Add django-debreach to horizon
BREACH is a category of vulnerabilities and not a specific instance affecting a specific piece of software. To be vulnerable, a web application must: * Be served from a server that uses HTTP-level compression * Reflect user-input in HTTP response bodies * Reflect a secret (such as a CSRF token) in HTTP response bodies More details on breach attack - http://breachattack.com/ Since horizon falls under this category, we can include django-debreach module within horizon as a requirement which provides mitigation against the breach attacks. https://github.com/lpomfrey/django-debreach CSRF token masking is a built-in feature within Django 1.10+, therefore only content-length modification feature provided by django-debreach can be enabled. Depends-On: I32f11e089fc794444ef267b463c7fb2ad8cfa96a Change-Id: I2b4999ca7b0e1762c5273c4fe96f5ee768f44339 Blueprint: mitigate-breach-attacks
This commit is contained in:
Nishant Kumar
parent
33f579b1b4
commit
ccdf8c55e6
@ -19,6 +19,7 @@ Django==1.11
|
|||||||
django-appconf==1.0.2
|
django-appconf==1.0.2
|
||||||
django-babel==0.6.2
|
django-babel==0.6.2
|
||||||
django-compressor==2.0
|
django-compressor==2.0
|
||||||
|
django-debreach==1.4.2
|
||||||
django-pyscss==2.0.2
|
django-pyscss==2.0.2
|
||||||
doc8==0.6.0
|
doc8==0.6.0
|
||||||
docutils==0.11
|
docutils==0.11
|
||||||
|
|||||||
@ -110,6 +110,7 @@ OPENSTACK_IMAGE_BACKEND = {
|
|||||||
}
|
}
|
||||||
|
|
||||||
MIDDLEWARE = (
|
MIDDLEWARE = (
|
||||||
|
'debreach.middleware.RandomCommentMiddleware',
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
@ -184,6 +185,7 @@ INSTALLED_APPS = [
|
|||||||
'django.contrib.staticfiles',
|
'django.contrib.staticfiles',
|
||||||
'django.contrib.humanize',
|
'django.contrib.humanize',
|
||||||
'django_pyscss',
|
'django_pyscss',
|
||||||
|
'debreach',
|
||||||
'openstack_dashboard.django_pyscss_fix',
|
'openstack_dashboard.django_pyscss_fix',
|
||||||
'compressor',
|
'compressor',
|
||||||
'horizon',
|
'horizon',
|
||||||
|
|||||||
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
[:blueprint:`mitigate-breach-attacks`]
|
||||||
|
Adding Django-debreach module to mitigate breach attacks. Enabling
|
||||||
|
the RandomCommentMiddleware to counter breach attack by randomising
|
||||||
|
the content length of each response.
|
||||||
@ -14,6 +14,7 @@ Django<2,>=1.11;python_version<'3.0' # BSD
|
|||||||
Django<2.1,>=1.11;python_version>='3.0' # BSD
|
Django<2.1,>=1.11;python_version>='3.0' # BSD
|
||||||
django-babel>=0.6.2 # BSD
|
django-babel>=0.6.2 # BSD
|
||||||
django-compressor>=2.0 # MIT
|
django-compressor>=2.0 # MIT
|
||||||
|
django-debreach>=1.4.2 # BSD License (2 clause)
|
||||||
django-pyscss>=2.0.2 # BSD License (2 clause)
|
django-pyscss>=2.0.2 # BSD License (2 clause)
|
||||||
futurist>=1.2.0 # Apache-2.0
|
futurist>=1.2.0 # Apache-2.0
|
||||||
iso8601>=0.1.11 # MIT
|
iso8601>=0.1.11 # MIT
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user