* [gentoo-commits] repo/gentoo:master commit in: dev-python/oslo-middleware/, dev-python/oslo-middleware/files/
@ 2017-01-26 21:44 Matt Thode
0 siblings, 0 replies; 2+ messages in thread
From: Matt Thode @ 2017-01-26 21:44 UTC (permalink / raw
To: gentoo-commits
commit: ad8a82887a3e612cae719a7ce6219f9ee760fc66
Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 26 21:40:53 2017 +0000
Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Thu Jan 26 21:43:41 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad8a8288
dev-python/oslo-middleware: fix CVE-2017-2592 bug 606976
Package-Manager: portage-2.3.3
.../files/cve-2017-2592-stable-mitaka.patch | 90 ++++++++++++++++++++++
.../files/cve-2017-2592-stable-newton.patch | 90 ++++++++++++++++++++++
.../oslo-middleware-3.19.0-r1.ebuild | 59 ++++++++++++++
.../oslo-middleware-3.8.0-r2.ebuild | 60 +++++++++++++++
4 files changed, 299 insertions(+)
diff --git a/dev-python/oslo-middleware/files/cve-2017-2592-stable-mitaka.patch b/dev-python/oslo-middleware/files/cve-2017-2592-stable-mitaka.patch
new file mode 100644
index 00000000..b38cd59
--- /dev/null
+++ b/dev-python/oslo-middleware/files/cve-2017-2592-stable-mitaka.patch
@@ -0,0 +1,90 @@
+From 095e90929d114e4b6cece67cb405741c14747356 Mon Sep 17 00:00:00 2001
+From: Jamie Lennox <jamielennox@gmail.com>
+Date: Wed, 28 Sep 2016 15:03:53 +1000
+Subject: [PATCH] Filter token data out of catch_errors middleware
+
+If an exception is caught by the catch_errors middleware the entire
+request is dumped into the log including sensitive information like
+tokens. Filter that information before outputting the failed request.
+
+Closes-Bug: #1628031
+Change-Id: I2563403993513c37751576223275350cac2e0937
+---
+ oslo_middleware/catch_errors.py | 6 +++++-
+ oslo_middleware/tests/test_catch_errors.py | 25 +++++++++++++++++++++++++
+ 2 files changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/oslo_middleware/catch_errors.py b/oslo_middleware/catch_errors.py
+index 43d085f..0934fc5 100644
+--- a/oslo_middleware/catch_errors.py
++++ b/oslo_middleware/catch_errors.py
+@@ -14,6 +14,7 @@
+ # under the License.
+
+ import logging
++import re
+
+ import webob.dec
+ import webob.exc
+@@ -24,6 +25,8 @@ from oslo_middleware import base
+
+ LOG = logging.getLogger(__name__)
+
++_TOKEN_RE = re.compile('^(X-\w+-Token):.*$', flags=re.MULTILINE)
++
+
+ class CatchErrors(base.ConfigurableMiddleware):
+ """Middleware that provides high-level error handling.
+@@ -37,7 +40,8 @@ class CatchErrors(base.ConfigurableMiddleware):
+ try:
+ response = req.get_response(self.application)
+ except Exception:
++ req_str = _TOKEN_RE.sub(r'\1: <removed>', req.as_text())
+ LOG.exception(_LE('An error occurred during '
+- 'processing the request: %s'), req)
++ 'processing the request: %s'), req_str)
+ response = webob.exc.HTTPInternalServerError()
+ return response
+diff --git a/oslo_middleware/tests/test_catch_errors.py b/oslo_middleware/tests/test_catch_errors.py
+index 920bbe2..0b675e2 100644
+--- a/oslo_middleware/tests/test_catch_errors.py
++++ b/oslo_middleware/tests/test_catch_errors.py
+@@ -13,6 +13,7 @@
+ # License for the specific language governing permissions and limitations
+ # under the License.
+
++import fixtures
+ import mock
+ from oslotest import base as test_base
+ import webob.dec
+@@ -45,3 +46,27 @@ class CatchErrorsTest(test_base.BaseTestCase):
+ self._test_has_request_id(application,
+ webob.exc.HTTPInternalServerError.code)
+ self.assertEqual(1, log_exc.call_count)
++
++ def test_filter_tokens_from_log(self):
++ logger = self.useFixture(fixtures.FakeLogger(nuke_handlers=False))
++
++ @webob.dec.wsgify
++ def application(req):
++ raise Exception()
++
++ app = catch_errors.CatchErrors(application)
++ req = webob.Request.blank('/test',
++ text=u'test data',
++ method='POST',
++ headers={'X-Auth-Token': 'secret1',
++ 'X-Service-Token': 'secret2',
++ 'X-Other-Token': 'secret3'})
++ res = req.get_response(app)
++ self.assertEqual(500, res.status_int)
++
++ output = logger.output
++
++ self.assertIn('X-Auth-Token: <removed>', output)
++ self.assertIn('X-Service-Token: <removed>', output)
++ self.assertIn('X-Other-Token: <removed>', output)
++ self.assertIn('test data', output)
+--
+2.7.4
+
diff --git a/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch b/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch
new file mode 100644
index 00000000..b38cd59
--- /dev/null
+++ b/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch
@@ -0,0 +1,90 @@
+From 095e90929d114e4b6cece67cb405741c14747356 Mon Sep 17 00:00:00 2001
+From: Jamie Lennox <jamielennox@gmail.com>
+Date: Wed, 28 Sep 2016 15:03:53 +1000
+Subject: [PATCH] Filter token data out of catch_errors middleware
+
+If an exception is caught by the catch_errors middleware the entire
+request is dumped into the log including sensitive information like
+tokens. Filter that information before outputting the failed request.
+
+Closes-Bug: #1628031
+Change-Id: I2563403993513c37751576223275350cac2e0937
+---
+ oslo_middleware/catch_errors.py | 6 +++++-
+ oslo_middleware/tests/test_catch_errors.py | 25 +++++++++++++++++++++++++
+ 2 files changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/oslo_middleware/catch_errors.py b/oslo_middleware/catch_errors.py
+index 43d085f..0934fc5 100644
+--- a/oslo_middleware/catch_errors.py
++++ b/oslo_middleware/catch_errors.py
+@@ -14,6 +14,7 @@
+ # under the License.
+
+ import logging
++import re
+
+ import webob.dec
+ import webob.exc
+@@ -24,6 +25,8 @@ from oslo_middleware import base
+
+ LOG = logging.getLogger(__name__)
+
++_TOKEN_RE = re.compile('^(X-\w+-Token):.*$', flags=re.MULTILINE)
++
+
+ class CatchErrors(base.ConfigurableMiddleware):
+ """Middleware that provides high-level error handling.
+@@ -37,7 +40,8 @@ class CatchErrors(base.ConfigurableMiddleware):
+ try:
+ response = req.get_response(self.application)
+ except Exception:
++ req_str = _TOKEN_RE.sub(r'\1: <removed>', req.as_text())
+ LOG.exception(_LE('An error occurred during '
+- 'processing the request: %s'), req)
++ 'processing the request: %s'), req_str)
+ response = webob.exc.HTTPInternalServerError()
+ return response
+diff --git a/oslo_middleware/tests/test_catch_errors.py b/oslo_middleware/tests/test_catch_errors.py
+index 920bbe2..0b675e2 100644
+--- a/oslo_middleware/tests/test_catch_errors.py
++++ b/oslo_middleware/tests/test_catch_errors.py
+@@ -13,6 +13,7 @@
+ # License for the specific language governing permissions and limitations
+ # under the License.
+
++import fixtures
+ import mock
+ from oslotest import base as test_base
+ import webob.dec
+@@ -45,3 +46,27 @@ class CatchErrorsTest(test_base.BaseTestCase):
+ self._test_has_request_id(application,
+ webob.exc.HTTPInternalServerError.code)
+ self.assertEqual(1, log_exc.call_count)
++
++ def test_filter_tokens_from_log(self):
++ logger = self.useFixture(fixtures.FakeLogger(nuke_handlers=False))
++
++ @webob.dec.wsgify
++ def application(req):
++ raise Exception()
++
++ app = catch_errors.CatchErrors(application)
++ req = webob.Request.blank('/test',
++ text=u'test data',
++ method='POST',
++ headers={'X-Auth-Token': 'secret1',
++ 'X-Service-Token': 'secret2',
++ 'X-Other-Token': 'secret3'})
++ res = req.get_response(app)
++ self.assertEqual(500, res.status_int)
++
++ output = logger.output
++
++ self.assertIn('X-Auth-Token: <removed>', output)
++ self.assertIn('X-Service-Token: <removed>', output)
++ self.assertIn('X-Other-Token: <removed>', output)
++ self.assertIn('test data', output)
+--
+2.7.4
+
diff --git a/dev-python/oslo-middleware/oslo-middleware-3.19.0-r1.ebuild b/dev-python/oslo-middleware/oslo-middleware-3.19.0-r1.ebuild
new file mode 100644
index 00000000..062868e
--- /dev/null
+++ b/dev-python/oslo-middleware/oslo-middleware-3.19.0-r1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+PYTHON_COMPAT=( python2_7 python3_4 python3_5 )
+
+inherit distutils-r1
+
+DESCRIPTION="Components injected into wsgi pipelines to intercept request/response flows."
+HOMEPAGE="https://pypi.python.org/pypi/oslo.middleware"
+SRC_URI="mirror://pypi/${PN:0:1}/oslo.middleware/oslo.middleware-${PV}.tar.gz"
+S="${WORKDIR}/oslo.middleware-${PV}"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~x86"
+IUSE="test"
+
+PATCHES=( "${FILESDIR}/cve-2017-2592-stable-newton.patch" )
+
+CDEPEND="
+ >=dev-python/pbr-1.6[${PYTHON_USEDEP}]
+ <dev-python/pbr-2.0[${PYTHON_USEDEP}]"
+DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
+ ${CDEPEND}
+ test? (
+ >=dev-python/fixtures-3.0.0[${PYTHON_USEDEP}]
+ >=dev-python/mock-2.0.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
+ !~dev-python/oslo-sphinx-3.4.0[${PYTHON_USEDEP}]
+ >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
+ >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+ !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+ <dev-python/sphinx-1.3.0[${PYTHON_USEDEP}]
+ >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
+ >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+ )"
+RDEPEND="
+ ${CDEPEND}
+ >=dev-python/jinja-2.8[${PYTHON_USEDEP}]
+ >=dev-python/oslo-config-3.14.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-context-2.9.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-utils-3.16.0[${PYTHON_USEDEP}]
+ >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/stevedore-1.16.0[${PYTHON_USEDEP}]
+ >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
+ >=dev-python/debtcollector-1.2.0[${PYTHON_USEDEP}]
+"
+
+python_prepare_all() {
+ sed -i '/^hacking/d' test-requirements.txt || die
+ distutils-r1_python_prepare_all
+}
+
+python_test() {
+ nosetests tests/ || die "test failed under ${EPYTHON}"
+}
diff --git a/dev-python/oslo-middleware/oslo-middleware-3.8.0-r2.ebuild b/dev-python/oslo-middleware/oslo-middleware-3.8.0-r2.ebuild
new file mode 100644
index 00000000..1a7e55b
--- /dev/null
+++ b/dev-python/oslo-middleware/oslo-middleware-3.8.0-r2.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 python3_4 python3_5 )
+
+inherit distutils-r1
+
+DESCRIPTION="Components injected into wsgi pipelines to intercept request/response flows."
+HOMEPAGE="https://pypi.python.org/pypi/oslo.middleware"
+SRC_URI="mirror://pypi/${PN:0:1}/oslo.middleware/oslo.middleware-${PV}.tar.gz"
+S="${WORKDIR}/oslo.middleware-${PV}"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~x86"
+IUSE="test"
+
+FILES=( "${FILESDIR}/cve-2017-2592-stable-mitaka.patch" )
+
+CDEPEND="
+ >=dev-python/pbr-1.6[${PYTHON_USEDEP}]
+ <dev-python/pbr-2.0[${PYTHON_USEDEP}]"
+DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
+ ${CDEPEND}
+ test? (
+ >=dev-python/fixtures-1.3.1[${PYTHON_USEDEP}]
+ >=dev-python/mock-1.2[${PYTHON_USEDEP}]
+ >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
+ !~dev-python/oslo-sphinx-3.4.0[${PYTHON_USEDEP}]
+ >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
+ >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+ !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+ <dev-python/sphinx-1.3.0[${PYTHON_USEDEP}]
+ >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
+ >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+ )"
+RDEPEND="
+ ${CDEPEND}
+ >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
+ >=dev-python/jinja-2.8[${PYTHON_USEDEP}]
+ >=dev-python/oslo-config-3.7.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}]
+ >=dev-python/oslo-utils-3.5.0[${PYTHON_USEDEP}]
+ >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
+ >=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}]
+ >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
+ >=dev-python/debtcollector-1.2.0[${PYTHON_USEDEP}]
+"
+
+python_prepare_all() {
+ sed -i '/^hacking/d' test-requirements.txt || die
+ distutils-r1_python_prepare_all
+}
+
+python_test() {
+ nosetests tests/ || die "test failed under ${EPYTHON}"
+}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-python/oslo-middleware/, dev-python/oslo-middleware/files/
@ 2017-05-02 9:48 Michał Górny
0 siblings, 0 replies; 2+ messages in thread
From: Michał Górny @ 2017-05-02 9:48 UTC (permalink / raw
To: gentoo-commits
commit: 17521c754424b67a0e703bdeeedbd9bb05e79a1a
Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Tue May 2 08:59:08 2017 +0000
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Tue May 2 09:47:49 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17521c75
dev-python/oslo-middleware: Clean old versions up
dev-python/oslo-middleware/Manifest | 3 -
.../files/cve-2017-2592-stable-mitaka.patch | 90 ----------------------
.../files/cve-2017-2592-stable-newton.patch | 90 ----------------------
.../oslo-middleware-3.19.0-r1.ebuild | 58 --------------
.../oslo-middleware/oslo-middleware-3.19.1.ebuild | 60 ---------------
.../oslo-middleware-3.8.0-r2.ebuild | 59 --------------
6 files changed, 360 deletions(-)
diff --git a/dev-python/oslo-middleware/Manifest b/dev-python/oslo-middleware/Manifest
index dbca57a39e1..d98b6be4a69 100644
--- a/dev-python/oslo-middleware/Manifest
+++ b/dev-python/oslo-middleware/Manifest
@@ -1,4 +1 @@
-DIST oslo.middleware-3.19.0.tar.gz 41711 SHA256 f36c37b9d8f4c6eccc494172569184c3f9a4028a6401e8cf75d7656fc7b1d292 SHA512 e347f9f683b8e925286390fc84eb5aebb76b6f490d564f9273b6d53762bbd9f09dab3dc5f740ab4eb0849de00381ad71264b0d8c048629b770b8740243300e50 WHIRLPOOL aa08f79b269cc1dc2c3c54f121e2de783a9f4b13c0fc1d9be492044cd4c34f59a4b2446efab2870d1cfdaa932f41cc5075ee4bd01876edb34d94b35c2d575211
-DIST oslo.middleware-3.19.1.tar.gz 43000 SHA256 a484a27276bb4fd96a21fdaa7d0da0495aa2a2887a88dcec271ffd8b8c239096 SHA512 7d387466cc1352651d81b6f874f18bfb892af8b4187c93131597cfb1e731394654cfd65a17729b22a36bd388b3eee8692936af28786812e50bb2549a76555c96 WHIRLPOOL 6942f7003d6242a12c7cb3ef27331f749244e1fe930e4817804db63c405f9a6c6da3bf07cff2a60b24d38c3aaebf8aac835168ba704c4f3a427590e0284c36fb
DIST oslo.middleware-3.23.1.tar.gz 52469 SHA256 fab9a0779ff196020875c7e47e6c36b9d6c9468063645b857e687114e70a8019 SHA512 155f88184216ef18a265b996973b616a3b7a9e52618d95235a396e099bcfb5f51a5dded8e1f039df4d648a0b779c8a6daab9d6b8ff091981c17524a8521ac72a WHIRLPOOL 683d78da63af0d68b6301aa718562cd29f8dc09511df53fb0394311bbda7727edadd975401f81e8ee5c6f35a4e9e8d636bd140b786fec4e7f9c3b0f0015f02e8
-DIST oslo.middleware-3.8.0.tar.gz 39756 SHA256 2d985b238182cf70c1adbe1a041eb96eacde3106751fe2c7f1cd81d57a4dbda2 SHA512 575708b9f19938787d4d42accfbafcd63a9cee0aeb871dc0b3dd504dc4d5f97db27abfcfd7ae56dfc7d68eb670c11f93c1f79d3fd02d30247497614b3f51d80a WHIRLPOOL 2498c2a67ca83214c8512a2a86d78155638a107971d7a98a3534c625138c89f56273ab6dda437399799a6960129f4c7dfa758d2af46ede15813d7614d5db3a6d
diff --git a/dev-python/oslo-middleware/files/cve-2017-2592-stable-mitaka.patch b/dev-python/oslo-middleware/files/cve-2017-2592-stable-mitaka.patch
deleted file mode 100644
index b38cd597c3d..00000000000
--- a/dev-python/oslo-middleware/files/cve-2017-2592-stable-mitaka.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 095e90929d114e4b6cece67cb405741c14747356 Mon Sep 17 00:00:00 2001
-From: Jamie Lennox <jamielennox@gmail.com>
-Date: Wed, 28 Sep 2016 15:03:53 +1000
-Subject: [PATCH] Filter token data out of catch_errors middleware
-
-If an exception is caught by the catch_errors middleware the entire
-request is dumped into the log including sensitive information like
-tokens. Filter that information before outputting the failed request.
-
-Closes-Bug: #1628031
-Change-Id: I2563403993513c37751576223275350cac2e0937
----
- oslo_middleware/catch_errors.py | 6 +++++-
- oslo_middleware/tests/test_catch_errors.py | 25 +++++++++++++++++++++++++
- 2 files changed, 30 insertions(+), 1 deletion(-)
-
-diff --git a/oslo_middleware/catch_errors.py b/oslo_middleware/catch_errors.py
-index 43d085f..0934fc5 100644
---- a/oslo_middleware/catch_errors.py
-+++ b/oslo_middleware/catch_errors.py
-@@ -14,6 +14,7 @@
- # under the License.
-
- import logging
-+import re
-
- import webob.dec
- import webob.exc
-@@ -24,6 +25,8 @@ from oslo_middleware import base
-
- LOG = logging.getLogger(__name__)
-
-+_TOKEN_RE = re.compile('^(X-\w+-Token):.*$', flags=re.MULTILINE)
-+
-
- class CatchErrors(base.ConfigurableMiddleware):
- """Middleware that provides high-level error handling.
-@@ -37,7 +40,8 @@ class CatchErrors(base.ConfigurableMiddleware):
- try:
- response = req.get_response(self.application)
- except Exception:
-+ req_str = _TOKEN_RE.sub(r'\1: <removed>', req.as_text())
- LOG.exception(_LE('An error occurred during '
-- 'processing the request: %s'), req)
-+ 'processing the request: %s'), req_str)
- response = webob.exc.HTTPInternalServerError()
- return response
-diff --git a/oslo_middleware/tests/test_catch_errors.py b/oslo_middleware/tests/test_catch_errors.py
-index 920bbe2..0b675e2 100644
---- a/oslo_middleware/tests/test_catch_errors.py
-+++ b/oslo_middleware/tests/test_catch_errors.py
-@@ -13,6 +13,7 @@
- # License for the specific language governing permissions and limitations
- # under the License.
-
-+import fixtures
- import mock
- from oslotest import base as test_base
- import webob.dec
-@@ -45,3 +46,27 @@ class CatchErrorsTest(test_base.BaseTestCase):
- self._test_has_request_id(application,
- webob.exc.HTTPInternalServerError.code)
- self.assertEqual(1, log_exc.call_count)
-+
-+ def test_filter_tokens_from_log(self):
-+ logger = self.useFixture(fixtures.FakeLogger(nuke_handlers=False))
-+
-+ @webob.dec.wsgify
-+ def application(req):
-+ raise Exception()
-+
-+ app = catch_errors.CatchErrors(application)
-+ req = webob.Request.blank('/test',
-+ text=u'test data',
-+ method='POST',
-+ headers={'X-Auth-Token': 'secret1',
-+ 'X-Service-Token': 'secret2',
-+ 'X-Other-Token': 'secret3'})
-+ res = req.get_response(app)
-+ self.assertEqual(500, res.status_int)
-+
-+ output = logger.output
-+
-+ self.assertIn('X-Auth-Token: <removed>', output)
-+ self.assertIn('X-Service-Token: <removed>', output)
-+ self.assertIn('X-Other-Token: <removed>', output)
-+ self.assertIn('test data', output)
---
-2.7.4
-
diff --git a/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch b/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch
deleted file mode 100644
index b38cd597c3d..00000000000
--- a/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 095e90929d114e4b6cece67cb405741c14747356 Mon Sep 17 00:00:00 2001
-From: Jamie Lennox <jamielennox@gmail.com>
-Date: Wed, 28 Sep 2016 15:03:53 +1000
-Subject: [PATCH] Filter token data out of catch_errors middleware
-
-If an exception is caught by the catch_errors middleware the entire
-request is dumped into the log including sensitive information like
-tokens. Filter that information before outputting the failed request.
-
-Closes-Bug: #1628031
-Change-Id: I2563403993513c37751576223275350cac2e0937
----
- oslo_middleware/catch_errors.py | 6 +++++-
- oslo_middleware/tests/test_catch_errors.py | 25 +++++++++++++++++++++++++
- 2 files changed, 30 insertions(+), 1 deletion(-)
-
-diff --git a/oslo_middleware/catch_errors.py b/oslo_middleware/catch_errors.py
-index 43d085f..0934fc5 100644
---- a/oslo_middleware/catch_errors.py
-+++ b/oslo_middleware/catch_errors.py
-@@ -14,6 +14,7 @@
- # under the License.
-
- import logging
-+import re
-
- import webob.dec
- import webob.exc
-@@ -24,6 +25,8 @@ from oslo_middleware import base
-
- LOG = logging.getLogger(__name__)
-
-+_TOKEN_RE = re.compile('^(X-\w+-Token):.*$', flags=re.MULTILINE)
-+
-
- class CatchErrors(base.ConfigurableMiddleware):
- """Middleware that provides high-level error handling.
-@@ -37,7 +40,8 @@ class CatchErrors(base.ConfigurableMiddleware):
- try:
- response = req.get_response(self.application)
- except Exception:
-+ req_str = _TOKEN_RE.sub(r'\1: <removed>', req.as_text())
- LOG.exception(_LE('An error occurred during '
-- 'processing the request: %s'), req)
-+ 'processing the request: %s'), req_str)
- response = webob.exc.HTTPInternalServerError()
- return response
-diff --git a/oslo_middleware/tests/test_catch_errors.py b/oslo_middleware/tests/test_catch_errors.py
-index 920bbe2..0b675e2 100644
---- a/oslo_middleware/tests/test_catch_errors.py
-+++ b/oslo_middleware/tests/test_catch_errors.py
-@@ -13,6 +13,7 @@
- # License for the specific language governing permissions and limitations
- # under the License.
-
-+import fixtures
- import mock
- from oslotest import base as test_base
- import webob.dec
-@@ -45,3 +46,27 @@ class CatchErrorsTest(test_base.BaseTestCase):
- self._test_has_request_id(application,
- webob.exc.HTTPInternalServerError.code)
- self.assertEqual(1, log_exc.call_count)
-+
-+ def test_filter_tokens_from_log(self):
-+ logger = self.useFixture(fixtures.FakeLogger(nuke_handlers=False))
-+
-+ @webob.dec.wsgify
-+ def application(req):
-+ raise Exception()
-+
-+ app = catch_errors.CatchErrors(application)
-+ req = webob.Request.blank('/test',
-+ text=u'test data',
-+ method='POST',
-+ headers={'X-Auth-Token': 'secret1',
-+ 'X-Service-Token': 'secret2',
-+ 'X-Other-Token': 'secret3'})
-+ res = req.get_response(app)
-+ self.assertEqual(500, res.status_int)
-+
-+ output = logger.output
-+
-+ self.assertIn('X-Auth-Token: <removed>', output)
-+ self.assertIn('X-Service-Token: <removed>', output)
-+ self.assertIn('X-Other-Token: <removed>', output)
-+ self.assertIn('test data', output)
---
-2.7.4
-
diff --git a/dev-python/oslo-middleware/oslo-middleware-3.19.0-r1.ebuild b/dev-python/oslo-middleware/oslo-middleware-3.19.0-r1.ebuild
deleted file mode 100644
index 6ae34cd3b49..00000000000
--- a/dev-python/oslo-middleware/oslo-middleware-3.19.0-r1.ebuild
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python2_7 python3_4 python3_5 )
-
-inherit distutils-r1
-
-DESCRIPTION="Components injected into wsgi pipelines to intercept request/response flows."
-HOMEPAGE="https://pypi.python.org/pypi/oslo.middleware"
-SRC_URI="mirror://pypi/${PN:0:1}/oslo.middleware/oslo.middleware-${PV}.tar.gz"
-S="${WORKDIR}/oslo.middleware-${PV}"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64 ~arm64 x86"
-IUSE="test"
-
-PATCHES=( "${FILESDIR}/cve-2017-2592-stable-newton.patch" )
-
-CDEPEND="
- >=dev-python/pbr-1.6[${PYTHON_USEDEP}]
- <dev-python/pbr-2.0[${PYTHON_USEDEP}]"
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
- ${CDEPEND}
- test? (
- >=dev-python/fixtures-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/mock-2.0.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-sphinx-3.4.0[${PYTHON_USEDEP}]
- >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
- !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
- <dev-python/sphinx-1.3.0[${PYTHON_USEDEP}]
- >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
- )"
-RDEPEND="
- ${CDEPEND}
- >=dev-python/jinja-2.8[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-3.14.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-context-2.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-utils-3.16.0[${PYTHON_USEDEP}]
- >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/stevedore-1.16.0[${PYTHON_USEDEP}]
- >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
- >=dev-python/debtcollector-1.2.0[${PYTHON_USEDEP}]
-"
-
-python_prepare_all() {
- sed -i '/^hacking/d' test-requirements.txt || die
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- nosetests tests/ || die "test failed under ${EPYTHON}"
-}
diff --git a/dev-python/oslo-middleware/oslo-middleware-3.19.1.ebuild b/dev-python/oslo-middleware/oslo-middleware-3.19.1.ebuild
deleted file mode 100644
index 65ebfa842e3..00000000000
--- a/dev-python/oslo-middleware/oslo-middleware-3.19.1.ebuild
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python2_7 python3_4 python3_5 )
-
-inherit distutils-r1
-
-DESCRIPTION="Components injected into wsgi pipelines to intercept request/response flows."
-HOMEPAGE="https://pypi.python.org/pypi/oslo.middleware"
-SRC_URI="mirror://pypi/${PN:0:1}/oslo.middleware/oslo.middleware-${PV}.tar.gz"
-S="${WORKDIR}/oslo.middleware-${PV}"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~x86"
-IUSE="test"
-
-PATCHES=(
-
-)
-
-CDEPEND="
- >=dev-python/pbr-1.6[${PYTHON_USEDEP}]
- <dev-python/pbr-2.0[${PYTHON_USEDEP}]"
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
- ${CDEPEND}
- test? (
- >=dev-python/fixtures-3.0.0[${PYTHON_USEDEP}]
- >=dev-python/mock-2.0.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-sphinx-3.4.0[${PYTHON_USEDEP}]
- >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
- !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
- <dev-python/sphinx-1.3.0[${PYTHON_USEDEP}]
- >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
- )"
-RDEPEND="
- ${CDEPEND}
- >=dev-python/jinja-2.8[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-3.14.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-context-2.9.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-utils-3.16.0[${PYTHON_USEDEP}]
- >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/stevedore-1.16.0[${PYTHON_USEDEP}]
- >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
- >=dev-python/debtcollector-1.2.0[${PYTHON_USEDEP}]
-"
-
-python_prepare_all() {
- sed -i '/^hacking/d' test-requirements.txt || die
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- nosetests tests/ || die "test failed under ${EPYTHON}"
-}
diff --git a/dev-python/oslo-middleware/oslo-middleware-3.8.0-r2.ebuild b/dev-python/oslo-middleware/oslo-middleware-3.8.0-r2.ebuild
deleted file mode 100644
index b005d0f5161..00000000000
--- a/dev-python/oslo-middleware/oslo-middleware-3.8.0-r2.ebuild
+++ /dev/null
@@ -1,59 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 python3_4 python3_5 )
-
-inherit distutils-r1
-
-DESCRIPTION="Components injected into wsgi pipelines to intercept request/response flows."
-HOMEPAGE="https://pypi.python.org/pypi/oslo.middleware"
-SRC_URI="mirror://pypi/${PN:0:1}/oslo.middleware/oslo.middleware-${PV}.tar.gz"
-S="${WORKDIR}/oslo.middleware-${PV}"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64 ~arm64 x86"
-IUSE="test"
-
-FILES=( "${FILESDIR}/cve-2017-2592-stable-mitaka.patch" )
-
-CDEPEND="
- >=dev-python/pbr-1.6[${PYTHON_USEDEP}]
- <dev-python/pbr-2.0[${PYTHON_USEDEP}]"
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
- ${CDEPEND}
- test? (
- >=dev-python/fixtures-1.3.1[${PYTHON_USEDEP}]
- >=dev-python/mock-1.2[${PYTHON_USEDEP}]
- >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
- !~dev-python/oslo-sphinx-3.4.0[${PYTHON_USEDEP}]
- >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
- >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
- !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
- <dev-python/sphinx-1.3.0[${PYTHON_USEDEP}]
- >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
- >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
- )"
-RDEPEND="
- ${CDEPEND}
- >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
- >=dev-python/jinja-2.8[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-3.7.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}]
- >=dev-python/oslo-utils-3.5.0[${PYTHON_USEDEP}]
- >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
- >=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}]
- >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
- >=dev-python/debtcollector-1.2.0[${PYTHON_USEDEP}]
-"
-
-python_prepare_all() {
- sed -i '/^hacking/d' test-requirements.txt || die
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- nosetests tests/ || die "test failed under ${EPYTHON}"
-}
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-05-02 9:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-26 21:44 [gentoo-commits] repo/gentoo:master commit in: dev-python/oslo-middleware/, dev-python/oslo-middleware/files/ Matt Thode
-- strict thread matches above, loose matches on Subject: below --
2017-05-02 9:48 Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox