Browse Source

remove token from notifier middleware

oslo-incubator sync to address the security bug
in middleware (as below).

notifier middleware is capturing token and sending it to MQ. this
is not advisable so we should filter it out.

Change-Id: Ia1bfa1bd24989681db1d2f385defc12e69a01f8d
Closes-Bug: #1321080
changes/97/101097/1
Grant Murphy 6 years ago
parent
commit
0324965a0c
3 changed files with 10 additions and 10 deletions
  1. +3
    -3
      neutron/openstack/common/middleware/catch_errors.py
  2. +5
    -5
      neutron/openstack/common/middleware/notifier.py
  3. +2
    -2
      neutron/openstack/common/middleware/sizelimit.py

+ 3
- 3
neutron/openstack/common/middleware/catch_errors.py View File

@ -22,7 +22,7 @@ to hide internal errors from API response.
import webob.dec
import webob.exc
from neutron.openstack.common.gettextutils import _ # noqa
from neutron.openstack.common.gettextutils import _LE
from neutron.openstack.common import log as logging
from neutron.openstack.common.middleware import base
@ -37,7 +37,7 @@ class CatchErrorsMiddleware(base.Middleware):
try:
response = req.get_response(self.application)
except Exception:
LOG.exception(_('An error occurred during '
'processing the request: %s'))
LOG.exception(_LE('An error occurred during '
'processing the request: %s'))
response = webob.exc.HTTPInternalServerError()
return response

+ 5
- 5
neutron/openstack/common/middleware/notifier.py View File

@ -24,7 +24,7 @@ import six
import webob.dec
from neutron.openstack.common import context
from neutron.openstack.common.gettextutils import _
from neutron.openstack.common.gettextutils import _LE
from neutron.openstack.common import log as logging
from neutron.openstack.common.middleware import base
from neutron.openstack.common.notifier import api
@ -37,8 +37,8 @@ def log_and_ignore_error(fn):
try:
return fn(*args, **kwargs)
except Exception as e:
LOG.exception(_('An exception occurred processing '
'the API call: %s ') % e)
LOG.exception(_LE('An exception occurred processing '
'the API call: %s ') % e)
return wrapped
@ -56,7 +56,7 @@ class RequestNotifier(base.Middleware):
return _factory
def __init__(self, app, **conf):
self.service_name = conf.get('service_name', None)
self.service_name = conf.get('service_name')
self.ignore_req_list = [x.upper().strip() for x in
conf.get('ignore_req_list', '').split(',')]
super(RequestNotifier, self).__init__(app)
@ -68,7 +68,7 @@ class RequestNotifier(base.Middleware):
"""
return dict((k, v) for k, v in six.iteritems(environ)
if k.isupper())
if k.isupper() and k != 'HTTP_X_AUTH_TOKEN')
@log_and_ignore_error
def process_request(self, request):


+ 2
- 2
neutron/openstack/common/middleware/sizelimit.py View File

@ -29,8 +29,8 @@ from neutron.openstack.common.middleware import base
max_req_body_size = cfg.IntOpt('max_request_body_size',
deprecated_name='osapi_max_request_body_size',
default=114688,
help='the maximum body size '
'per each request(bytes)')
help='The maximum body size '
'per request, in bytes')
CONF = cfg.CONF
CONF.register_opt(max_req_body_size)


Loading…
Cancel
Save