OpenStack Identity (keystone)

NormalizingFilter performs incorrect validation of PATH_INFO variable

Bug #1270378 reported by Venkat Sundaram on 2014-01-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Invalid	Undecided	Unassigned

Bug Description

class NormalizingFilter(wsgi.Middleware):
"""Middleware filter to handle URL normalization."""

    def process_request(self, request):
        """Normalizes URLs."""
        # Removes a trailing slash from the given path, if any.
        if (len(request.environ['PATH_INFO']) > 1 and
                request.environ['PATH_INFO'][-1] == '/'):
            request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]
        # Rewrites path to root if no path is given.
        elif not request.environ['PATH_INFO']:
            request.environ['PATH_INFO'] = '/'

The if condition performs a length check without checking if PATH_INFO is None. Instead, the check is done in the elif clause.
Shouldn't this validation instead be like below ?

    def process_request(self, request):
        """Normalizes URLs."""
        # Rewrites path to root if no path is given.
        if not request.environ['PATH_INFO']:
            request.environ['PATH_INFO'] = '/'
        # Removes a trailing slash from the given path, if any.
        elif (len(request.environ['PATH_INFO']) > 1 and
                request.environ['PATH_INFO'][-1] == '/'):
            request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-18: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/67634

Changed in keystone:
assignee:	nobody → Venkat Sundaram (tsv)
status:	New → In Progress

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2014-01-21:

Do you happen to have a stack trace from running into this error?

Revision history for this message

Venkat Sundaram (tsv) wrote on 2014-01-21:

Thanks for looking into this.
No. I came across this while reading the code. Also, my proposed "fix" had a bug which I modified as follows:

if not request.environ['PATH_INFO']:

changed to

if not request.environ.get('PATH_INFO'):

Revision history for this message

Adam Young (ayoung) wrote on 2014-01-21:

Please clarify the bug: show what is in error. It sounds suspect thus far.

Revision history for this message

Dolph Mathews (dolph) wrote on 2014-01-27:

Need a way to reproduce this as an actual issue.

Changed in keystone:
status:	In Progress → Incomplete

Morgan Fainberg (mdrnstm) on 2014-09-23

Changed in keystone:
assignee:	Venkat Sundaram (tsv) → nobody

Morgan Fainberg (mdrnstm) on 2014-09-26

Changed in keystone:
status:	Incomplete → New
status:	New → Incomplete

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-10-20:

I'm marking this as Invalid as it would have expired out a long time ago had it not been assigned to someone (based on being incomplete)

Changed in keystone:
status:	Incomplete → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.