Skip malformed cookies
Skip malformed cookies when parsing Cookie header in websocketproxy.py. Change-Id: I4091bd641ca3911666da328488c337835405400f Closes-Bug: #1496932
This commit is contained in:
parent
c7bf2baa26
commit
6b3b7296b9
|
@ -31,6 +31,7 @@ from nova.consoleauth import rpcapi as consoleauth_rpcapi
|
||||||
from nova import context
|
from nova import context
|
||||||
from nova import exception
|
from nova import exception
|
||||||
from nova.i18n import _
|
from nova.i18n import _
|
||||||
|
from nova.i18n import _LW
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -88,7 +89,15 @@ class NovaProxyRequestHandlerBase(object):
|
||||||
hcookie = self.headers.getheader('cookie')
|
hcookie = self.headers.getheader('cookie')
|
||||||
if hcookie:
|
if hcookie:
|
||||||
cookie = Cookie.SimpleCookie()
|
cookie = Cookie.SimpleCookie()
|
||||||
cookie.load(hcookie)
|
for hcookie_part in hcookie.split(';'):
|
||||||
|
hcookie_part = hcookie_part.lstrip()
|
||||||
|
try:
|
||||||
|
cookie.load(hcookie_part)
|
||||||
|
except Cookie.CookieError:
|
||||||
|
# NOTE(stgleb): Do not print out cookie content
|
||||||
|
# for security reasons.
|
||||||
|
LOG.warning(_LW('Found malformed cookie'))
|
||||||
|
else:
|
||||||
if 'token' in cookie:
|
if 'token' in cookie:
|
||||||
token = cookie['token'].value
|
token = cookie['token'].value
|
||||||
|
|
||||||
|
|
|
@ -115,6 +115,16 @@ class NovaProxyRequestHandlerBaseTestCase(test.NoDBTestCase):
|
||||||
else:
|
else:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
def _fake_getheader_malformed_cookie(self, header):
|
||||||
|
if header == 'cookie':
|
||||||
|
return '?=!; token="123-456-789"'
|
||||||
|
elif header == 'Origin':
|
||||||
|
return 'https://example.net:6080'
|
||||||
|
elif header == 'Host':
|
||||||
|
return 'example.net:6080'
|
||||||
|
else:
|
||||||
|
return
|
||||||
|
|
||||||
@mock.patch('nova.consoleauth.rpcapi.ConsoleAuthAPI.check_token')
|
@mock.patch('nova.consoleauth.rpcapi.ConsoleAuthAPI.check_token')
|
||||||
def test_new_websocket_client(self, check_token):
|
def test_new_websocket_client(self, check_token):
|
||||||
check_token.return_value = {
|
check_token.return_value = {
|
||||||
|
@ -370,3 +380,21 @@ class NovaProxyRequestHandlerBaseTestCase(test.NoDBTestCase):
|
||||||
|
|
||||||
self.assertRaises(exception.ValidationError,
|
self.assertRaises(exception.ValidationError,
|
||||||
self.wh.new_websocket_client)
|
self.wh.new_websocket_client)
|
||||||
|
|
||||||
|
@mock.patch('nova.consoleauth.rpcapi.ConsoleAuthAPI.check_token')
|
||||||
|
def test_malformed_cookie(self, check_token):
|
||||||
|
check_token.return_value = {
|
||||||
|
'host': 'node1',
|
||||||
|
'port': '10000',
|
||||||
|
'console_type': 'novnc',
|
||||||
|
'access_url': 'https://example.net:6080'
|
||||||
|
}
|
||||||
|
self.wh.socket.return_value = '<socket>'
|
||||||
|
self.wh.path = "http://127.0.0.1/"
|
||||||
|
self.wh.headers.getheader = self._fake_getheader_malformed_cookie
|
||||||
|
|
||||||
|
self.wh.new_websocket_client()
|
||||||
|
|
||||||
|
check_token.assert_called_with(mock.ANY, token="123-456-789")
|
||||||
|
self.wh.socket.assert_called_with('node1', 10000, connect=True)
|
||||||
|
self.wh.do_proxy.assert_called_with('<socket>')
|
||||||
|
|
Loading…
Reference in New Issue