From 4d6a1b327a033b5252317a9e35b664f2155cc2a2 Mon Sep 17 00:00:00 2001
From: BubaVV <markov.vadim@gmail.com>
Date: Thu, 27 Sep 2018 16:58:58 +0300
Subject: [PATCH] Hide Swift network info in Horizon error message

In case of error Swift API return some details about unsuccessful
request, i.e. internal IP, full object pass, etc. This response is not
processed by Horizon and presented to user as-is, which is potentially
insecure. Proposed patch adds error processing striping network location
from error message

Change-Id: Ieef9669a1be3ed7bbc685a457eb1fe86b34c3c7e
Closes-bug: #1794767
---
 openstack_dashboard/api/swift.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/openstack_dashboard/api/swift.py b/openstack_dashboard/api/swift.py
index 74e5568df7..06baadba1d 100644
--- a/openstack_dashboard/api/swift.py
+++ b/openstack_dashboard/api/swift.py
@@ -18,6 +18,8 @@
 
 from datetime import datetime
 
+import functools
+
 import six.moves.urllib.parse as urlparse
 import swiftclient
 
@@ -36,6 +38,18 @@ GLOBAL_READ_ACL = ".r:*"
 LIST_CONTENTS_ACL = ".rlistings"
 
 
+def safe_swift_exception(function):
+    @functools.wraps(function)
+    def wrapper(*args, **kwargs):
+        try:
+            return function(*args, **kwargs)
+        except swiftclient.client.ClientException as e:
+            e.http_scheme = e.http_host = e.http_port = ''
+            raise e
+
+    return wrapper
+
+
 class Container(base.APIDictWrapper):
     pass
 
@@ -136,6 +150,7 @@ def swift_object_exists(request, container_name, object_name):
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_get_containers(request, marker=None, prefix=None):
     limit = getattr(settings, 'API_RESULT_LIMIT', 1000)
     headers, containers = swift_api(request).get_account(limit=limit + 1,
@@ -150,6 +165,7 @@ def swift_get_containers(request, marker=None, prefix=None):
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_get_container(request, container_name, with_data=True):
     if with_data:
         headers, data = swift_api(request).get_object(container_name, "")
@@ -184,6 +200,7 @@ def swift_get_container(request, container_name, with_data=True):
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_create_container(request, name, metadata=({})):
     if swift_container_exists(request, name):
         raise exceptions.AlreadyExists(name, 'container')
@@ -193,6 +210,7 @@ def swift_create_container(request, name, metadata=({})):
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_update_container(request, name, metadata=({})):
     headers = _metadata_to_header(metadata)
     swift_api(request).post_container(name, headers=headers)
@@ -200,6 +218,7 @@ def swift_update_container(request, name, metadata=({})):
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_delete_container(request, name):
     # It cannot be deleted if it's not empty. The batch remove of objects
     # be done in swiftclient instead of Horizon.
@@ -214,6 +233,7 @@ def swift_delete_container(request, name):
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_get_objects(request, container_name, prefix=None, marker=None,
                       limit=None):
     limit = limit or getattr(settings, 'API_RESULT_LIMIT', 1000)
@@ -233,6 +253,7 @@ def swift_get_objects(request, container_name, prefix=None, marker=None,
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_filter_objects(request, filter_string, container_name, prefix=None,
                          marker=None):
     # FIXME(kewu): Swift currently has no real filtering API, thus the marker
@@ -269,6 +290,7 @@ def wildcard_search(string, q):
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_copy_object(request, orig_container_name, orig_object_name,
                       new_container_name, new_object_name):
     if swift_object_exists(request, new_container_name, new_object_name):
@@ -286,6 +308,7 @@ def swift_copy_object(request, orig_container_name, orig_object_name,
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_upload_object(request, container_name, object_name,
                         object_file=None):
     headers = {}
@@ -305,6 +328,7 @@ def swift_upload_object(request, container_name, object_name,
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_create_pseudo_folder(request, container_name, pseudo_folder_name):
     # Make sure the folder name doesn't already exist.
     if swift_object_exists(request, container_name, pseudo_folder_name):
@@ -324,12 +348,14 @@ def swift_create_pseudo_folder(request, container_name, pseudo_folder_name):
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_delete_object(request, container_name, object_name):
     swift_api(request).delete_object(container_name, object_name)
     return True
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_delete_folder(request, container_name, object_name):
     objects, more = swift_get_objects(request, container_name,
                                       prefix=object_name)
@@ -350,6 +376,7 @@ def swift_delete_folder(request, container_name, object_name):
 
 
 @profiler.trace
+@safe_swift_exception
 def swift_get_object(request, container_name, object_name, with_data=True,
                      resp_chunk_size=CHUNK_SIZE):
     if with_data: