Merge "crypto: Fix traceback on non-utf8, non-swift paths"
This commit is contained in:
2 changed files with 18 additions and 1 deletions
@@ -16,6 +16,7 @@
import base64
import json
from swift.common.constraints import valid_api_version
from swift.common.header_key_dict import HeaderKeyDict
from swift.common.http import is_success
from swift.common.middleware.crypto.crypto_utils import CryptoWSGIContext, \
@@ -454,8 +455,12 @@ class Decrypter(object):
is_cont_or_obj_req = True
except ValueError:
is_cont_or_obj_req = False
if not is_cont_or_obj_req:
return self.app(env, start_response)
if not valid_api_version(parts[0]):
# Not a swift request
return self.app(env, start_response)
if parts[3] and req.method in ('GET', 'HEAD'):
handler = DecrypterObjContext(self, self.logger).handle
@@ -22,7 +22,7 @@ from unittest import mock
from swift.common.request_helpers import is_object_transient_sysmeta
from swift.common.utils import MD5_OF_EMPTY_STRING
from swift.common.header_key_dict import HeaderKeyDict
from swift.common.middleware.crypto import decrypter
from swift.common.middleware.crypto import decrypter, keymaster
from swift.common.middleware.crypto.crypto_utils import CRYPTO_KEY_CALLBACK, \
dump_crypto_meta, Crypto, load_crypto_meta
from swift.common.swob import Request, HTTPException, HTTPOk, \
@@ -1211,6 +1211,18 @@ class TestDecrypter(unittest.TestCase):
req.get_response(app)
self.assertEqual(FakeAppThatExcepts.MESSAGE, catcher.exception.body)
def test_non_swift_path(self):
path = '/\xC0.\xC0./\xC0.\xC0./\xC0.\xC0./\xC0.\xC0./winnt/win.ini'
fake_swift = FakeSwift()
fake_swift.register('GET', path, HTTPNotFound, {})
app = keymaster.KeyMaster(decrypter.Decrypter(fake_swift, {}), {
'encryption_root_secret': 'A' * 80,
})
app.app.logger = debug_logger()
req = Request.blank(path)
resp = req.get_response(app)
self.assertEqual(resp.status_int, 404)
if __name__ == '__main__':
unittest.main()
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.