yahoo-eng-team team mailing list archive

[Dave McCowan <dmccowan@xxxxxxxxx>]

Public bug reported:

It is Horizon's (and OpenStack's) practice to not install unit test code as part of deployment.
It is also a security best practice to not install and expose test code to a end users of a deployment.

Using the AppScan test suite, it was found that:

GET /dashboard/i18n/js/horizon%2Bopenstack_dashboard/test/

returns the javscript that matches this file:

https://github.com/django/django/blob/3c447b108ac70757001171f7a4791f493880bf5b/js_tests/admin
/jsi18n-mocks.test.js

Expected behavior:  this javascript intended for unit test should not be
part of the installed software and should not be executable by an end
user of the deployment.

** Affects: horizon
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1640239

Title:
  Unit test code installed in deployment

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  It is Horizon's (and OpenStack's) practice to not install unit test code as part of deployment.
  It is also a security best practice to not install and expose test code to a end users of a deployment.

  Using the AppScan test suite, it was found that:

  GET /dashboard/i18n/js/horizon%2Bopenstack_dashboard/test/

  returns the javscript that matches this file:

  https://github.com/django/django/blob/3c447b108ac70757001171f7a4791f493880bf5b/js_tests/admin
  /jsi18n-mocks.test.js

  Expected behavior:  this javascript intended for unit test should not
  be part of the installed software and should not be executable by an
  end user of the deployment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1640239/+subscriptions