[PR #7125/77214203 backport][stable-6] Fix inappropriate comparison on the length of a Collection #7146
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![patchback[bot]](https://avatars.githubusercontent.com/in/21488?s=60&v=4){kind=small}
* Comment: Fixed inappropriate comparison on the length of a Collection. Added changlelog fragment file. * Comment: Updated the scope of the changelog fragment based on feedback. Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit 7721420)
ansibullbot
added
backport
cloud
module_utils
felixfontein
deleted the
patchback/backports/stable-6/7721420388aa1d9cf7751fa250754d3419f3a2b1/pr-7125
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a backport of PR #7125 as merged into main (7721420).
In file: oci_utils.py, there are several places in the code where the comparison of Collection length creates a logical short circuit. The way the Collection length is checked (e.g.,
len(t) >= 0) always returns true. I suggested that the Collection length comparison should be done without creating a logical short circuit. This should be reviewed to verify that the spirit of the original code has been kept by the change.Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF)(https://openssf.org/): Project Alpha-Omega(https://alpha-omega.dev/). Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.