~ubuntu-branches/ubuntu/trusty/swift/trusty-updates

Viewing changes to test/functional/tests.py

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2015-07-22 11:03:05 UTC
Revision ID: package-import@ubuntu.com-20150722110305-eq79r0smfdtmh5o8

Tags: 1.13.1-0ubuntu1.2

* SECURITY UPDATE: metadata constraint bypass via multiple requests
  - debian/patches/CVE-2014-7960.patch: add metadata checks to
    swift/account/server.py, swift/common/constraints.py,
    swift/common/db.py, swift/container/server.py, added tests to
    test/functional/test_account.py, test/functional/test_container.py,
    test/unit/common/test_db.py.
  - CVE-2014-7960
* SECURITY UPDATE: object deletion via x-versions-location container
  - debian/patches/CVE-2015-1856.patch: prevent unauthorized delete in
    swift/proxy/controllers/obj.py, added tests to
    test/functional/tests.py, test/unit/proxy/test_server.py.
  - CVE-2015-1856

files added:
.pc/CVE-2014-7960.patch

.pc/CVE-2014-7960.patch/swift

.pc/CVE-2014-7960.patch/swift/account

.pc/CVE-2014-7960.patch/swift/account/server.py

.pc/CVE-2014-7960.patch/swift/common

.pc/CVE-2014-7960.patch/swift/common/constraints.py

.pc/CVE-2014-7960.patch/swift/common/db.py

.pc/CVE-2014-7960.patch/swift/container

.pc/CVE-2014-7960.patch/swift/container/server.py

.pc/CVE-2014-7960.patch/test

.pc/CVE-2014-7960.patch/test/functional

.pc/CVE-2014-7960.patch/test/functional/test_account.py

.pc/CVE-2014-7960.patch/test/functional/test_container.py

.pc/CVE-2014-7960.patch/test/unit

.pc/CVE-2014-7960.patch/test/unit/common

.pc/CVE-2014-7960.patch/test/unit/common/test_db.py

.pc/CVE-2015-1856.patch

.pc/CVE-2015-1856.patch/swift

.pc/CVE-2015-1856.patch/swift/proxy

.pc/CVE-2015-1856.patch/swift/proxy/controllers

.pc/CVE-2015-1856.patch/swift/proxy/controllers/obj.py

.pc/CVE-2015-1856.patch/test

.pc/CVE-2015-1856.patch/test/functional

.pc/CVE-2015-1856.patch/test/functional/tests.py

.pc/CVE-2015-1856.patch/test/unit

.pc/CVE-2015-1856.patch/test/unit/proxy

.pc/CVE-2015-1856.patch/test/unit/proxy/test_server.py

debian/patches/CVE-2014-7960.patch

debian/patches/CVE-2015-1856.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

swift/account/server.py

swift/common/constraints.py

swift/common/db.py

swift/container/server.py

swift/proxy/controllers/obj.py

test/functional/test_account.py

test/functional/test_container.py

test/functional/tests.py

test/unit/common/test_db.py

test/unit/proxy/test_server.py

Show diffs side-by-side

added added

removed removed

test/functional/tests.py

import unittest

import urllib

import uuid

from copy import deepcopy

from nose import SkipTest

from test import get_config

2102

2103

cls.account = Account(cls.conn, config.get('account',

2103

2104

config['username']))

2104

2105

2106

# Second connection for ACL tests

2107

config2 = deepcopy(config)

2108

config2['account'] = config['account2']

2109

config2['username'] = config['username2']

2110

config2['password'] = config['password2']

2111

cls.conn2 = Connection(config2)

2112

cls.conn2.authenticate()

2113

2105

2114

# avoid getting a prefix that stops halfway through an encoded

2106

2115

# character

2107

2116

prefix = Utils.create_name().decode("utf-8")[:10].encode("utf-8")

2134

2143

"Expected versioning_enabled to be True/False, got %r" %

2135

2144

(self.env.versioning_enabled,))

2136

2145

2146

def tearDown(self):

2147

super(TestObjectVersioning, self).tearDown()

2148

try:

2149

# delete versions first!

2150

self.env.versions_container.delete_files()

2151

self.env.container.delete_files()

2152

except ResponseError:

2153

pass

2154

2137

2155

def test_overwriting(self):

2138

2156

container = self.env.container

2139

2157

versions_container = self.env.versions_container

2165

2183

versioned_obj.delete()

2166

2184

self.assertRaises(ResponseError, versioned_obj.read)

2167

2185

2186

def test_versioning_check_acl(self):

2187

container = self.env.container

2188

versions_container = self.env.versions_container

2189

versions_container.create(hdrs={'X-Container-Read': '.r:*,.rlistings'})

2190

2191

obj_name = Utils.create_name()

2192

versioned_obj = container.file(obj_name)

2193

versioned_obj.write("aaaaa")

2194

self.assertEqual("aaaaa", versioned_obj.read())

2195

2196

versioned_obj.write("bbbbb")

2197

self.assertEqual("bbbbb", versioned_obj.read())

2198

2199

# Use token from second account and try to delete the object

2200

org_token = self.env.account.conn.storage_token

2201

self.env.account.conn.storage_token = self.env.conn2.storage_token

2202

try:

2203

self.assertRaises(ResponseError, versioned_obj.delete)

2204

finally:

2205

self.env.account.conn.storage_token = org_token

2206

2207

# Verify with token from first account

2208

self.assertEqual("bbbbb", versioned_obj.read())

2209

2210

versioned_obj.delete()

2211

self.assertEqual("aaaaa", versioned_obj.read())

2212

2168

2213

2169

2214

class TestObjectVersioningUTF8(Base2, TestObjectVersioning):

2170

2215

set_up = False

Older »