Pecan's debug mode can be terribly insecure; 500 errors return a Python traceback, the full list of environment variables, and a button to replay the request with a breakpoint. Deployers often run OpenStack services in debug mode; doing so should not open the service up to these flaws. Defaulting pecan_debug to CONF.debug makes this easy to accidentally do. So, default it to False rather than riding on top of CONF.debug. Change-Id: I70f9c9807d16aa50df4d5e16ba2a29575f8b165e Closes-Bug: #1425206 DocImpact
60 lines
2.4 KiB
60 lines
2.4 KiB
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2014 IBM Corp.
# All Rights Reserved.
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import mock
from oslo_config import cfg
from oslo_config import fixture as fixture_config
from ceilometer.api import app
from ceilometer.tests import base
class TestApp(base.BaseTestCase):
def setUp(self):
super(TestApp, self).setUp()
self.CONF = self.useFixture(fixture_config.Config()).conf
def test_api_paste_file_not_exist(self):
self.CONF.set_override('api_paste_config', 'non-existent-file')
with mock.patch.object(self.CONF, 'find_file') as ff:
ff.return_value = None
self.assertRaises(cfg.ConfigFilesNotFoundError, app.load_app)
@mock.patch('ceilometer.api.hooks.PipelineHook', mock.MagicMock())
def test_pecan_debug(self, mocked):
def _check_pecan_debug(g_debug, p_debug, expected, workers=1):
self.CONF.set_override('debug', g_debug)
if p_debug is not None:
self.CONF.set_override('pecan_debug', p_debug, group='api')
self.CONF.set_override('api_workers', workers)
args, kwargs = mocked.call_args
self.assertEqual(expected, kwargs.get('debug'))
_check_pecan_debug(g_debug=False, p_debug=None, expected=False)
_check_pecan_debug(g_debug=True, p_debug=None, expected=False)
_check_pecan_debug(g_debug=True, p_debug=False, expected=False)
_check_pecan_debug(g_debug=False, p_debug=True, expected=True)
_check_pecan_debug(g_debug=True, p_debug=None, expected=False,
_check_pecan_debug(g_debug=False, p_debug=True, expected=False,