[MIR] swift-plugin-s3

- Needs a team bug subscriber.
- I'll pass to security to say +1 or not.

Otherwise seems fine.

ubuntu-openstack team added as bug subscriber; setting back to NEW for security team review.

I reviewed swift-plugin-s3 version 1.11-2 as checked into zesty. This
shouldn't be considered a security audit but rather a quick gauge of
maintainability.

All the files appear to be python2.7, even though 'six' is used.

- CVE-2015-8466 -- they were a little shaky on the process since they're
  not getting official OpenStack security support, but the patch is
  impressive, with ~90kb of fixes to test cases.

- swift-plugin-s3 is a middleware layer that interprets s3 requests and
  translates them to swift requests. It's a fairly complicated glue layer
  between two already complicated APIs, that runs on top of HTTP.

- Build-Depends: debhelper, dh-python, openstack-pkg-tools, python-all,
  python-pbr, python-setuptools, python-sphinx, python-boto,
  python-coverage, python-fixtures, python-hacking
  python-lxml, python-mock, python-nose, python-nose-exclude,
  python-openstack.nose-plugin, python-openstackclient, python-requests,
  python-requests-mock, python-six, python-swift

- Uses md5, sha256 from hashlib, does not itself provide cryptography
- Uses wsgi
- Does not appear to daemonize outside of tests
- pre/post inst/rm automatically added by dh_python2
- No init scripts
- No dbus service
- No setuid or setgid executables
- No binaries in PATH
- No sudo fragments
- No udev rules
- Huge test suite run during the build (seriously, it's impressive;
  79%-100% test 'coverage' per file using line-based coverage counting;
  roughly three times as many lines of code in the tests than the bulk of
  the program).
- No cronjobs
- Build log is mostly boilerplate and test output

- No subprocesses spawned
- No file management
- Simple logging
- No environment variables used outside of the tests
- No privileged syscalls used
- The only cryptography used is hash functions
- I believe the only networking is done via wsgi
- As a middleware layer it's hard to follow the full path of network
  packet inputs; code looked careful but not paranoid.
- No use of /tmp
- No WebKit
- No javascript
- No PolicyKit

This is complicated code. We'd need upstream's help to support this
package. That said, it looked well written, the test suite's size is
impressive, and the one CVE in their history appeared to be handled well
despite an uncertain start.

Here's the only note I took while reading:

- _validate_expire_param() hard-codes a year-2038 bug into the program

Security team ACK for promoting swift-plugin-s3 to main.

Thanks

this is not seeded, and doesn't have any dependencies. Is this still needed?

FYI: https://github.com/openstack/swift3/blob/master/README.md

The Openstack Swift community has imported the Swift3 middleware into Swift's codebase as the "s3api" middleware. Swift3 development is now frozen and all new patches should go to s3api middleware. Refer to documentation for more information deploying s3api middleware.

I don't think this is needed anymore with the code having moved into swift.