Sean Mooney 8906552cfc address open redirect with 3 forward slashes
Ie36401c782f023d1d5f2623732619105dc2cfa24 was intended
to address OSSA-2021-002 (CVE-2021-3654) however after its
release it was discovered that the fix only worked
for urls with 2 leading slashes or more then 4.

This change adresses the missing edgecase for 3 leading slashes
and also maintian support for rejecting 2+.

Conflicts:
  nova/console/websocketproxy.py
  nova/tests/unit/console/test_websocketproxy.py

NOTE(melwitt): The conflict and difference in websocketproxy.py from
the cherry picked change: HTTPStatus.BAD_REQUEST => 400 is due to the
fact that HTTPStatus does not exist in Python 2.7. The conflict in
test_websocketproxy.py is because change
I23ac1cc79482d0fabb359486a4b934463854cae5 (Allow TLS ciphers/protocols
to be configurable for console proxies) is not in Train. The difference
in test_websocketproxy.py from the cherry picked change is due to a
difference in internal implementation [1] in Python < 3.6. See change
I546d376869a992601b443fb95acf1034da2a8f36 for reference.

[1] 34eeed4290

Change-Id: I95f68be76330ff09e5eabb5ef8dd9a18f5547866
co-authored-by: Matteo Pozza
Closes-Bug: #1927677
(cherry picked from commit 6fbd0b758dcac71323f3be179b1a9d1c17a4acc5)
(cherry picked from commit 47dad4836a26292e9d34e516e1525ecf00be127c)
(cherry picked from commit 9588cdbfd4649ea53d60303f2d10c5d62a070a07)
(cherry picked from commit 0997043f459ac616b594363b5b253bd0ae6ed9eb)
2021-10-08 09:38:47 +00:00
2019-04-28 20:06:15 +00:00
2019-09-27 09:06:47 +00:00
2014-05-07 12:14:26 -07:00
2017-11-24 16:51:12 -05:00
2012-02-08 19:30:39 -08:00
2019-10-29 07:02:24 +00:00
2018-01-12 17:05:11 +08:00
2010-05-27 23:05:26 -07:00
2017-09-07 15:42:31 +02:00
2019-07-22 19:17:28 +02:00
2017-03-02 11:50:48 +00:00

Team and repository tags

image

OpenStack Nova

OpenStack Nova provides a cloud computing fabric controller, supporting a wide variety of compute technologies, including: libvirt (KVM, Xen, LXC and more), Hyper-V, VMware, XenServer, OpenStack Ironic and PowerVM.

Use the following resources to learn more.

API

To learn how to use Nova's API, consult the documentation available online at:

For more information on OpenStack APIs, SDKs and CLIs in general, refer to:

Operators

To learn how to deploy and configure OpenStack Nova, consult the documentation available online at:

In the unfortunate event that bugs are discovered, they should be reported to the appropriate bug tracker. If you obtained the software from a 3rd party operating system vendor, it is often wise to use their own bug tracker for reporting problems. In all other cases use the master OpenStack bug tracker, available at:

Developers

For information on how to contribute to Nova, please see the contents of the CONTRIBUTING.rst.

Any new code must follow the development guidelines detailed in the HACKING.rst file, and pass all unit tests.

Further developer focused documentation is available at:

Other Information

During each Summit and Project Team Gathering, we agree on what the whole community wants to focus on for the upcoming release. The plans for nova can be found at:

Description
OpenStack Compute (Nova)
Readme 1.6 GiB
Languages
Python 97.7%
Smarty 2.2%
Shell 0.1%