diff options
| author | Balazs Gibizer <balazs.gibizer@ericsson.com> | 2017-03-17 11:24:49 +0100 |
|---|---|---|
| committer | Matt Riedemann <mriedem.os@gmail.com> | 2017-03-17 13:19:07 -0400 |
| commit | 305cdb38db47258909ef83d5918c7c85ef9d7a5b (patch) | |
| tree | 763268a47c988df9641f1f2ca9544a214af01be7 | |
| parent | d27c1b0fd30c1aa13b1f7ffd26afbe388d97eeda (diff) | |
| download | nova-305cdb38db47258909ef83d5918c7c85ef9d7a5b.tar.gz | |
do not include context to exception notification
The wrap_exception decorator optionally emited a notification.
Based on the code comments the original intention was not to include the
context to that notification due to security reasons. However the
implementation did included the context to the payload of the legacy
notification.
Recently we saw circural reference errors during the payload serialization
of this notification. Based on the logs the only complex data structure
that could cause circural reference is the context. So this patch
removes the context from the legacy exception notification.
The versioned exception notification is not affected as it does not
contain the args of the decorated function.
Conflicts:
nova/exception_wrapper.py
nova/tests/unit/test_exception.py
NOTE(mriedem): The conflict is due to some refactor in Newton:
6329d721ef326488d5d660e4f68febf563ed93ab
Closes-Bug: #1673375
Change-Id: I1d217620e52d45595a3e0e49ed57b4ab33cd1688
(cherry picked from commit 3bf177a59cfd0b4e74dba256c3466ba2ea9bfbf7)
(cherry picked from commit a8a1915456a86f504d23f215867da730d436fe33)
(cherry picked from commit d0ee248bab6727555561c15998c58a0f11a5351b)
| -rw-r--r-- | nova/exception.py | 4 | ||||
| -rw-r--r-- | nova/tests/unit/test_exception.py | 1 |
2 files changed, 5 insertions, 0 deletions
diff --git a/nova/exception.py b/nova/exception.py index 40b82bf583..848b0f0938 100644 --- a/nova/exception.py +++ b/nova/exception.py @@ -97,6 +97,10 @@ def wrap_exception(notifier=None, get_notifier=None): # self can't be serialized and shouldn't be in the # payload call_dict.pop('self', None) + # NOTE(gibi) remove context as well as it contains + # sensitive information and it can also contain + # circular references + call_dict.pop('context', None) cleansed = _cleanse_dict(call_dict) payload.update({'args': cleansed}) diff --git a/nova/tests/unit/test_exception.py b/nova/tests/unit/test_exception.py index 6a3b2b70a0..17f61efd8e 100644 --- a/nova/tests/unit/test_exception.py +++ b/nova/tests/unit/test_exception.py @@ -62,6 +62,7 @@ class WrapExceptionTestCase(test.NoDBTestCase): self.assertEqual(3, notifier.provided_payload['args']['extra']) for key in ['exception', 'args']: self.assertIn(key, notifier.provided_payload.keys()) + self.assertNotIn('context', notifier.provided_payload['args'].keys()) class NovaExceptionTestCase(test.NoDBTestCase): |