)]}'
{"swift/common/middleware/tempurl.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"463fc33e6a4959ebf5ba7aa30184ae0735134285","unresolved":false,"context_lines":[{"line_number":343,"context_line":"#: \u0027*\u0027 to indicate a prefix match."},{"line_number":344,"context_line":"DEFAULT_OUTGOING_ALLOW_HEADERS \u003d \u0027x-object-meta-public-*\u0027"},{"line_number":345,"context_line":""},{"line_number":346,"context_line":"ALLOWED_QS_KEYS \u003d \u0027multipart-manifest\u0027"},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"DEFAULT_ALLOWED_DIGESTS \u003d \u0027sha1 sha256 sha512\u0027"},{"line_number":349,"context_line":"SUPPORTED_DIGESTS \u003d set(DEFAULT_ALLOWED_DIGESTS.split())"}],"source_content_type":"text/x-python","patch_set":1,"id":"dfbec78f_fd085492","line":346,"updated":"2019-05-16 15:53:12.000000000","message":"Hmmm... I just realized: by allowing ?multipart-manifest\u003dput for uploads, we\u0027re also allowing ?multipart-manifest\u003dget on *downloads*...\n\nThat definitely seems like it could expose object names that likely exist but which the user may or may not be allowed to access directly...","commit_id":"d91ebf5d77ea6e866cfaed6b4e8a5aac325570d3"}],"test/functional/test_tempurl.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"463fc33e6a4959ebf5ba7aa30184ae0735134285","unresolved":false,"context_lines":[{"line_number":230,"context_line":"        except ResponseError as e:"},{"line_number":231,"context_line":"            self.assertEqual(e.status, 400)"},{"line_number":232,"context_line":"        else:"},{"line_number":233,"context_line":"            self.fail(\u0027request did not error\u0027)"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"        # create some other container"},{"line_number":236,"context_line":"        other_container \u003d self.env.account.container(Utils.create_name())"}],"source_content_type":"text/x-python","patch_set":1,"id":"dfbec78f_3d758cfa","line":233,"updated":"2019-05-16 15:53:12.000000000","message":"Right, now that we allow x-object-manifest, we\u0027ll need to update this.","commit_id":"d91ebf5d77ea6e866cfaed6b4e8a5aac325570d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"463fc33e6a4959ebf5ba7aa30184ae0735134285","unresolved":false,"context_lines":[{"line_number":690,"context_line":"        if not cls.segments_container.create():"},{"line_number":691,"context_line":"            raise ResponseError(cls.conn.response)"},{"line_number":692,"context_line":""},{"line_number":693,"context_line":"        cls.prefix \u003d Utils.create_name()[:5]"},{"line_number":694,"context_line":""},{"line_number":695,"context_line":"        cls.seg1 \u003d cls.segments_container.file(cls.prefix + Utils.create_name())"},{"line_number":696,"context_line":"        cls.seg1.write(\u00271\u0027 * 1024 * 1024)"}],"source_content_type":"text/x-python","patch_set":1,"id":"dfbec78f_1d69a8f7","line":693,"updated":"2019-05-16 15:53:12.000000000","message":"This won\u0027t necessarily leave us with a valid UTF-8 string. Might want something more like\n\n Utils.create_name().decode(\u0027utf8\u0027)[:5].encode(\u0027utf8\u0027)\n\nor just\n\n Utils.create_name(5)\n\n(We should really clean up create_ascii_name() to respect the length arg...)","commit_id":"d91ebf5d77ea6e866cfaed6b4e8a5aac325570d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"463fc33e6a4959ebf5ba7aa30184ae0735134285","unresolved":false,"context_lines":[{"line_number":739,"context_line":"             \u0027path\u0027: \u0027/%s/%s\u0027 % (cls.segments_container.name,"},{"line_number":740,"context_line":"                                 cls.seg4.name)}]"},{"line_number":741,"context_line":""},{"line_number":742,"context_line":"        cls.manifest_extra \u003d cls.manifest_container.file(Utils.create_name())"},{"line_number":743,"context_line":"        cls.manifest_extra.write("},{"line_number":744,"context_line":"            json.dumps(cls.manifest_data_extra),"},{"line_number":745,"context_line":"            parms\u003d{\u0027multipart-manifest\u0027: \u0027put\u0027})"}],"source_content_type":"text/x-python","patch_set":1,"id":"dfbec78f_bd265c67","line":742,"range":{"start_line":742,"start_character":57,"end_line":742,"end_character":76},"updated":"2019-05-16 15:53:12.000000000","message":"I wonder if it\u0027s more or less interesting to have this start with the prefix, too...","commit_id":"d91ebf5d77ea6e866cfaed6b4e8a5aac325570d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"463fc33e6a4959ebf5ba7aa30184ae0735134285","unresolved":false,"context_lines":[{"line_number":810,"context_line":"    def test_GET_segs_not_prefixed(self):"},{"line_number":811,"context_line":"        expires \u003d int(time()) + 86400"},{"line_number":812,"context_line":"        parms \u003d self.tempurl_params("},{"line_number":813,"context_line":"            \u0027GET\u0027, expires, self.env.conn.make_path(self.env.manifest.path),"},{"line_number":814,"context_line":"            self.env.tempurl_key, self.env.prefix)"},{"line_number":815,"context_line":"        contents \u003d self.env.manifest_extra.read("},{"line_number":816,"context_line":"            parms\u003dparms,"}],"source_content_type":"text/x-python","patch_set":1,"id":"dfbec78f_7dd2242a","line":813,"range":{"start_line":813,"start_character":61,"end_line":813,"end_character":69},"updated":"2019-05-16 15:53:12.000000000","message":"I was worried for a moment about how this was using manifest when we\u0027re about to go GET manifest_extra... but then I realized the path is only used to determine container since we\u0027re passing in prefix.","commit_id":"d91ebf5d77ea6e866cfaed6b4e8a5aac325570d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"463fc33e6a4959ebf5ba7aa30184ae0735134285","unresolved":false,"context_lines":[{"line_number":812,"context_line":"        parms \u003d self.tempurl_params("},{"line_number":813,"context_line":"            \u0027GET\u0027, expires, self.env.conn.make_path(self.env.manifest.path),"},{"line_number":814,"context_line":"            self.env.tempurl_key, self.env.prefix)"},{"line_number":815,"context_line":"        contents \u003d self.env.manifest_extra.read("},{"line_number":816,"context_line":"            parms\u003dparms,"},{"line_number":817,"context_line":"            cfg\u003d{\u0027no_auth_token\u0027: True})"},{"line_number":818,"context_line":"        self.assertEqual(len(contents), 2 * 1024 * 1024)"}],"source_content_type":"text/x-python","patch_set":1,"id":"dfbec78f_dd9a3060","line":815,"updated":"2019-05-16 15:53:12.000000000","message":"The 401 makes sense here, since manifest_extra doesn\u0027t start with the prefix.\n\nIf we changed that -- so this manifest starts with the prefix but still has segments that don\u0027t -- I\u0027d expect a short read, where we get the two segments that also start with the prefix, then SLO hits an error and aborts. A ranged request that starts within one of the invalid segments should... 409? 401? IDK","commit_id":"d91ebf5d77ea6e866cfaed6b4e8a5aac325570d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"463fc33e6a4959ebf5ba7aa30184ae0735134285","unresolved":false,"context_lines":[{"line_number":827,"context_line":""},{"line_number":828,"context_line":"        parms.update({\u0027multipart-manifest\u0027: \u0027put\u0027})"},{"line_number":829,"context_line":"        slo.write("},{"line_number":830,"context_line":"            json.dumps(self.env.manifest_data_extra),"},{"line_number":831,"context_line":"            parms\u003dparms,"},{"line_number":832,"context_line":"            cfg\u003d{\u0027no_auth_token\u0027: True})"},{"line_number":833,"context_line":""}],"source_content_type":"text/x-python","patch_set":1,"id":"dfbec78f_fd1a936c","line":830,"range":{"start_line":830,"start_character":32,"end_line":830,"end_character":51},"updated":"2019-05-16 15:53:12.000000000","message":"Oh, wait... so we *can* PUT a manifest that points to data in another container? That seems bad. Yeah, we shouldn\u0027t do that...","commit_id":"d91ebf5d77ea6e866cfaed6b4e8a5aac325570d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"463fc33e6a4959ebf5ba7aa30184ae0735134285","unresolved":false,"context_lines":[{"line_number":837,"context_line":""},{"line_number":838,"context_line":"        # PUT tempurls also allow HEAD requests"},{"line_number":839,"context_line":"        self.assertTrue(slo.info("},{"line_number":840,"context_line":"            parms\u003dparms, cfg\u003d{\u0027no_auth_token\u0027: True}))"},{"line_number":841,"context_line":""},{"line_number":842,"context_line":"        # Can we use HEAD requests to search other containers we shouldn\u0027t"},{"line_number":843,"context_line":"        # have access to?"}],"source_content_type":"text/x-python","patch_set":1,"id":"dfbec78f_5de4ff0c","line":840,"updated":"2019-05-16 15:53:12.000000000","message":"...particularly since you can also read it. Now, particularly since we recommend that people have a separate _segments container, I don\u0027t know that allowing cross-container reads is necessarily bad, particularly for SLO... but we can\u0027t allow that PUT, for sure.","commit_id":"d91ebf5d77ea6e866cfaed6b4e8a5aac325570d3"}]}