← Back to branch summary

~ubuntu-server-dev/ubuntu/trusty/python-keystonemiddleware/juno

~ubuntu-server-dev/ubuntu/trusty/python-keystonemiddleware/juno

« back to all changes in this revision

Viewing changes to keystonemiddleware/tests/test_s3_token_middleware.py

Committer: james.page at ubuntu
Author(s): James Page
Date: 2015-08-06 08:51:25 UTC
Revision ID: james.page@ubuntu.com-20150806085125-20hp0rrreq4dmtru

Tags: 1.0.0-1ubuntu0.14.10.2~cloud0

* SECURITY UPDATE: incorrect cert verification with ssl_insecure option
  - debian/patches/CVE-2015-1852.patch: properly parse option in
    keystonemiddleware/s3_token.py, added test to
    keystonemiddleware/tests/test_s3_token_middleware.py.
  - CVE-2015-1852

files added:
.pc

.pc/.quilt_patches

.pc/.quilt_series

.pc/.version

.pc/CVE-2015-1852.patch

.pc/CVE-2015-1852.patch/keystonemiddleware

.pc/CVE-2015-1852.patch/keystonemiddleware/s3_token.py

.pc/CVE-2015-1852.patch/keystonemiddleware/tests

.pc/CVE-2015-1852.patch/keystonemiddleware/tests/test_s3_token_middleware.py

.pc/applied-patches

.pc/refresh-expired-admin-token.patch

.pc/refresh-expired-admin-token.patch/keystonemiddleware

.pc/refresh-expired-admin-token.patch/keystonemiddleware/auth_token.py

.pc/removes-discover-from-test-requirements.txt

.pc/removes-discover-from-test-requirements.txt/test-requirements.txt

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/gbp.conf

debian/patches

debian/patches/CVE-2015-1852.patch

debian/patches/refresh-expired-admin-token.patch

debian/patches/removes-discover-from-test-requirements.txt

debian/patches/series

debian/python-keystonemiddleware-doc.doc-base

debian/rules

debian/source

debian/source/format

debian/source/options

debian/watch

files modified:
keystonemiddleware/auth_token.py

keystonemiddleware/s3_token.py

keystonemiddleware/tests/test_s3_token_middleware.py

test-requirements.txt

Show diffs side-by-side

added added

removed removed

keystonemiddleware/tests/test_s3_token_middleware.py

123

123

@mock.patch.object(requests, 'post')

124

124

def test_insecure(self, MOCK_REQUEST):

125

125

self.middleware = (

126

s3_token.filter_factory({'insecure': True})(FakeApp()))

126

s3_token.filter_factory({'insecure': 'True'})(FakeApp()))

127

127

128

128

text_return_value = jsonutils.dumps(GOOD_RESPONSE)

129

129

if six.PY3:

141

141

mock_args, mock_kwargs = MOCK_REQUEST.call_args

142

142

self.assertIs(mock_kwargs['verify'], False)

143

143

144

def test_insecure_option(self):

145

# insecure is passed as a string.

146

147

# Some non-secure values.

148

true_values = ['true', 'True', '1', 'yes']

149

for val in true_values:

150

config = {'insecure': val, 'certfile': 'false_ind'}

151

middleware = s3_token.filter_factory(config)(FakeApp())

152

self.assertIs(False, middleware._verify)

153

154

# Some "secure" values, including unexpected value.

155

false_values = ['false', 'False', '0', 'no', 'someweirdvalue']

156

for val in false_values:

157

config = {'insecure': val, 'certfile': 'false_ind'}

158

middleware = s3_token.filter_factory(config)(FakeApp())

159

self.assertEqual('false_ind', middleware._verify)

160

161

# Default is secure.

162

config = {'certfile': 'false_ind'}

163

middleware = s3_token.filter_factory(config)(FakeApp())

164

self.assertIs('false_ind', middleware._verify)

165

144

166

145

167

class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase):

146

168

def setUp(self):

Older »