test_novnc does not adequately validate websocket upgrade
Bug #1838777 reported by
Leo Henken
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tempest |
Fix Released
|
Undecided
|
Ghanshyam Mann |
Bug Description
The test test_novnc attempts to validate a websocket upgrade by using an environment dependent configuration field named vnc_server_header. While this solution does work, it introduces a security concern and depends on a varying value that requires every environment to handle differently.
description: | updated |
summary: |
- test_novnc fails when response header omits server name + test_novnc does not adequatly validate websocket_upgrade |
summary: |
- test_novnc does not adequatly validate websocket_upgrade + test_novnc does not adequatly validate websocket upgrade |
summary: |
- test_novnc does not adequatly validate websocket upgrade + test_novnc does not adequately validate websocket upgrade |
description: | updated |
Changed in tempest: | |
assignee: | Leo Henken (lh236s) → Ghanshyam Mann (ghanshyammann) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/674364
Review: https:/