Public bug reported: It is Horizon's (and OpenStack's) practice to not install unit test code as part of deployment. It is also a security best practice to not install and expose test code to a end users of a deployment.
Using the AppScan test suite, it was found that: GET /dashboard/i18n/js/horizon%2Bopenstack_dashboard/test/ returns the javscript that matches this file: https://github.com/django/django/blob/3c447b108ac70757001171f7a4791f493880bf5b/js_tests/admin /jsi18n-mocks.test.js Expected behavior: this javascript intended for unit test should not be part of the installed software and should not be executable by an end user of the deployment. ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1640239 Title: Unit test code installed in deployment Status in OpenStack Dashboard (Horizon): New Bug description: It is Horizon's (and OpenStack's) practice to not install unit test code as part of deployment. It is also a security best practice to not install and expose test code to a end users of a deployment. Using the AppScan test suite, it was found that: GET /dashboard/i18n/js/horizon%2Bopenstack_dashboard/test/ returns the javscript that matches this file: https://github.com/django/django/blob/3c447b108ac70757001171f7a4791f493880bf5b/js_tests/admin /jsi18n-mocks.test.js Expected behavior: this javascript intended for unit test should not be part of the installed software and should not be executable by an end user of the deployment. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1640239/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp