summaryrefslogtreecommitdiff
path: root/dev-python/python-keystoneclient/files/keystoneclient-1.0.0-cve-2015-1852.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/python-keystoneclient/files/keystoneclient-1.0.0-cve-2015-1852.patch')
-rw-r--r--dev-python/python-keystoneclient/files/keystoneclient-1.0.0-cve-2015-1852.patch63
1 files changed, 63 insertions, 0 deletions
diff --git a/dev-python/python-keystoneclient/files/keystoneclient-1.0.0-cve-2015-1852.patch b/dev-python/python-keystoneclient/files/keystoneclient-1.0.0-cve-2015-1852.patch
new file mode 100644
index 00000000000..4b278dfec03
--- /dev/null
+++ b/dev-python/python-keystoneclient/files/keystoneclient-1.0.0-cve-2015-1852.patch
@@ -0,0 +1,63 @@
+diff --git a/keystoneclient/middleware/s3_token.py b/keystoneclient/middleware/s3_token.py
+index b27b9ce..4ced7a7 100644
+--- a/keystoneclient/middleware/s3_token.py
++++ b/keystoneclient/middleware/s3_token.py
+@@ -34,6 +34,7 @@ This WSGI component:
+ import logging
+
+ from oslo.serialization import jsonutils
++from oslo_utils import strutils
+ import requests
+ import six
+ from six.moves import urllib
+@@ -116,7 +117,7 @@ class S3Token(object):
+ self.request_uri = '%s://%s:%s' % (auth_protocol, auth_host, auth_port)
+
+ # SSL
+- insecure = conf.get('insecure', False)
++ insecure = strutils.bool_from_string(conf.get('insecure', False))
+ cert_file = conf.get('certfile')
+ key_file = conf.get('keyfile')
+
+diff --git a/keystoneclient/tests/test_s3_token_middleware.py b/keystoneclient/tests/test_s3_token_middleware.py
+index ab77b79..91c3e81 100644
+--- a/keystoneclient/tests/test_s3_token_middleware.py
++++ b/keystoneclient/tests/test_s3_token_middleware.py
+@@ -124,7 +124,7 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
+ @mock.patch.object(requests, 'post')
+ def test_insecure(self, MOCK_REQUEST):
+ self.middleware = (
+- s3_token.filter_factory({'insecure': True})(FakeApp()))
++ s3_token.filter_factory({'insecure': 'True'})(FakeApp()))
+
+ text_return_value = jsonutils.dumps(GOOD_RESPONSE)
+ if six.PY3:
+@@ -142,6 +142,28 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
+ mock_args, mock_kwargs = MOCK_REQUEST.call_args
+ self.assertIs(mock_kwargs['verify'], False)
+
++ def test_insecure_option(self):
++ # insecure is passed as a string.
++
++ # Some non-secure values.
++ true_values = ['true', 'True', '1', 'yes']
++ for val in true_values:
++ config = {'insecure': val, 'certfile': 'false_ind'}
++ middleware = s3_token.filter_factory(config)(FakeApp())
++ self.assertIs(False, middleware.verify)
++
++ # Some "secure" values, including unexpected value.
++ false_values = ['false', 'False', '0', 'no', 'someweirdvalue']
++ for val in false_values:
++ config = {'insecure': val, 'certfile': 'false_ind'}
++ middleware = s3_token.filter_factory(config)(FakeApp())
++ self.assertEqual('false_ind', middleware.verify)
++
++ # Default is secure.
++ config = {'certfile': 'false_ind'}
++ middleware = s3_token.filter_factory(config)(FakeApp())
++ self.assertIs('false_ind', middleware.verify)
++
+
+ class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase):
+ def setUp(self):
generated by cgit v1.2.1 (git 2.18.0) at 2024-12-27 16:35:15 +0000