)]}'
{"id":"openstack%2Fpython-mistralclient~799835","triplet_id":"openstack%2Fpython-mistralclient~master~I8f261854dc159098bbaec3fe84768a0372127a57","project":"openstack/python-mistralclient","branch":"master","topic":"bug/1931558","hashtags":[],"change_id":"I8f261854dc159098bbaec3fe84768a0372127a57","subject":"Added filtering to the content that can read for wf creation","status":"ABANDONED","created":"2021-07-07 13:54:43.000000000","updated":"2021-08-02 07:56:33.000000000","total_comment_count":5,"unresolved_comment_count":3,"has_review_started":true,"meta_rev_id":"129ad422841f3e5be7ded7b4a406044593b4208f","_number":799835,"virtual_id_number":799835,"owner":{"_account_id":15895,"name":"Adriano Petrich","email":"apetrich@redhat.com","username":"apetrich"},"actions":{},"labels":{"Verified":{"recommended":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"all":[{"tag":"autogenerated:zuul:check","value":1,"date":"2021-07-07 17:42:35.000000000","permitted_voting_range":{"min":-2,"max":2},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"_account_id":19134,"name":"Eyal","email":"eyalb1@gmail.com","username":"eyalb"},{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","value":1,"default_value":0,"optional":true},"Code-Review":{"approved":{"_account_id":19134,"name":"Eyal","email":"eyalb1@gmail.com","username":"eyalb"},"all":[{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"value":2,"date":"2021-07-10 14:10:27.000000000","permitted_voting_range":{"min":-2,"max":2},"_account_id":19134,"name":"Eyal","email":"eyalb1@gmail.com","username":"eyalb"},{"value":-1,"date":"2021-07-14 16:20:29.000000000","permitted_voting_range":{"min":-1,"max":1},"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","default_value":0,"optional":true},"Workflow":{"all":[{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":19134,"name":"Eyal","email":"eyalb1@gmail.com","username":"eyalb"},{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"CC":[{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"}],"REVIEWER":[{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},{"_account_id":19134,"name":"Eyal","email":"eyalb1@gmail.com","username":"eyalb"},{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2021-07-07 14:05:04.000000000","updated_by":{"_account_id":19134,"name":"Eyal","email":"eyalb1@gmail.com","username":"eyalb"},"reviewer":{"_account_id":19134,"name":"Eyal","email":"eyalb1@gmail.com","username":"eyalb"},"state":"REVIEWER"},{"updated":"2021-07-07 14:49:05.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"REVIEWER"},{"updated":"2021-07-14 16:20:29.000000000","updated_by":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"reviewer":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"state":"REVIEWER"},{"updated":"2021-07-15 14:23:48.000000000","updated_by":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"reviewer":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"state":"CC"}],"messages":[{"id":"af601ba95837823b8241358934186c31337eb019","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":15895,"name":"Adriano Petrich","email":"apetrich@redhat.com","username":"apetrich"},"date":"2021-07-07 13:54:43.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"89bb9f8007bf26814cade5ec52f2e64fb0655cd6","author":{"_account_id":19134,"name":"Eyal","email":"eyalb1@gmail.com","username":"eyalb"},"date":"2021-07-07 14:05:04.000000000","message":"Patch Set 1: Code-Review-1\n\n(1 comment)","accounts_in_message":[],"_revision_number":1},{"id":"04231bb2159b7febd139b06bf8e49b29d87933cb","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-07-07 14:49:05.000000000","message":"Patch Set 1: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/283bfbc599314ee68ed0bfe7e6dfba77 : SUCCESS in 4m 21s\n- openstack-tox-py36 https://zuul.opendev.org/t/openstack/build/69f6e991447748f7881ab241e95f5a28 : SUCCESS in 4m 05s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/bc026dcabfa44210ae410609cff42d52 : SUCCESS in 4m 41s\n- openstack-tox-py39 https://zuul.opendev.org/t/openstack/build/c44f05c286604d398d13804a05c16ebb : SUCCESS in 4m 31s (non-voting)\n- openstackclient-check-plugins https://zuul.opendev.org/t/openstack/build/31e327f029fe4b4db1e331377304b41f : SUCCESS in 4m 59s (non-voting)\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/cd212e8dc7af42a681feec86ec696c59 : SUCCESS in 4m 27s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/e8f76c3f6511409ebe8b1479ab67bec6 : SUCCESS in 3m 46s\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/86dae764988b43e6ae0ac2e0000f6484 : SUCCESS in 4m 19s (non-voting)\n- python-mistralclient-functional-devstack https://zuul.opendev.org/t/openstack/build/e8b20c1f5c1b4b61a844dfcca04c5f9e : SUCCESS in 48m 14s","accounts_in_message":[],"_revision_number":1},{"id":"9ca71b0db8eafc25c6d3106e3aaa73218b598143","author":{"_account_id":15895,"name":"Adriano Petrich","email":"apetrich@redhat.com","username":"apetrich"},"date":"2021-07-07 16:49:08.000000000","message":"Patch Set 1:\n\n(1 comment)","accounts_in_message":[],"_revision_number":1},{"id":"6932c5d477760c9900cd2a1490247c2b00fca8d4","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":15895,"name":"Adriano Petrich","email":"apetrich@redhat.com","username":"apetrich"},"date":"2021-07-07 16:57:03.000000000","message":"Uploaded patch set 2.","accounts_in_message":[],"_revision_number":2},{"id":"d3c7b2c6047514c22ac82aec7dc355c183e82985","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2021-07-07 17:42:35.000000000","message":"Patch Set 2: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/6622178de3194d1e8d8c451235e70de8 : SUCCESS in 4m 05s\n- openstack-tox-py36 https://zuul.opendev.org/t/openstack/build/d9ec82e208b744c58c9c7ceac50cd125 : SUCCESS in 4m 29s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/6d889b53e5714d949ceda90511752e22 : SUCCESS in 4m 19s\n- openstack-tox-py39 https://zuul.opendev.org/t/openstack/build/9a0117a4a2a84729a220ada7cc0f6a62 : SUCCESS in 4m 39s (non-voting)\n- openstackclient-check-plugins https://zuul.opendev.org/t/openstack/build/72cc5c3d94aa486596284fb630d87204 : SUCCESS in 5m 31s (non-voting)\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/54d78dd3bdcd4cff960581e5c4327539 : SUCCESS in 4m 16s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/65747f257664451b886681122d740c67 : SUCCESS in 4m 13s\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/7a4c0e09ad0b4b67b54e80d061c7525e : SUCCESS in 3m 59s (non-voting)\n- python-mistralclient-functional-devstack https://zuul.opendev.org/t/openstack/build/d39cd8bb61704d7d8a2b64ebb25bbdda : SUCCESS in 41m 26s","accounts_in_message":[],"_revision_number":2},{"id":"e2d369e85c6ee58053b1600ace1eca0593bf473f","author":{"_account_id":19134,"name":"Eyal","email":"eyalb1@gmail.com","username":"eyalb"},"date":"2021-07-10 14:10:27.000000000","message":"Patch Set 2: Code-Review+2","accounts_in_message":[],"_revision_number":2},{"id":"03a8ada9a0af586293ca89352d573b705b80e6ca","author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"date":"2021-07-14 16:20:29.000000000","message":"Patch Set 2: Code-Review-1\n\n(2 comments)\n\nI don\u0027t think this is the right approach to fix the issue. This patch disallow system files in the specified paths but it still allows to expose file contents on a web server which is located outside of the specified paths. Isn\u0027t it better to block the feature in the mistral-dashboard implementation?","accounts_in_message":[],"_revision_number":2},{"id":"9c12bf709ce77feef140c130a39c674e4522e633","author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"date":"2021-07-15 14:23:48.000000000","message":"Patch Set 2:\n\n(1 comment)","accounts_in_message":[],"_revision_number":2},{"id":"129ad422841f3e5be7ded7b4a406044593b4208f","tag":"autogenerated:gerrit:abandon","author":{"_account_id":15895,"name":"Adriano Petrich","email":"apetrich@redhat.com","username":"apetrich"},"date":"2021-08-02 07:56:33.000000000","message":"Abandoned\n\nabandon in favour of https://review.opendev.org/c/openstack/python-mistralclient/+/800950 that seems like a better solution for the issue.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"0b4bf6edb5cc9296b9d7b53a9e8ced18c9ef1295","revisions":{"081a065b4fb920c51e4d8e3da0b2ae7680602266":{"kind":"REWORK","_number":1,"created":"2021-07-07 13:54:43.000000000","uploader":{"_account_id":15895,"name":"Adriano Petrich","email":"apetrich@redhat.com","username":"apetrich"},"ref":"refs/changes/35/799835/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/python-mistralclient","ref":"refs/changes/35/799835/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/python-mistralclient refs/changes/35/799835/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/python-mistralclient refs/changes/35/799835/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/python-mistralclient refs/changes/35/799835/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/python-mistralclient refs/changes/35/799835/1"}}},"commit":{"parents":[{"commit":"18fff747b500f99a81305b4c73c781f8059b0309","subject":"Remove tripleo job from mistralclient","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-mistralclient/commit/18fff747b500f99a81305b4c73c781f8059b0309"}]}],"author":{"name":"apetrich","email":"apetrich@redhat.com","date":"2021-07-07 13:46:37.000000000","tz":120},"committer":{"name":"apetrich","email":"apetrich@redhat.com","date":"2021-07-07 13:54:32.000000000","tz":120},"subject":"Added filtering to the content that can read for wf creation","message":"Added filtering to the content that can read for wf creation\n\nWe allow for a file to with an uri or the path to a file to be\nread and that path or uri is read by mistralclient.\n\nThere is now filtering so that /etc/ /proc/ or /dev/ files that can\nbe read by the mistralclient user to be added to a workflow for\nexample\n\nThis is mostly problematic for the horizon use of mistralclient.\nFor an usual CLI use there\u0027s no priviledge escalation, but on the\ncase of horizon the priviledges used are the one running horizon.\n\nChange-Id: I8f261854dc159098bbaec3fe84768a0372127a57\ncloses-bug: 1931558\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-mistralclient/commit/081a065b4fb920c51e4d8e3da0b2ae7680602266"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-mistralclient/commit/081a065b4fb920c51e4d8e3da0b2ae7680602266"}]},"branch":"refs/heads/master"},"0b4bf6edb5cc9296b9d7b53a9e8ced18c9ef1295":{"kind":"REWORK","_number":2,"created":"2021-07-07 16:57:03.000000000","uploader":{"_account_id":15895,"name":"Adriano Petrich","email":"apetrich@redhat.com","username":"apetrich"},"ref":"refs/changes/35/799835/2","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/python-mistralclient","ref":"refs/changes/35/799835/2","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/python-mistralclient refs/changes/35/799835/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/python-mistralclient refs/changes/35/799835/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/python-mistralclient refs/changes/35/799835/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/python-mistralclient refs/changes/35/799835/2"}}},"commit":{"parents":[{"commit":"18fff747b500f99a81305b4c73c781f8059b0309","subject":"Remove tripleo job from mistralclient","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-mistralclient/commit/18fff747b500f99a81305b4c73c781f8059b0309"}]}],"author":{"name":"apetrich","email":"apetrich@redhat.com","date":"2021-07-07 13:46:37.000000000","tz":120},"committer":{"name":"apetrich","email":"apetrich@redhat.com","date":"2021-07-07 16:56:53.000000000","tz":120},"subject":"Added filtering to the content that can read for wf creation","message":"Added filtering to the content that can read for wf creation\n\nWe allow for a file to with an uri or the path to a file to be\nread and that path or uri is read by mistralclient.\n\nThere is now filtering so that /etc/ /proc/ or /dev/ files that can\nbe read by the mistralclient user to be added to a workflow for\nexample\n\nThis is mostly problematic for the horizon use of mistralclient.\nFor an usual CLI use there\u0027s no priviledge escalation, but on the\ncase of horizon the priviledges used are the one running horizon.\n\nChange-Id: I8f261854dc159098bbaec3fe84768a0372127a57\ncloses-bug: 1931558\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-mistralclient/commit/0b4bf6edb5cc9296b9d7b53a9e8ced18c9ef1295"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/python-mistralclient/commit/0b4bf6edb5cc9296b9d7b53a9e8ced18c9ef1295"}]},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}