Merge "Add django-debreach to horizon"

2018-08-30 06:29:18 +00:00 · 2018-08-30 06:29:18 +00:00 · fcfd9b0fd4
commit fcfd9b0fd4
parent 08234efc6d ccdf8c55e6
4 changed files with 11 additions and 0 deletions
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@ -19,6 +19,7 @@ Django==1.11
 django-appconf==1.0.2
 django-babel==0.6.2
 django-compressor==2.0
+django-debreach==1.4.2
 django-pyscss==2.0.2
 doc8==0.6.0
 docutils==0.11
--- a/openstack_dashboard/settings.py
+++ b/openstack_dashboard/settings.py
@ -110,6 +110,7 @@ OPENSTACK_IMAGE_BACKEND = {
 }

 MIDDLEWARE = (
+    'debreach.middleware.RandomCommentMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
@ -184,6 +185,7 @@ INSTALLED_APPS = [
    'django.contrib.staticfiles',
    'django.contrib.humanize',
    'django_pyscss',
+    'debreach',
    'openstack_dashboard.django_pyscss_fix',
    'compressor',
    'horizon',
--- a/releasenotes/notes/bp-mitigate-breach-attacks-dd54b705e22363b0.yaml
+++ b/releasenotes/notes/bp-mitigate-breach-attacks-dd54b705e22363b0.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    [:blueprint:`mitigate-breach-attacks`]
+    Adding Django-debreach module to mitigate breach attacks. Enabling
+    the RandomCommentMiddleware to counter breach attack by randomising
+    the content length of each response.
--- a/requirements.txt
+++ b/requirements.txt
@ -14,6 +14,7 @@ Django<2,>=1.11;python_version<'3.0'  # BSD
 Django<2.1,>=1.11;python_version>='3.0'  # BSD
 django-babel>=0.6.2 # BSD
 django-compressor>=2.0 # MIT
+django-debreach>=1.4.2 # BSD License (2 clause)
 django-pyscss>=2.0.2 # BSD License (2 clause)
 futurist>=1.2.0 # Apache-2.0
 iso8601>=0.1.11 # MIT