[openstack-dev] [keystone] broken python35 job due to webob compatibility issues

Victor Stinner vstinner at redhat.com
Thu Mar 30 07:26:38 UTC 2017

Adding the charset sounds like a good practice, especially in Keystone 
which is security sensitive. See this old Python vulnerability:


"The list_directory() function in Lib/SimpleHTTPServer.py in 
SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 
2.7.x before 2.7.2 does not place a charset parameter in the 
Content-Type HTTP header, which makes it easier for remote attackers to 
conduct cross-site scripting (XSS) attacks against Internet Explorer 7 
via UTF-7 encoding."

Maybe in 2017, browsers don't have issues with encodings anymore, right? ;-)

I don't know the WebOb module, but I'm not surprised that it doesn't 
already add charset='utf-8' *by default*.


Le 29/03/2017 à 23:54, Lance Bragstad a écrit :
> The keystone gate is currently broken [0]. This seems related to a
> previous change we made to be compatible with webob 1.7 [1]. Looks like
> we missed a couple spots in the original patch that are failing now that
> we're using a newer version of webob.
> There is a solution up for review [2] that should unblock the gate.
> [0] http://logs.openstack.org/44/443344/6/gate/gate-keystone-python35/e162b3d/testr_results.html.gz
> [1] https://review.openstack.org/#/c/422234/
> [2] https://review.openstack.org/#/c/451559/
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list