prometheanfire 15/04/14 16:11:45 Added: cve-2015-1852-master-keystonemiddleware.patch Log: updating for CVE-2015-1852 (Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key 0x33ED3FD25AFC78BA)
Revision Changes Path 1.1 dev-python/keystonemiddleware/files/cve-2015-1852-master-keystonemiddleware.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/keystonemiddleware/files/cve-2015-1852-master-keystonemiddleware.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/keystonemiddleware/files/cve-2015-1852-master-keystonemiddleware.patch?rev=1.1&content-type=text/plain Index: cve-2015-1852-master-keystonemiddleware.patch =================================================================== diff --git a/keystonemiddleware/s3_token.py b/keystonemiddleware/s3_token.py index d56482f..3fe13f9 100644 --- a/keystonemiddleware/s3_token.py +++ b/keystonemiddleware/s3_token.py @@ -35,6 +35,7 @@ import logging import webob from oslo_serialization import jsonutils +from oslo_utils import strutils import requests import six from six.moves import urllib @@ -116,7 +117,7 @@ class S3Token(object): auth_port) # SSL - insecure = conf.get('insecure', False) + insecure = strutils.bool_from_string(conf.get('insecure', False)) cert_file = conf.get('certfile') key_file = conf.get('keyfile') diff --git a/keystonemiddleware/tests/test_s3_token_middleware.py b/keystonemiddleware/tests/test_s3_token_middleware.py index fdadb76..4b910a6 100644 --- a/keystonemiddleware/tests/test_s3_token_middleware.py +++ b/keystonemiddleware/tests/test_s3_token_middleware.py @@ -124,7 +124,7 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase): @mock.patch.object(requests, 'post') def test_insecure(self, MOCK_REQUEST): self.middleware = ( - s3_token.filter_factory({'insecure': True})(FakeApp())) + s3_token.filter_factory({'insecure': 'True'})(FakeApp())) text_return_value = jsonutils.dumps(GOOD_RESPONSE) if six.PY3: @@ -142,6 +142,28 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase): mock_args, mock_kwargs = MOCK_REQUEST.call_args self.assertIs(mock_kwargs['verify'], False) + def test_insecure_option(self): + # insecure is passed as a string. + + # Some non-secure values. + true_values = ['true', 'True', '1', 'yes'] + for val in true_values: + config = {'insecure': val, 'certfile': 'false_ind'} + middleware = s3_token.filter_factory(config)(FakeApp()) + self.assertIs(False, middleware._verify) + + # Some "secure" values, including unexpected value. + false_values = ['false', 'False', '0', 'no', 'someweirdvalue'] + for val in false_values: + config = {'insecure': val, 'certfile': 'false_ind'} + middleware = s3_token.filter_factory(config)(FakeApp()) + self.assertEqual('false_ind', middleware._verify) + + # Default is secure. + config = {'certfile': 'false_ind'} + middleware = s3_token.filter_factory(config)(FakeApp()) + self.assertIs('false_ind', middleware._verify) + class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase): def setUp(self):
