openstack
/
swift
Code Issues Proposed changes

Quote paths before sending them to swob.Request.blank 

Following the fix for https://bugs.python.org/issue43882, our py39 unit
tests started failing. This was because swob.Request.blank calls
stdlib's urlparse, which now strips out newlines. Since Request.blank
*also* always unquotes, just make sure we always quote the newlines we
want to use while testing.

Change-Id: Ia5857c70e51d8af3e42ecaced95525be578db127
(cherry picked from commit 2b5853f419)
This commit is contained in:
Tim Burke 2021-05-27 12:22:53 -07:00
parent f53500522a
commit f1c110be5e
2 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test/unit/common/middleware/test_tempurl.py
View File

@ -35,6 +35,7 @@ import mock
import unittest import unittest
import hashlib import hashlib
import six import six
from six.moves.urllib.parse import quote
from time import time, strftime, gmtime from time import time, strftime, gmtime
from swift.common.middleware import tempauth, tempurl from swift.common.middleware import tempauth, tempurl
@ -350,7 +351,7 @@ class TestTempURL(unittest.TestCase):
key = b'abc' key = b'abc'
hmac_body = ('%s\n%i\n%s' % (method, expires, path)).encode('utf-8') hmac_body = ('%s\n%i\n%s' % (method, expires, path)).encode('utf-8')
sig = hmac.new(key, hmac_body, hashlib.sha1).hexdigest() sig = hmac.new(key, hmac_body, hashlib.sha1).hexdigest()
req = self._make_request(path, keys=[key], environ={ req = self._make_request(quote(path), keys=[key], environ={
'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % ( 'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (
sig, expires)}) sig, expires)})
self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')])) self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')]))

12
test/unit/common/test_swob.py
View File

@ -789,14 +789,8 @@ class TestRequest(unittest.TestCase):
hacker = 'account-name\n\n<b>foo<br>' # url injection test hacker = 'account-name\n\n<b>foo<br>' # url injection test
quoted_hacker = quote(hacker) quoted_hacker = quote(hacker)
req = swob.Request.blank('/v1/' + hacker)
resp = req.get_response(test_app)
self.assertEqual(resp.status_int, 401)
self.assertTrue('Www-Authenticate' in resp.headers)
self.assertEqual('Swift realm="%s"' % quoted_hacker,
resp.headers['Www-Authenticate'])
req = swob.Request.blank('/v1/' + quoted_hacker) req = swob.Request.blank('/v1/' + quoted_hacker)
self.assertIn(hacker, req.environ['PATH_INFO']) # sanity check
resp = req.get_response(test_app) resp = req.get_response(test_app)
self.assertEqual(resp.status_int, 401) self.assertEqual(resp.status_int, 401)
self.assertTrue('Www-Authenticate' in resp.headers) self.assertTrue('Www-Authenticate' in resp.headers)
@ -974,11 +968,11 @@ class TestRequest(unittest.TestCase):
self.assertEqual(_test_split_path('/a/c/', 2), ['a', 'c']) self.assertEqual(_test_split_path('/a/c/', 2), ['a', 'c'])
self.assertEqual(_test_split_path('/a/c/', 2, 3), ['a', 'c', '']) self.assertEqual(_test_split_path('/a/c/', 2, 3), ['a', 'c', ''])
try: try:
_test_split_path('o\nn e', 2) _test_split_path('o%0an e', 2)
except ValueError as err: except ValueError as err:
self.assertEqual(str(err), 'Invalid path: o%0An%20e') self.assertEqual(str(err), 'Invalid path: o%0An%20e')
try: try:
_test_split_path('o\nn e', 2, 3, True) _test_split_path('o%0an e', 2, 3, True)
except ValueError as err: except ValueError as err:
self.assertEqual(str(err), 'Invalid path: o%0An%20e') self.assertEqual(str(err), 'Invalid path: o%0An%20e')