yahoo-eng-team team mailing list archive

[Morgan Fainberg <morgan.fainberg@xxxxxxxxx>]

I'm marking this as Invalid as it would have expired out a long time ago
had it not been assigned to someone (based on being incomplete)

** Changed in: keystone
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1270378

Title:
  NormalizingFilter performs incorrect validation of PATH_INFO variable

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  class NormalizingFilter(wsgi.Middleware):
      """Middleware filter to handle URL normalization."""

      def process_request(self, request):
          """Normalizes URLs."""
          # Removes a trailing slash from the given path, if any.
          if (len(request.environ['PATH_INFO']) > 1 and
                  request.environ['PATH_INFO'][-1] == '/'):
              request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]
          # Rewrites path to root if no path is given.
          elif not request.environ['PATH_INFO']:
              request.environ['PATH_INFO'] = '/'

  
  The if condition performs a length check without checking if PATH_INFO is None. Instead, the check is done in the elif clause.
  Shouldn't this validation instead be like below ?

      def process_request(self, request):
          """Normalizes URLs."""
          # Rewrites path to root if no path is given.
          if not request.environ['PATH_INFO']:
              request.environ['PATH_INFO'] = '/'		
          # Removes a trailing slash from the given path, if any.
          elif (len(request.environ['PATH_INFO']) > 1 and
                  request.environ['PATH_INFO'][-1] == '/'):
              request.environ['PATH_INFO'] = request.environ['PATH_INFO'][:-1]

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1270378/+subscriptions