Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch')
-rw-r--r--dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch90
1 files changed, 0 insertions, 90 deletions
diff --git a/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch b/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch
deleted file mode 100644
index b38cd597c3d4..000000000000
--- a/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 095e90929d114e4b6cece67cb405741c14747356 Mon Sep 17 00:00:00 2001
-From: Jamie Lennox <jamielennox@gmail.com>
-Date: Wed, 28 Sep 2016 15:03:53 +1000
-Subject: [PATCH] Filter token data out of catch_errors middleware
-
-If an exception is caught by the catch_errors middleware the entire
-request is dumped into the log including sensitive information like
-tokens. Filter that information before outputting the failed request.
-
-Closes-Bug: #1628031
-Change-Id: I2563403993513c37751576223275350cac2e0937
----
- oslo_middleware/catch_errors.py | 6 +++++-
- oslo_middleware/tests/test_catch_errors.py | 25 +++++++++++++++++++++++++
- 2 files changed, 30 insertions(+), 1 deletion(-)
-
-diff --git a/oslo_middleware/catch_errors.py b/oslo_middleware/catch_errors.py
-index 43d085f..0934fc5 100644
---- a/oslo_middleware/catch_errors.py
-+++ b/oslo_middleware/catch_errors.py
-@@ -14,6 +14,7 @@
- # under the License.
-
- import logging
-+import re
-
- import webob.dec
- import webob.exc
-@@ -24,6 +25,8 @@ from oslo_middleware import base
-
- LOG = logging.getLogger(__name__)
-
-+_TOKEN_RE = re.compile('^(X-\w+-Token):.*$', flags=re.MULTILINE)
-+
-
- class CatchErrors(base.ConfigurableMiddleware):
- """Middleware that provides high-level error handling.
-@@ -37,7 +40,8 @@ class CatchErrors(base.ConfigurableMiddleware):
- try:
- response = req.get_response(self.application)
- except Exception:
-+ req_str = _TOKEN_RE.sub(r'\1: <removed>', req.as_text())
- LOG.exception(_LE('An error occurred during '
-- 'processing the request: %s'), req)
-+ 'processing the request: %s'), req_str)
- response = webob.exc.HTTPInternalServerError()
- return response
-diff --git a/oslo_middleware/tests/test_catch_errors.py b/oslo_middleware/tests/test_catch_errors.py
-index 920bbe2..0b675e2 100644
---- a/oslo_middleware/tests/test_catch_errors.py
-+++ b/oslo_middleware/tests/test_catch_errors.py
-@@ -13,6 +13,7 @@
- # License for the specific language governing permissions and limitations
- # under the License.
-
-+import fixtures
- import mock
- from oslotest import base as test_base
- import webob.dec
-@@ -45,3 +46,27 @@ class CatchErrorsTest(test_base.BaseTestCase):
- self._test_has_request_id(application,
- webob.exc.HTTPInternalServerError.code)
- self.assertEqual(1, log_exc.call_count)
-+
-+ def test_filter_tokens_from_log(self):
-+ logger = self.useFixture(fixtures.FakeLogger(nuke_handlers=False))
-+
-+ @webob.dec.wsgify
-+ def application(req):
-+ raise Exception()
-+
-+ app = catch_errors.CatchErrors(application)
-+ req = webob.Request.blank('/test',
-+ text=u'test data',
-+ method='POST',
-+ headers={'X-Auth-Token': 'secret1',
-+ 'X-Service-Token': 'secret2',
-+ 'X-Other-Token': 'secret3'})
-+ res = req.get_response(app)
-+ self.assertEqual(500, res.status_int)
-+
-+ output = logger.output
-+
-+ self.assertIn('X-Auth-Token: <removed>', output)
-+ self.assertIn('X-Service-Token: <removed>', output)
-+ self.assertIn('X-Other-Token: <removed>', output)
-+ self.assertIn('test data', output)
---
-2.7.4
-