yahoo-eng-team team mailing list archive

[Thomas Goirand <1986545@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Lucas Nussbaum reported this Debian bug:

https://bugs.debian.org/1017217

so I started investigating it. It took me a while to understand it was
due to a change in the Python 3.10.6 standard http/server.py library.

Running these 2 unit tests against Python 3.10.5 works:

test_websocketproxy.NovaProxyRequestHandlerTestCase.test_reject_open_redirect
console.test_websocketproxy.NovaProxyRequestHandlerTestCase.test_reject_open_redirect_3_slashes

However, under Python 3.10.6, this fails. The reason isn't the
interpreter itself, but the standard library, which has additional open
redirection protection.

Looking at the changelog here:
https://docs.python.org/3/whatsnew/changelog.html

we see this issue:
https://github.com/python/cpython/issues/87389

which has been addressed by this commit:
https://github.com/python/cpython/commit/defaa2b19a9a01c79c1d5641a8aa179bb10ead3f

If I "fix" the Python 3.10.5 standard library using the 2 lines of code
of the first hunk of this patch, then I can reproduce the issue.

I guess that the unit testing should be skipped if using Python >=
3.10.6, probably, or adapted somehow. I leave this to the Nova
maintainers: for the Debian package, I'll just skip these 2 unit tests.

Cheers,

Thomas Goirand (zigo)

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1986545

Title:
  websockfiy open redirection unit test broken with Python >= 3.10.6
  standard lib

Status in OpenStack Compute (nova):
  New

Bug description:
  Lucas Nussbaum reported this Debian bug:

  https://bugs.debian.org/1017217

  so I started investigating it. It took me a while to understand it was
  due to a change in the Python 3.10.6 standard http/server.py library.

  Running these 2 unit tests against Python 3.10.5 works:

  test_websocketproxy.NovaProxyRequestHandlerTestCase.test_reject_open_redirect
  console.test_websocketproxy.NovaProxyRequestHandlerTestCase.test_reject_open_redirect_3_slashes

  However, under Python 3.10.6, this fails. The reason isn't the
  interpreter itself, but the standard library, which has additional
  open redirection protection.

  Looking at the changelog here:
  https://docs.python.org/3/whatsnew/changelog.html

  we see this issue:
  https://github.com/python/cpython/issues/87389

  which has been addressed by this commit:
  https://github.com/python/cpython/commit/defaa2b19a9a01c79c1d5641a8aa179bb10ead3f

  If I "fix" the Python 3.10.5 standard library using the 2 lines of
  code of the first hunk of this patch, then I can reproduce the issue.

  I guess that the unit testing should be skipped if using Python >=
  3.10.6, probably, or adapted somehow. I leave this to the Nova
  maintainers: for the Debian package, I'll just skip these 2 unit
  tests.

  Cheers,

  Thomas Goirand (zigo)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1986545/+subscriptions