Reviewed: https://review.opendev.org/c/openstack/nova/+/853379 Committed: https://opendev.org/openstack/nova/commit/15769b883ed4a86d62b141ea30d3f1590565d8e0 Submitter: "Zuul (22348)" Branch: master
commit 15769b883ed4a86d62b141ea30d3f1590565d8e0 Author: melanie witt <[email protected]> Date: Tue Aug 16 06:49:53 2022 +0000 Adapt websocketproxy tests for SimpleHTTPServer fix In response to bug 1927677 we added a workaround to NovaProxyRequestHandler to respond with a 400 Bad Request if an open redirect is attempted: Ie36401c782f023d1d5f2623732619105dc2cfa24 I95f68be76330ff09e5eabb5ef8dd9a18f5547866 Recently in python 3.10.6, a fix has landed in cpython to respond with a 301 Moved Permanently to a sanitized URL that has had extra leading '/' characters removed. This breaks our existing unit tests which assume a 400 Bad Request as the only expected response. This adds handling of a 301 Moved Permanently response and asserts that the redirect location is the expected sanitized URL. Doing this instead of checking for a given python version will enable the tests to continue to work if and when the cpython fix gets backported to older python versions. While updating the tests, the opportunity was taken to commonize the code of two unit tests that were nearly identical. Related-Bug: #1927677 Closes-Bug: #1986545 Change-Id: I27441d15cc6fa2ff7715ba15aa900961aadbf54a ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1986545 Title: websockfiy open redirection unit test broken with Python >= 3.10.6 standard lib Status in OpenStack Compute (nova): Fix Released Bug description: Lucas Nussbaum reported this Debian bug: https://bugs.debian.org/1017217 so I started investigating it. It took me a while to understand it was due to a change in the Python 3.10.6 standard http/server.py library. Running these 2 unit tests against Python 3.10.5 works: test_websocketproxy.NovaProxyRequestHandlerTestCase.test_reject_open_redirect console.test_websocketproxy.NovaProxyRequestHandlerTestCase.test_reject_open_redirect_3_slashes However, under Python 3.10.6, this fails. The reason isn't the interpreter itself, but the standard library, which has additional open redirection protection. Looking at the changelog here: https://docs.python.org/3/whatsnew/changelog.html we see this issue: https://github.com/python/cpython/issues/87389 which has been addressed by this commit: https://github.com/python/cpython/commit/defaa2b19a9a01c79c1d5641a8aa179bb10ead3f If I "fix" the Python 3.10.5 standard library using the 2 lines of code of the first hunk of this patch, then I can reproduce the issue. I guess that the unit testing should be skipped if using Python >= 3.10.6, probably, or adapted somehow. I leave this to the Nova maintainers: for the Debian package, I'll just skip these 2 unit tests. Cheers, Thomas Goirand (zigo) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1986545/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
