Reviewed: https://review.opendev.org/c/openstack/nova/+/853379
Committed:
https://opendev.org/openstack/nova/commit/15769b883ed4a86d62b141ea30d3f1590565d8e0
Submitter: "Zuul (22348)"
Branch:master
commit 15769b883ed4a86d62b141ea30d3f1590565d8e0
Author: melanie witt
Date: Tue Aug 16 06:49:53 2022 +
Adapt websocketproxy tests for SimpleHTTPServer fix
In response to bug 1927677 we added a workaround to
NovaProxyRequestHandler to respond with a 400 Bad Request if an open
redirect is attempted:
Ie36401c782f023d1d5f2623732619105dc2cfa24
I95f68be76330ff09e5eabb5ef8dd9a18f5547866
Recently in python 3.10.6, a fix has landed in cpython to respond with
a 301 Moved Permanently to a sanitized URL that has had extra leading
'/' characters removed.
This breaks our existing unit tests which assume a 400 Bad Request as
the only expected response.
This adds handling of a 301 Moved Permanently response and asserts that
the redirect location is the expected sanitized URL. Doing this instead
of checking for a given python version will enable the tests to continue
to work if and when the cpython fix gets backported to older python
versions.
While updating the tests, the opportunity was taken to commonize the
code of two unit tests that were nearly identical.
Related-Bug: #1927677
Closes-Bug: #1986545
Change-Id: I27441d15cc6fa2ff7715ba15aa900961aadbf54a
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1986545
Title:
websockfiy open redirection unit test broken with Python >= 3.10.6
standard lib
Status in OpenStack Compute (nova):
Fix Released
Bug description:
Lucas Nussbaum reported this Debian bug:
https://bugs.debian.org/1017217
so I started investigating it. It took me a while to understand it was
due to a change in the Python 3.10.6 standard http/server.py library.
Running these 2 unit tests against Python 3.10.5 works:
test_websocketproxy.NovaProxyRequestHandlerTestCase.test_reject_open_redirect
console.test_websocketproxy.NovaProxyRequestHandlerTestCase.test_reject_open_redirect_3_slashes
However, under Python 3.10.6, this fails. The reason isn't the
interpreter itself, but the standard library, which has additional
open redirection protection.
Looking at the changelog here:
https://docs.python.org/3/whatsnew/changelog.html
we see this issue:
https://github.com/python/cpython/issues/87389
which has been addressed by this commit:
https://github.com/python/cpython/commit/defaa2b19a9a01c79c1d5641a8aa179bb10ead3f
If I "fix" the Python 3.10.5 standard library using the 2 lines of
code of the first hunk of this patch, then I can reproduce the issue.
I guess that the unit testing should be skipped if using Python >=
3.10.6, probably, or adapted somehow. I leave this to the Nova
maintainers: for the Debian package, I'll just skip these 2 unit
tests.
Cheers,
Thomas Goirand (zigo)
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1986545/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
