)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"d855e0d8786b048c72258465e586822cca444559","unresolved":false,"context_lines":[{"line_number":10,"context_line":"request query. It is insecure. NoVNC supports token passed in cookies,"},{"line_number":11,"context_line":"which are at least not logged. Proposed patch makes Horizon using"},{"line_number":12,"context_line":"cookies for this purpose."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: I8f8359e8e17e8d83202f4ac00e1de3f78c119b27"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"3f79a3b5_50b66228","line":13,"updated":"2018-11-06 17:49:22.000000000","message":"Could you file a bug?","commit_id":"60ef450efdda366158c826c0ff7bd32d96530d57"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"change_message_id":"fd5e71bab29f6c9950f6499cc4ea03a1ed774d05","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"f7771c95_c2a0881a","updated":"2025-05-22 14:14:29.000000000","message":"@jjasek@redhat.com hello, please close this MR, no activity from (2019 years).","commit_id":"d0ecf6c71195c35093c2d91e4b85ed806efa3690"},{"author":{"_account_id":8648,"name":"Radomir Dopieralski","email":"openstack@dopieralski.pl","username":"thesheep"},"change_message_id":"78e4920cc891cff3f58bd554eedea862e7d0f1f3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"4651dd9b_12291a5d","updated":"2025-05-07 12:03:35.000000000","message":"It\u0027s difficult to handle global state like cookies properly, I have some comments on the current code, but I\u0027m not entirely sure where it should go correctly.","commit_id":"d0ecf6c71195c35093c2d91e4b85ed806efa3690"},{"author":{"_account_id":37598,"name":"Ivan Anfimov","display_name":"Ivan Anfimov","email":"lazekteam@gmail.com","username":"anfimovir"},"change_message_id":"6ecc757c74150b7f48ca6025938b47c129404a69","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"e05464fa_ee8c02fc","in_reply_to":"4651dd9b_12291a5d","updated":"2025-05-07 12:08:24.000000000","message":"@openstack@dopieralski.pl hello, yes, your right, I spent some time this morning, but to be honest I\u0027m not sure if this is correct solution, I decided to raise this issue considering that we are talking about security.","commit_id":"d0ecf6c71195c35093c2d91e4b85ed806efa3690"}],"horizon/tabs/views.py":[{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"d855e0d8786b048c72258465e586822cca444559","unresolved":false,"context_lines":[{"line_number":62,"context_line":"        \"\"\""},{"line_number":63,"context_line":"        if self.request.is_ajax():"},{"line_number":64,"context_line":"            if tab_group.selected:"},{"line_number":65,"context_line":"                # import ipdb; ipdb.set_trace()"},{"line_number":66,"context_line":"                resp \u003d http.HttpResponse(tab_group.selected.render())"},{"line_number":67,"context_line":"                if \u0027token\u0027 in self.request.COOKIES:"},{"line_number":68,"context_line":"                    token \u003d self.request.COOKIES[\u0027token\u0027]"}],"source_content_type":"text/x-python","patch_set":1,"id":"3f79a3b5_10322ac1","line":65,"updated":"2018-11-06 17:49:22.000000000","message":"This looks like for debugging. Remove it in the proposed review.","commit_id":"60ef450efdda366158c826c0ff7bd32d96530d57"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"d855e0d8786b048c72258465e586822cca444559","unresolved":false,"context_lines":[{"line_number":67,"context_line":"                if \u0027token\u0027 in self.request.COOKIES:"},{"line_number":68,"context_line":"                    token \u003d self.request.COOKIES[\u0027token\u0027]"},{"line_number":69,"context_line":"                    resp.set_cookie(\u0027token\u0027, token, max_age\u003d300, domain\u003d\u0027*\u0027)"},{"line_number":70,"context_line":"                return resp"},{"line_number":71,"context_line":"            else:"},{"line_number":72,"context_line":"                return http.HttpResponse(tab_group.render())"},{"line_number":73,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"3f79a3b5_303726b2","line":70,"updated":"2018-11-06 17:49:22.000000000","message":"I don\u0027t think it makes sense to handle a specific token in the generic tab code.\nCould you consider implementing it in the instance tab views?","commit_id":"60ef450efdda366158c826c0ff7bd32d96530d57"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"d855e0d8786b048c72258465e586822cca444559","unresolved":false,"context_lines":[{"line_number":71,"context_line":"            else:"},{"line_number":72,"context_line":"                return http.HttpResponse(tab_group.render())"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"        # import ipdb; ipdb.set_trace()"},{"line_number":75,"context_line":"        return self.render_to_response(context)"},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"    def get(self, request, *args, **kwargs):"}],"source_content_type":"text/x-python","patch_set":1,"id":"3f79a3b5_d037d2ad","line":74,"updated":"2018-11-06 17:49:22.000000000","message":"ditto","commit_id":"60ef450efdda366158c826c0ff7bd32d96530d57"},{"author":{"_account_id":8648,"name":"Radomir Dopieralski","email":"openstack@dopieralski.pl","username":"thesheep"},"change_message_id":"78e4920cc891cff3f58bd554eedea862e7d0f1f3","unresolved":true,"context_lines":[{"line_number":67,"context_line":"                if \u0027token\u0027 in self.request.COOKIES:"},{"line_number":68,"context_line":"                    token \u003d self.request.COOKIES[\u0027token\u0027]"},{"line_number":69,"context_line":"                    resp.set_cookie(\u0027token\u0027, token, max_age\u003d300, domain\u003d\u0027*\u0027)"},{"line_number":70,"context_line":"                return resp"},{"line_number":71,"context_line":"            return http.HttpResponse(tab_group.render())"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"        return self.render_to_response(context)"}],"source_content_type":"text/x-python","patch_set":4,"id":"6b8bdaf2_dea931e6","line":70,"updated":"2025-05-07 12:03:35.000000000","message":"perhaps we could take the value from the session here, and get rid of that token setting in render_to_response and get_context_data?","commit_id":"d0ecf6c71195c35093c2d91e4b85ed806efa3690"}],"openstack_dashboard/dashboards/project/instances/tabs.py":[{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"d855e0d8786b048c72258465e586822cca444559","unresolved":false,"context_lines":[{"line_number":15,"context_line":"from urllib.parse import parse_qs"},{"line_number":16,"context_line":"from urllib.parse import urlencode"},{"line_number":17,"context_line":"from urllib.parse import urlparse"},{"line_number":18,"context_line":"from urllib.parse import urlunparse"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"from django.conf import settings"},{"line_number":21,"context_line":"from django.urls import reverse"}],"source_content_type":"text/x-python","patch_set":1,"id":"3f79a3b5_f03c4e92","line":18,"updated":"2018-11-06 17:49:22.000000000","message":"Use module-level imports. We don\u0027t use attribute-level import.\n\nIn addition, urllib is not compatible between py2 and py3. You need to use urllib from six.","commit_id":"60ef450efdda366158c826c0ff7bd32d96530d57"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"d855e0d8786b048c72258465e586822cca444559","unresolved":false,"context_lines":[{"line_number":87,"context_line":"            data \u003d _(\u0027Unable to get log for instance \"%s\".\u0027) % instance.id"},{"line_number":88,"context_line":"            exceptions.handle(request, ignore\u003dTrue)"},{"line_number":89,"context_line":""},{"line_number":90,"context_line":"        # import ipdb; ipdb.set_trace()"},{"line_number":91,"context_line":"        return {\"instance\": instance,"},{"line_number":92,"context_line":"                \"console_log\": data,"},{"line_number":93,"context_line":"                \"log_length\": log_length}"}],"source_content_type":"text/x-python","patch_set":1,"id":"3f79a3b5_9045da18","line":90,"updated":"2018-11-06 17:49:22.000000000","message":"remove a debugging comment","commit_id":"60ef450efdda366158c826c0ff7bd32d96530d57"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"d855e0d8786b048c72258465e586822cca444559","unresolved":false,"context_lines":[{"line_number":123,"context_line":"            del args_dict[\u0027token\u0027]"},{"line_number":124,"context_line":"        short_url \u003d parsed_url._replace(query\u003durlencode(args_dict, doseq\u003dTrue))"},{"line_number":125,"context_line":"        self.request.session[\u0027novnc_token\u0027] \u003d token"},{"line_number":126,"context_line":"        # import ipdb; ipdb.set_trace()"},{"line_number":127,"context_line":"        return {\u0027console_url\u0027: urlunparse(short_url), \u0027instance_id\u0027: instance.id,"},{"line_number":128,"context_line":"                \u0027console_type\u0027: console_type, \u0027token\u0027: token}"},{"line_number":129,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"3f79a3b5_b042560c","line":126,"updated":"2018-11-06 17:49:22.000000000","message":"remove debuggin comment.","commit_id":"60ef450efdda366158c826c0ff7bd32d96530d57"},{"author":{"_account_id":8648,"name":"Radomir Dopieralski","email":"openstack@dopieralski.pl","username":"thesheep"},"change_message_id":"78e4920cc891cff3f58bd554eedea862e7d0f1f3","unresolved":true,"context_lines":[{"line_number":150,"context_line":"        if token:"},{"line_number":151,"context_line":"            del args_dict[\u0027token\u0027]"},{"line_number":152,"context_line":"        short_url \u003d parsed_url._replace(query\u003durlencode(args_dict, doseq\u003dTrue))"},{"line_number":153,"context_line":"        self.request.session[\u0027novnc_token\u0027] \u003d token"},{"line_number":154,"context_line":"        return {\u0027console_url\u0027: urlunparse(short_url),"},{"line_number":155,"context_line":"                \u0027instance_id\u0027: instance.id,"},{"line_number":156,"context_line":"                \u0027console_type\u0027: console_type,"}],"source_content_type":"text/x-python","patch_set":4,"id":"f02f2d53_8e77b632","line":153,"updated":"2025-05-07 12:03:35.000000000","message":"Also, I don\u0027t like how this call has side effects. We should probably set that token where this is called from. I don\u0027t remember the exact call chain in Django, but I will think about a better place for it.","commit_id":"d0ecf6c71195c35093c2d91e4b85ed806efa3690"},{"author":{"_account_id":8648,"name":"Radomir Dopieralski","email":"openstack@dopieralski.pl","username":"thesheep"},"change_message_id":"78e4920cc891cff3f58bd554eedea862e7d0f1f3","unresolved":true,"context_lines":[{"line_number":150,"context_line":"        if token:"},{"line_number":151,"context_line":"            del args_dict[\u0027token\u0027]"},{"line_number":152,"context_line":"        short_url \u003d parsed_url._replace(query\u003durlencode(args_dict, doseq\u003dTrue))"},{"line_number":153,"context_line":"        self.request.session[\u0027novnc_token\u0027] \u003d token"},{"line_number":154,"context_line":"        return {\u0027console_url\u0027: urlunparse(short_url),"},{"line_number":155,"context_line":"                \u0027instance_id\u0027: instance.id,"},{"line_number":156,"context_line":"                \u0027console_type\u0027: console_type,"}],"source_content_type":"text/x-python","patch_set":4,"id":"eb94dbcb_51d2ae1c","line":153,"updated":"2025-05-07 12:03:35.000000000","message":"we should check that the console_type\u003d\u003d\u0027VNC\u0027 before we do this, and I would probably put this piece of code in a separate function, for clarity","commit_id":"d0ecf6c71195c35093c2d91e4b85ed806efa3690"}],"openstack_dashboard/dashboards/project/instances/views.py":[{"author":{"_account_id":8648,"name":"Radomir Dopieralski","email":"openstack@dopieralski.pl","username":"thesheep"},"change_message_id":"78e4920cc891cff3f58bd554eedea862e7d0f1f3","unresolved":true,"context_lines":[{"line_number":482,"context_line":""},{"line_number":483,"context_line":"        context[\"actions\"] \u003d self._get_actions(instance)"},{"line_number":484,"context_line":"        self.request.COOKIES[\u0027token\u0027] \u003d self.request.session.get("},{"line_number":485,"context_line":"            \u0027novnc_token\u0027, None)"},{"line_number":486,"context_line":"        return context"},{"line_number":487,"context_line":""},{"line_number":488,"context_line":"    def render_to_response(self, context):"}],"source_content_type":"text/x-python","patch_set":4,"id":"de59abc9_22f39c01","line":485,"updated":"2025-05-07 12:03:35.000000000","message":"I don\u0027t like having side effects in a get_* method. Do we really need this here, when there is the same code in render_to_response too?","commit_id":"d0ecf6c71195c35093c2d91e4b85ed806efa3690"}],"requirements.txt":[{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"d855e0d8786b048c72258465e586822cca444559","unresolved":false,"context_lines":[{"line_number":69,"context_line":"XStatic-Spin\u003e\u003d1.2.5.2 # MIT License"},{"line_number":70,"context_line":"XStatic-term.js\u003e\u003d0.0.7.0 # MIT License"},{"line_number":71,"context_line":"XStatic-tv4\u003e\u003d1.2.7.0 # MIT"},{"line_number":72,"context_line":"ipdb"}],"source_content_type":"text/plain","patch_set":1,"id":"3f79a3b5_70b35e36","line":72,"updated":"2018-11-06 17:49:22.000000000","message":"Looks unnecessary","commit_id":"60ef450efdda366158c826c0ff7bd32d96530d57"}]}
