Code review comment for lp:~jason-hobbs/maas/ucs-xml-api

1 === added file 'etc/maas/templates/power/ucsm.template'
2 --- etc/maas/templates/power/ucsm.template 1970-01-01 00:00:00 +0000
3 +++ etc/maas/templates/power/ucsm.template 2014-04-29 13:55:35 +0000
4 @@ -0,0 +1,8 @@
5 +# -*- mode: shell-script -*-
6 +#
7 +# Control a system via Cisco UCS Manager XML API.
8 +
9 +python - << END
10 +from provisioningserver.custom_hardware.ucsm import power_control_ucsm
11 +power_control_ucsm('{{power_address}}', '{{power_user}}', '{{power_pass}}', '{{uuid}}', '{{power_change}}')
12 +END

This is "hope quoting" (as Gavin calls it) and ripe for abuse with unchecked inputs. See the conversation in https://code.launchpad.net/~blake-rouse/maas/virsh-probe-and-enlist/+merge/216632