dev-python/pycadf/files/CVE-2014-4615.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

https://review.openstack.org/#/c/94878/
Owner	gordon chung
Project	openstack/pycadf
Branch	master
Topic	bug1321080
Uploaded	May 22, 2014 10:12 PM
Updated		May 23, 2014 3:34 AM
Status	Merged
	
Commit Message:		remove token from notifier middleware

notifier middleware is capturing token and sending it to MQ. this
is not advisable so we should filter it out.

Change-Id: I11d9f2f23fc3b60c945c33d4d02bd7640d88a083
Closes-Bug: #1321080
diff --git a/pycadf/middleware/notifier.py b/pycadf/middleware/notifier.py
index fc921f8..621c8b4 100644
--- a/pycadf/middleware/notifier.py
+++ b/pycadf/middleware/notifier.py
@@ -88,7 +88,7 @@
         include them.
         """
         return dict((k, v) for k, v in six.iteritems(environ)
-                    if k.isupper())
+                    if k.isupper() and k != 'HTTP_X_AUTH_TOKEN')
 
     @log_and_ignore_error
     def process_request(self, request):