melanie witt 6b70350bdc Reject open redirection in the console proxy ... Our console proxies (novnc, serial, spice) run in a websockify server whose request handler inherits from the python standard SimpleHTTPRequestHandler. There is a known issue [1] in the SimpleHTTPRequestHandler which allows open redirects by way of URLs in the following format: http://vncproxy.my.domain.com//example.com/%2F.. which if visited, will redirect a user to example.com. We can intercept a request and reject requests that pass a redirection URL beginning with "//" by implementing the SimpleHTTPRequestHandler.send_head() method containing the vulnerability to reject such requests with a 400 Bad Request. This code is copied from a patch suggested in one of the issue comments [2]. Closes-Bug: #1927677 [1] https://bugs.python.org/issue32084 [2] https://bugs.python.org/issue32084#msg306545 Conflicts: nova/console/websocketproxy.py nova/tests/unit/console/test_websocketproxy.py NOTE(melwitt): The conflicts are because the following changes are not in Victoria: Ib2c406327fef2fb4868d8050fc476a7d17706e23 (Remove six.moves) I58b0382c86d4ef798572edb63d311e0e3e6937bb (Refactor and rename test_tcp_rst_no_compute_rpcapi) Change-Id: Ie36401c782f023d1d5f2623732619105dc2cfa24 (cherry picked from commit 781612b332) (cherry picked from commit 4709256142)		2021-05-17 17:00:44 +00:00
..
rfb	Remove six.add_metaclass	2020-08-15 07:45:39 +00:00
securityproxy	Remove six.add_metaclass	2020-08-15 07:45:39 +00:00
__init__.py	Remove 'nova-xvpvncproxy'	2019-12-23 14:20:28 +00:00
serial.py	Remove translation of log messages	2017-07-18 09:03:39 +00:00
type.py	Add MKS console support	2015-07-25 15:01:44 +03:00
websocketproxy.py	Reject open redirection in the console proxy	2021-05-17 17:00:44 +00:00