Hide Swift network info in Horizon error message
In case of error Swift API return some details about unsuccessful request, i.e. internal IP, full object pass, etc. This response is not processed by Horizon and presented to user as-is, which is potentially insecure. Proposed patch adds error processing striping network location from error message Change-Id: Ieef9669a1be3ed7bbc685a457eb1fe86b34c3c7e Closes-bug: #1794767
This commit is contained in:
parent
6c2225bab8
commit
4d6a1b327a
@ -18,6 +18,8 @@
|
|||||||
|
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
|
import functools
|
||||||
|
|
||||||
import six.moves.urllib.parse as urlparse
|
import six.moves.urllib.parse as urlparse
|
||||||
import swiftclient
|
import swiftclient
|
||||||
|
|
||||||
@ -36,6 +38,18 @@ GLOBAL_READ_ACL = ".r:*"
|
|||||||
LIST_CONTENTS_ACL = ".rlistings"
|
LIST_CONTENTS_ACL = ".rlistings"
|
||||||
|
|
||||||
|
|
||||||
|
def safe_swift_exception(function):
|
||||||
|
@functools.wraps(function)
|
||||||
|
def wrapper(*args, **kwargs):
|
||||||
|
try:
|
||||||
|
return function(*args, **kwargs)
|
||||||
|
except swiftclient.client.ClientException as e:
|
||||||
|
e.http_scheme = e.http_host = e.http_port = ''
|
||||||
|
raise e
|
||||||
|
|
||||||
|
return wrapper
|
||||||
|
|
||||||
|
|
||||||
class Container(base.APIDictWrapper):
|
class Container(base.APIDictWrapper):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@ -136,6 +150,7 @@ def swift_object_exists(request, container_name, object_name):
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_get_containers(request, marker=None, prefix=None):
|
def swift_get_containers(request, marker=None, prefix=None):
|
||||||
limit = getattr(settings, 'API_RESULT_LIMIT', 1000)
|
limit = getattr(settings, 'API_RESULT_LIMIT', 1000)
|
||||||
headers, containers = swift_api(request).get_account(limit=limit + 1,
|
headers, containers = swift_api(request).get_account(limit=limit + 1,
|
||||||
@ -150,6 +165,7 @@ def swift_get_containers(request, marker=None, prefix=None):
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_get_container(request, container_name, with_data=True):
|
def swift_get_container(request, container_name, with_data=True):
|
||||||
if with_data:
|
if with_data:
|
||||||
headers, data = swift_api(request).get_object(container_name, "")
|
headers, data = swift_api(request).get_object(container_name, "")
|
||||||
@ -184,6 +200,7 @@ def swift_get_container(request, container_name, with_data=True):
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_create_container(request, name, metadata=({})):
|
def swift_create_container(request, name, metadata=({})):
|
||||||
if swift_container_exists(request, name):
|
if swift_container_exists(request, name):
|
||||||
raise exceptions.AlreadyExists(name, 'container')
|
raise exceptions.AlreadyExists(name, 'container')
|
||||||
@ -193,6 +210,7 @@ def swift_create_container(request, name, metadata=({})):
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_update_container(request, name, metadata=({})):
|
def swift_update_container(request, name, metadata=({})):
|
||||||
headers = _metadata_to_header(metadata)
|
headers = _metadata_to_header(metadata)
|
||||||
swift_api(request).post_container(name, headers=headers)
|
swift_api(request).post_container(name, headers=headers)
|
||||||
@ -200,6 +218,7 @@ def swift_update_container(request, name, metadata=({})):
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_delete_container(request, name):
|
def swift_delete_container(request, name):
|
||||||
# It cannot be deleted if it's not empty. The batch remove of objects
|
# It cannot be deleted if it's not empty. The batch remove of objects
|
||||||
# be done in swiftclient instead of Horizon.
|
# be done in swiftclient instead of Horizon.
|
||||||
@ -214,6 +233,7 @@ def swift_delete_container(request, name):
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_get_objects(request, container_name, prefix=None, marker=None,
|
def swift_get_objects(request, container_name, prefix=None, marker=None,
|
||||||
limit=None):
|
limit=None):
|
||||||
limit = limit or getattr(settings, 'API_RESULT_LIMIT', 1000)
|
limit = limit or getattr(settings, 'API_RESULT_LIMIT', 1000)
|
||||||
@ -233,6 +253,7 @@ def swift_get_objects(request, container_name, prefix=None, marker=None,
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_filter_objects(request, filter_string, container_name, prefix=None,
|
def swift_filter_objects(request, filter_string, container_name, prefix=None,
|
||||||
marker=None):
|
marker=None):
|
||||||
# FIXME(kewu): Swift currently has no real filtering API, thus the marker
|
# FIXME(kewu): Swift currently has no real filtering API, thus the marker
|
||||||
@ -269,6 +290,7 @@ def wildcard_search(string, q):
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_copy_object(request, orig_container_name, orig_object_name,
|
def swift_copy_object(request, orig_container_name, orig_object_name,
|
||||||
new_container_name, new_object_name):
|
new_container_name, new_object_name):
|
||||||
if swift_object_exists(request, new_container_name, new_object_name):
|
if swift_object_exists(request, new_container_name, new_object_name):
|
||||||
@ -286,6 +308,7 @@ def swift_copy_object(request, orig_container_name, orig_object_name,
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_upload_object(request, container_name, object_name,
|
def swift_upload_object(request, container_name, object_name,
|
||||||
object_file=None):
|
object_file=None):
|
||||||
headers = {}
|
headers = {}
|
||||||
@ -305,6 +328,7 @@ def swift_upload_object(request, container_name, object_name,
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_create_pseudo_folder(request, container_name, pseudo_folder_name):
|
def swift_create_pseudo_folder(request, container_name, pseudo_folder_name):
|
||||||
# Make sure the folder name doesn't already exist.
|
# Make sure the folder name doesn't already exist.
|
||||||
if swift_object_exists(request, container_name, pseudo_folder_name):
|
if swift_object_exists(request, container_name, pseudo_folder_name):
|
||||||
@ -324,12 +348,14 @@ def swift_create_pseudo_folder(request, container_name, pseudo_folder_name):
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_delete_object(request, container_name, object_name):
|
def swift_delete_object(request, container_name, object_name):
|
||||||
swift_api(request).delete_object(container_name, object_name)
|
swift_api(request).delete_object(container_name, object_name)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_delete_folder(request, container_name, object_name):
|
def swift_delete_folder(request, container_name, object_name):
|
||||||
objects, more = swift_get_objects(request, container_name,
|
objects, more = swift_get_objects(request, container_name,
|
||||||
prefix=object_name)
|
prefix=object_name)
|
||||||
@ -350,6 +376,7 @@ def swift_delete_folder(request, container_name, object_name):
|
|||||||
|
|
||||||
|
|
||||||
@profiler.trace
|
@profiler.trace
|
||||||
|
@safe_swift_exception
|
||||||
def swift_get_object(request, container_name, object_name, with_data=True,
|
def swift_get_object(request, container_name, object_name, with_data=True,
|
||||||
resp_chunk_size=CHUNK_SIZE):
|
resp_chunk_size=CHUNK_SIZE):
|
||||||
if with_data:
|
if with_data:
|
||||||
|
Loading…
Reference in New Issue
Block a user