"line_number":1285,"context_line":"  needed by the ironic-python-agent."}],"source_content_type":"text/x-rst","patch_set":2,"id":"af9125c0_6ec0dc9f","line":1282,"updated":"2024-09-04 17:52:35.000000000","message":"This is not the risk, the risk is that a malformed image can make qemu-img execute arbitrary code. I think it\u0027s worth emphasizing.","commit_id":"ae4c6ce52bf0261eafc94546c8cf89b2a3cbdb2d"}],"doc/source/install/configure-glance-images.rst":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"3b96c8a87c4d186a064cc0ee7db664a5363c5aa7","unresolved":true,"context_lines":[{"line_number":13,"context_line":"and properly upload the image to Glance."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Ironic enforces the list of supported and permitted image formats utilizing"},{"line_number":16,"context_line":"the ``[conductor]permitted_image_formats`` option in ironic.conf. This setting"},{"line_number":17,"context_line":"defaults to \"raw\" and \"qcow2\"."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"A detected format mismatch between Glance and what the actual contents of"}],"source_content_type":"text/x-rst","patch_set":2,"id":"05a3f939_70d8fb9e","line":16,"updated":"2024-09-04 17:52:35.000000000","message":"nit: :oslo.config:...","commit_id":"ae4c6ce52bf0261eafc94546c8cf89b2a3cbdb2d"}],"ironic/common/images.py":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"fb07b4f842468a8805511a7e6362398e25cfa5d8","unresolved":true,"context_lines":[{"line_number":417,"context_line":"            fmt \u003d safety_check_image(path_tmp)"},{"line_number":418,"context_line":""},{"line_number":419,"context_line":"            if fmt not in CONF.conductor.permitted_image_formats:"},{"line_number":420,"context_line":"                LOG.warning(\"Security: The requested image %(image_href)s \""},{"line_number":421,"context_line":"                            \"is of format image %(format)s and is not in \""},{"line_number":422,"context_line":"                            \"the [conductor]permitted_image_formats list.\","},{"line_number":423,"context_line":"                            {\u0027image_href\u0027: image_href,"}],"source_content_type":"text/x-python","patch_set":1,"id":"44b2b8b1_41fb3993","line":420,"updated":"2024-09-04 15:16:56.000000000","message":"nit: s/warning/error/ since we\u0027re failing the request","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"acc011b8f63ba7221761ab9d1298b7fd6c39bdfc","unresolved":false,"context_lines":[{"line_number":417,"context_line":"            fmt \u003d safety_check_image(path_tmp)"},{"line_number":418,"context_line":""},{"line_number":419,"context_line":"            if fmt not in CONF.conductor.permitted_image_formats:"},{"line_number":420,"context_line":"                LOG.warning(\"Security: The requested image %(image_href)s \""},{"line_number":421,"context_line":"                            \"is of format image %(format)s and is not in \""},{"line_number":422,"context_line":"                            \"the [conductor]permitted_image_formats list.\","},{"line_number":423,"context_line":"                            {\u0027image_href\u0027: image_href,"}],"source_content_type":"text/x-python","patch_set":1,"id":"efb3fbef_1e440c3f","line":420,"in_reply_to":"44b2b8b1_41fb3993","updated":"2024-09-04 17:44:41.000000000","message":"Done","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"fb07b4f842468a8805511a7e6362398e25cfa5d8","unresolved":true,"context_lines":[{"line_number":827,"context_line":"        img_class \u003d image_format_inspector.detect_file_format(image_path)"},{"line_number":828,"context_line":"        if not img_class.safety_check():"},{"line_number":829,"context_line":"            LOG.error(\"Security: The requested image for \""},{"line_number":830,"context_line":"                      \"deployment fails safety sanity checking.\")"},{"line_number":831,"context_line":"            raise exception.InvalidImage()"},{"line_number":832,"context_line":"        image_format_name \u003d str(img_class)"},{"line_number":833,"context_line":"    except image_format_inspector.ImageFormatError:"}],"source_content_type":"text/x-python","patch_set":1,"id":"55ed35fd_bbfdba6a","line":830,"updated":"2024-09-04 15:16:56.000000000","message":"nit: include node UUID if present","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"1e239f2f24770f1784421038c24c5478bfecc6d7","unresolved":false,"context_lines":[{"line_number":827,"context_line":"        img_class \u003d image_format_inspector.detect_file_format(image_path)"},{"line_number":828,"context_line":"        if not img_class.safety_check():"},{"line_number":829,"context_line":"            LOG.error(\"Security: The requested image for \""},{"line_number":830,"context_line":"                      \"deployment fails safety sanity checking.\")"},{"line_number":831,"context_line":"            raise exception.InvalidImage()"},{"line_number":832,"context_line":"        image_format_name \u003d str(img_class)"},{"line_number":833,"context_line":"    except image_format_inspector.ImageFormatError:"}],"source_content_type":"text/x-python","patch_set":1,"id":"33ba8f95_99685155","line":830,"in_reply_to":"55ed35fd_bbfdba6a","updated":"2024-09-04 20:53:59.000000000","message":"Done","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"}],"ironic/conf/conductor.py":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"1e239f2f24770f1784421038c24c5478bfecc6d7","unresolved":true,"context_lines":[{"line_number":465,"context_line":"                       \u0027[conductor]disable_deep_image_inspection to be set \u0027"},{"line_number":466,"context_line":"                       \u0027to False.\u0027)),"},{"line_number":467,"context_line":"    cfg.ListOpt(\u0027permitted_image_formats\u0027,"},{"line_number":468,"context_line":"                default\u003d[\u0027raw\u0027, \u0027qcow2\u0027, \u0027iso\u0027],"},{"line_number":469,"context_line":"                mutable\u003dTrue,"},{"line_number":470,"context_line":"                help\u003d_(\u0027The supported list of image formats which are \u0027"},{"line_number":471,"context_line":"                       \u0027permitted for deployment with Ironic. If an image \u0027"}],"source_content_type":"text/x-python","patch_set":3,"id":"a5ce9ccc_2982b234","line":468,"range":{"start_line":468,"start_character":41,"end_line":468,"end_character":45},"updated":"2024-09-04 20:53:59.000000000","message":"As a note to the future, we had to add \"iso\" to the list because it turned out we had a CI job where it was actually exercised for a ramdisk style deployment, and because we wired all the logic in through image caching, it picked up on it and broke the job.","commit_id":"87deedb7a7fab3f9967e812cf62c143c139a14e5"}],"ironic/drivers/modules/deploy_utils.py":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"fb07b4f842468a8805511a7e6362398e25cfa5d8","unresolved":true,"context_lines":[{"line_number":1452,"context_line":"            instance_info[\u0027image_url\u0027] \u003d image_source"},{"line_number":1453,"context_line":"        except exception.ImageRefIsARedirect as e:"},{"line_number":1454,"context_line":"            if e.redirect_url:"},{"line_number":1455,"context_line":"                instance_info[\u0027image_url\u0027] \u003d e.redirect_url"},{"line_number":1456,"context_line":"            else:"},{"line_number":1457,"context_line":"                raise"},{"line_number":1458,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"aca97339_f1a5cbf3","line":1455,"updated":"2024-09-04 15:16:56.000000000","message":"Won\u0027t this code path bypass the check? (I\u0027m not sure about our assumption that requests does not just handle redirects by default - I thought it did)","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"3b96c8a87c4d186a064cc0ee7db664a5363c5aa7","unresolved":true,"context_lines":[{"line_number":1452,"context_line":"            instance_info[\u0027image_url\u0027] \u003d image_source"},{"line_number":1453,"context_line":"        except exception.ImageRefIsARedirect as e:"},{"line_number":1454,"context_line":"            if e.redirect_url:"},{"line_number":1455,"context_line":"                instance_info[\u0027image_url\u0027] \u003d e.redirect_url"},{"line_number":1456,"context_line":"            else:"},{"line_number":1457,"context_line":"                raise"},{"line_number":1458,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"2c919a7f_42ad89bb","line":1455,"in_reply_to":"296c3912_530e5ae8","updated":"2024-09-04 17:52:35.000000000","message":"nit: instance_info[\u0027image_url\u0027] is assigned twice","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"00264e9eaceb385cbba1e65f7a1a52b246421e23","unresolved":true,"context_lines":[{"line_number":1452,"context_line":"            instance_info[\u0027image_url\u0027] \u003d image_source"},{"line_number":1453,"context_line":"        except exception.ImageRefIsARedirect as e:"},{"line_number":1454,"context_line":"            if e.redirect_url:"},{"line_number":1455,"context_line":"                instance_info[\u0027image_url\u0027] \u003d e.redirect_url"},{"line_number":1456,"context_line":"            else:"},{"line_number":1457,"context_line":"                raise"},{"line_number":1458,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"296c3912_530e5ae8","line":1455,"in_reply_to":"aca97339_f1a5cbf3","updated":"2024-09-04 15:34:52.000000000","message":"So, this case is largely the \"oh, we went to check a url, and we got redirected\". \n\nI guess you are right, it would be bypassed. I guess the simplest thing to do is to re_call _validate_image_url again.","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"}],"ironic/drivers/modules/image_cache.py":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"fb07b4f842468a8805511a7e6362398e25cfa5d8","unresolved":true,"context_lines":[{"line_number":366,"context_line":"    if (force_raw"},{"line_number":367,"context_line":"            and (disable_dii"},{"line_number":368,"context_line":"                 and images.force_raw_will_convert(image_href, path_tmp))"},{"line_number":369,"context_line":"            or (not disable_dii and image_format !\u003d \u0027raw\u0027)):"},{"line_number":370,"context_line":""},{"line_number":371,"context_line":"        required_space \u003d images.converted_size(path_tmp, estimate\u003dFalse)"},{"line_number":372,"context_line":"        directory \u003d os.path.dirname(path_tmp)"}],"source_content_type":"text/x-python","patch_set":1,"id":"a4bf5a7e_ebeea700","line":369,"updated":"2024-09-04 15:16:56.000000000","message":"I don\u0027t get the logic here. So now, if disable_dii is not set, we ignore force_raw completely and always convert to raw?","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"ff33dac55dc52ce65033e8d2e700d5c9fd7fe989","unresolved":true,"context_lines":[{"line_number":366,"context_line":"    if (force_raw"},{"line_number":367,"context_line":"            and (disable_dii"},{"line_number":368,"context_line":"                 and images.force_raw_will_convert(image_href, path_tmp))"},{"line_number":369,"context_line":"            or (not disable_dii and image_format !\u003d \u0027raw\u0027)):"},{"line_number":370,"context_line":""},{"line_number":371,"context_line":"        required_space \u003d images.converted_size(path_tmp, estimate\u003dFalse)"},{"line_number":372,"context_line":"        directory \u003d os.path.dirname(path_tmp)"}],"source_content_type":"text/x-python","patch_set":1,"id":"c5309c16_b07138e1","line":369,"in_reply_to":"a4bf5a7e_ebeea700","updated":"2024-09-04 15:45:12.000000000","message":"we were previously forcing raw images to be converted to raw here, so the attempt here is to bifrucate the logic and delinate it. So if force_raw *and* we\u0027re disabled so we fall to \"will we convert it\", or not disabled and the fingerprinting format !\u003d raw. Hopefully that makes sense.\n\nIn other words, we remove the needless conversion and otherwise keep the logic/compatibility as clean and simple along the same path as possible.","commit_id":"c7301e77291e77b3c0350b64a97ba55cc89be87f"}]}