)]}'
{"swift/common/middleware/tempurl.py":[{"author":{"_account_id":6968,"name":"Christian Schwede","email":"cschwede@nvidia.com","username":"cschwede"},"change_message_id":"b227f1d40a50b7ed2177c73678ad345c7cab8d09","unresolved":false,"context_lines":[{"line_number":465,"context_line":"        elif len(temp_url_sig) \u003d\u003d 40:"},{"line_number":466,"context_line":"            hash_algorithm \u003d \u0027sha1\u0027"},{"line_number":467,"context_line":"        elif len(temp_url_sig) \u003d\u003d 64:"},{"line_number":468,"context_line":"            hash_algorithm \u003d \u0027sha256\u0027"},{"line_number":469,"context_line":"        else:"},{"line_number":470,"context_line":"            return self._invalid(env, start_response)"},{"line_number":471,"context_line":"        if hash_algorithm not in self.allowed_digests:"}],"source_content_type":"text/x-python","patch_set":6,"id":"5f93b717_3decc68d","line":468,"updated":"2018-01-31 09:14:10.000000000","message":"I think a non-encoded SHA512 is not too bad at all, and might make it easier for clients to switch to SHA512 signatures without adding b64encoding.\nIt\u0027s not a blocker in my eyes, but would be nice to have this option too.","commit_id":"5a4d3bdfc49d61ee6e333c8eb1dad4383ae9308b"}],"swift/common/utils.py":[{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"8fb083b510cffa1399cef4369a0e5158d02d6edc","unresolved":false,"context_lines":[{"line_number":239,"context_line":""},{"line_number":240,"context_line":"def get_hmac(request_method, path, expires, key, digest\u003dsha1):"},{"line_number":241,"context_line":"    \"\"\""},{"line_number":242,"context_line":"    Returns the hexdigest string of the HMAC-SHA1 (RFC 2104) for"},{"line_number":243,"context_line":"    the request."},{"line_number":244,"context_line":""},{"line_number":245,"context_line":"    :param request_method: Request method to allow."}],"source_content_type":"text/x-python","patch_set":5,"id":"5f93b717_70237ebe","line":242,"range":{"start_line":242,"start_character":40,"end_line":242,"end_character":49},"updated":"2018-01-30 03:38:06.000000000","message":"this is now optional, still maybe ok to say so long the digest is mentioned in the params below.","commit_id":"bf910ad675dbec00129e481171ff554a191f3cd8"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e6b60298f94e102041fd6b66c16abf40ad29facb","unresolved":false,"context_lines":[{"line_number":239,"context_line":""},{"line_number":240,"context_line":"def get_hmac(request_method, path, expires, key, digest\u003dsha1):"},{"line_number":241,"context_line":"    \"\"\""},{"line_number":242,"context_line":"    Returns the hexdigest string of the HMAC-SHA1 (RFC 2104) for"},{"line_number":243,"context_line":"    the request."},{"line_number":244,"context_line":""},{"line_number":245,"context_line":"    :param request_method: Request method to allow."}],"source_content_type":"text/x-python","patch_set":5,"id":"5f93b717_74635243","line":242,"range":{"start_line":242,"start_character":40,"end_line":242,"end_character":49},"in_reply_to":"5f93b717_70237ebe","updated":"2018-01-31 02:21:57.000000000","message":"Done","commit_id":"bf910ad675dbec00129e481171ff554a191f3cd8"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"8fb083b510cffa1399cef4369a0e5158d02d6edc","unresolved":false,"context_lines":[{"line_number":246,"context_line":"    :param path: The path to the resource to allow access to."},{"line_number":247,"context_line":"    :param expires: Unix timestamp as an int for when the URL"},{"line_number":248,"context_line":"                    expires."},{"line_number":249,"context_line":"    :param key: HMAC shared secret."},{"line_number":250,"context_line":""},{"line_number":251,"context_line":"    :returns: hexdigest str of the HMAC-SHA1 for the request."},{"line_number":252,"context_line":"    \"\"\""}],"source_content_type":"text/x-python","patch_set":5,"id":"5f93b717_700cde40","line":249,"updated":"2018-01-30 03:38:06.000000000","message":":param digest: digest to use. Defaults to sha1.","commit_id":"bf910ad675dbec00129e481171ff554a191f3cd8"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e6b60298f94e102041fd6b66c16abf40ad29facb","unresolved":false,"context_lines":[{"line_number":246,"context_line":"    :param path: The path to the resource to allow access to."},{"line_number":247,"context_line":"    :param expires: Unix timestamp as an int for when the URL"},{"line_number":248,"context_line":"                    expires."},{"line_number":249,"context_line":"    :param key: HMAC shared secret."},{"line_number":250,"context_line":""},{"line_number":251,"context_line":"    :returns: hexdigest str of the HMAC-SHA1 for the request."},{"line_number":252,"context_line":"    \"\"\""}],"source_content_type":"text/x-python","patch_set":5,"id":"5f93b717_94685e1d","line":249,"in_reply_to":"5f93b717_700cde40","updated":"2018-01-31 02:21:57.000000000","message":"Done","commit_id":"bf910ad675dbec00129e481171ff554a191f3cd8"}],"test/functional/test_tempurl.py":[{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"8fb083b510cffa1399cef4369a0e5158d02d6edc","unresolved":false,"context_lines":[{"line_number":797,"context_line":""},{"line_number":798,"context_line":"        if encoding \u003d\u003d \u0027url-safe-base64\u0027:"},{"line_number":799,"context_line":"            # Make sure that we\u0027re actually testing url-safe-ness"},{"line_number":800,"context_line":"            while \u0027-\u0027 not in sig and \u0027_\u0027 not in sig:"},{"line_number":801,"context_line":"                expires +\u003d 1"},{"line_number":802,"context_line":"                sig \u003d self.get_sig(expires, digest, encoding)"},{"line_number":803,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"5f93b717_139004ed","line":800,"range":{"start_line":800,"start_character":12,"end_line":800,"end_character":52},"updated":"2018-01-30 03:38:06.000000000","message":"Who knows how many iterations this loop could take. In testing the max I saw was 7. I wonder if we need a cap just in case?\n\n  for tries in range(20):\n      if \u0027-\u0027 in sig or \u0027_\u0027 in sig:\n          break\n      expires +\u003d 1\n      sig \u003d self.get_sig(expires, digest, encoding)\n  else:\n      self.fail(\u0027Failed to generate a url_safe sig in %d attempts\u0027 % (tries))","commit_id":"bf910ad675dbec00129e481171ff554a191f3cd8"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e6b60298f94e102041fd6b66c16abf40ad29facb","unresolved":false,"context_lines":[{"line_number":797,"context_line":""},{"line_number":798,"context_line":"        if encoding \u003d\u003d \u0027url-safe-base64\u0027:"},{"line_number":799,"context_line":"            # Make sure that we\u0027re actually testing url-safe-ness"},{"line_number":800,"context_line":"            while \u0027-\u0027 not in sig and \u0027_\u0027 not in sig:"},{"line_number":801,"context_line":"                expires +\u003d 1"},{"line_number":802,"context_line":"                sig \u003d self.get_sig(expires, digest, encoding)"},{"line_number":803,"context_line":""}],"source_content_type":"text/x-python","patch_set":5,"id":"5f93b717_94a7febd","line":800,"range":{"start_line":800,"start_character":12,"end_line":800,"end_character":52},"in_reply_to":"5f93b717_139004ed","updated":"2018-01-31 02:21:57.000000000","message":"If we cap the retries, we\u0027re engineering in a flakey test :-/\n\nAssuming sha1 (since our odds improve as the hash gets longer), we\u0027ve got 20 bytes per sig.\n\n sum(\u0027+\u0027 in x or \u0027/\u0027 in x for x in (\n    base64.b64encode(os.urandom(20)) for x in range(100000)\n\nsuggests there\u0027s somewhere around a 56% chance that any given sig includes *something* to differentiate b64 from urlsafe_b64. (Sure, we could probably derive this from first principles, but I didn\u0027t really feel like dealing with how padding figures into it.)\n\n \u003e\u003e\u003e (1-.56)**20\n 7.396964420145931e-08\n\nSo that puts the odds at just under one-in-ten-million for us needing to recheck. Maybe that\u0027s tolerable? I don\u0027t really like it though.","commit_id":"bf910ad675dbec00129e481171ff554a191f3cd8"}]}