melanie witt 781612b332 Reject open redirection in the console proxy ... Our console proxies (novnc, serial, spice) run in a websockify server whose request handler inherits from the python standard SimpleHTTPRequestHandler. There is a known issue [1] in the SimpleHTTPRequestHandler which allows open redirects by way of URLs in the following format: http://vncproxy.my.domain.com//example.com/%2F.. which if visited, will redirect a user to example.com. We can intercept a request and reject requests that pass a redirection URL beginning with "//" by implementing the SimpleHTTPRequestHandler.send_head() method containing the vulnerability to reject such requests with a 400 Bad Request. This code is copied from a patch suggested in one of the issue comments [2]. Closes-Bug: #1927677 [1] https://bugs.python.org/issue32084 [2] https://bugs.python.org/issue32084#msg306545 Change-Id: Ie36401c782f023d1d5f2623732619105dc2cfa24		2021-05-14 17:26:00 +02:00
..
rfb	Fix accumulated nits	2018-01-16 14:54:04 +00:00
securityproxy	Remove six.text_type (2/2)	2020-12-13 11:26:35 +00:00
__init__.py	move all tests to nova/tests/unit	2014-11-12 15:31:08 -05:00
test_serial.py	Remove six.moves	2020-11-07 03:25:02 +00:00
test_type.py	Make unit tests inherit from test.NoDBTestCase	2015-03-06 09:46:31 +02:00
test_websocketproxy.py	Reject open redirection in the console proxy	2021-05-14 17:26:00 +02:00