← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #08369

[Bug 1270378] [NEW] NormalizingFilter performs incorrect validation of PATH_INFO variable

  Thread PreviousDate PreviousThread Next 
Public bug reported:

class NormalizingFilter(wsgi.Middleware):
    """Middleware filter to handle URL normalization."""

    def process_request(self, request):
        """Normalizes URLs."""
        # Removes a trailing slash from the given path, if any.
        if (len(request.environ['PATH_INFO']) > 1 and
                request.environ['PATH_INFO'][-1] == '/'):
            request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]
        # Rewrites path to root if no path is given.
        elif not request.environ['PATH_INFO']:
            request.environ['PATH_INFO'] = '/'


The if condition performs a length check without checking if PATH_INFO is None. Instead, the check is done in the elif clause.
Shouldn't this validation instead be like below ?

    def process_request(self, request):
        """Normalizes URLs."""
        # Rewrites path to root if no path is given.
        if not request.environ['PATH_INFO']:
            request.environ['PATH_INFO'] = '/'		
        # Removes a trailing slash from the given path, if any.
        elif (len(request.environ['PATH_INFO']) > 1 and
                request.environ['PATH_INFO'][-1] == '/'):
            request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1270378

Title:
  NormalizingFilter performs incorrect validation of PATH_INFO variable

Status in OpenStack Identity (Keystone):
  New

Bug description:
  class NormalizingFilter(wsgi.Middleware):
      """Middleware filter to handle URL normalization."""

      def process_request(self, request):
          """Normalizes URLs."""
          # Removes a trailing slash from the given path, if any.
          if (len(request.environ['PATH_INFO']) > 1 and
                  request.environ['PATH_INFO'][-1] == '/'):
              request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]
          # Rewrites path to root if no path is given.
          elif not request.environ['PATH_INFO']:
              request.environ['PATH_INFO'] = '/'

  
  The if condition performs a length check without checking if PATH_INFO is None. Instead, the check is done in the elif clause.
  Shouldn't this validation instead be like below ?

      def process_request(self, request):
          """Normalizes URLs."""
          # Rewrites path to root if no path is given.
          if not request.environ['PATH_INFO']:
              request.environ['PATH_INFO'] = '/'		
          # Removes a trailing slash from the given path, if any.
          elif (len(request.environ['PATH_INFO']) > 1 and
                  request.environ['PATH_INFO'][-1] == '/'):
              request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1270378/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next