)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"f188398e77be315b1893bdb24f8b5d14fc95548c","unresolved":false,"context_lines":[{"line_number":10,"context_line":"not match the host, this could indicate an attempt at a"},{"line_number":11,"context_line":"cross-site attack.  This commit adds a check to verify"},{"line_number":12,"context_line":"the origin matches the host."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: Ica6ec23d6f69a236657d5ba0c3f51b693c633649"},{"line_number":15,"context_line":"Closes-Bug: 1409142"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"9a80dd14_74ac6336","line":13,"updated":"2015-03-11 14:43:30.000000000","message":"Misses SecurityImpact tag nope?","commit_id":"1eb56fcded304532349cd67fb55723f8c0f573aa"},{"author":{"_account_id":1779,"name":"Daniel Berrange","email":"berrange@redhat.com","username":"berrange"},"change_message_id":"989c0edc960a1dd6f1503f8bec026485fe3927f3","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Sylvain Bauza \u003csbauza@redhat.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2015-03-11 14:46:42 +0000"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Websocket Proxy should verify Origin header"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"If the Origin HTTP header passed in the WebSocket handshake does"},{"line_number":10,"context_line":"not match the host, this could indicate an attempt at a"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"9a80dd14_5725a108","line":7,"updated":"2015-03-11 14:56:45.000000000","message":"As a security fix, I\u0027d prefer to see the CVE listed in the subject line here.","commit_id":"b8cda8657a057082d6663521de784e89501de455"}],"nova/console/websocketproxy.py":[{"author":{"_account_id":7677,"name":"Solly Ross","email":"sross@redhat.com","username":"sross"},"change_message_id":"87c99f60953c80aa57ce21596e60519f89c23482","unresolved":false,"context_lines":[{"line_number":47,"context_line":"        return str(self.client_address[0])"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"    def verify_origin_proto(self, console_type, origin_proto):"},{"line_number":50,"context_line":"        if console_type \u003d\u003d \u0027novnc\u0027:"},{"line_number":51,"context_line":"            expected_proto \u003d \\"},{"line_number":52,"context_line":"                urlparse.urlparse(CONF.novncproxy_base_url).scheme"},{"line_number":53,"context_line":"        elif console_type \u003d\u003d \u0027spice-html5\u0027:"}],"source_content_type":"text/x-python","patch_set":2,"id":"9a80dd14_97f0f9ca","line":50,"updated":"2015-03-11 15:01:08.000000000","message":"It would probably be better to pass in the expected protocol to baseproxy (you could use the same logic to determine it, though), especially since we also have serial consoles (which you miss here), and could potentially grow more console types in the future.","commit_id":"b8cda8657a057082d6663521de784e89501de455"},{"author":{"_account_id":9555,"name":"Matthew Booth","email":"mbooth@redhat.com","username":"MatthewBooth"},"change_message_id":"6194f6abcb92fe761714cce537e270b01bc4c90d","unresolved":false,"context_lines":[{"line_number":100,"context_line":"        # Verify Origin"},{"line_number":101,"context_line":"        expected_origin_netloc \u003d self.headers.getheader(\u0027Host\u0027)"},{"line_number":102,"context_line":"        origin_url \u003d self.headers.getheader(\u0027Origin\u0027)"},{"line_number":103,"context_line":"        origin \u003d urlparse.urlparse(origin_url)"},{"line_number":104,"context_line":"        origin_netloc \u003d origin.netloc"},{"line_number":105,"context_line":"        origin_scheme \u003d origin.scheme"},{"line_number":106,"context_line":"        if origin_netloc \u003d\u003d \u0027\u0027 or origin_scheme \u003d\u003d \u0027\u0027:"}],"source_content_type":"text/x-python","patch_set":2,"id":"9a80dd14_6f29e988","line":103,"updated":"2015-03-11 16:41:19.000000000","message":"This will return None if the request doesn\u0027t contain Origin, which old clients might not. If we\u0027re going to reject these, we should raise the correct error rather than failing trying to parse None.","commit_id":"b8cda8657a057082d6663521de784e89501de455"}]}