Project

Profile

Help

Refactor #3303

closed

v2.py: Accept header handling is sketchy

Added by mihai.ibanescu@gmail.com about 6 years ago. Updated over 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
2.15.1
Target Release - Crane:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Docker engines typically present more than one Accept: header (usually three).

While they are three different lines in the HTTP header, they typically get combined as a single value, comma-separated.

Crane has a bunch of if/then/else logic that looks like:

accept_headers = request.headers.get('Accept')
schema2_mediatype = 'application/vnd.docker.distribution.manifest.v2+json'
manifest_list_mediatype = 'application/vnd.docker.distribution.manifest.list.v2+json'
if manifest_list_mediatype in accept_headers ...:
   ...

That is essentially the equivalent of evaluating:

"val1" in "val1, val2, val3"

and boils down to string matching.

I find it dangerous, because "val" in "val1, val2, val3" is also True.

It just so happens that the Docker engine is civilized enough to present the right values.

A much better solution would be something like:

accept_headers = accept_headers.split(",") if accept_headers else []
accept_headers = set(x.strip() for x in accept_headers)
Actions #2

Updated by mihai.ibanescu@gmail.com about 6 years ago

  • Description updated (diff)
Actions #3

Updated by dkliban@redhat.com about 6 years ago

  • Status changed from NEW to POST
  • Assignee set to mihai.ibanescu@gmail.com
Actions #4

Updated by dalley about 6 years ago

  • Tracker changed from Issue to Refactor
  • % Done set to 0

Added by Mihai Ibanescu about 6 years ago

Revision cf972a36 | View on GitHub

Safer handling of Accept headers

closes #3303 https://pulp.plan.io/issues/3303

Actions #5

Updated by Anonymous about 6 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #6

Updated by pcreech about 6 years ago

  • Platform Release set to 2.15.1

Added by Mihai Ibanescu about 6 years ago

Revision 0553c802 | View on GitHub

Safer handling of Accept headers

closes #3303 https://pulp.plan.io/issues/3303

(cherry picked from commit cf972a363b8c25323a1e53c831749537268f0a3a)

Actions #7

Updated by pcreech about 6 years ago

  • Status changed from MODIFIED to 5
Actions #8

Updated by pcreech about 6 years ago

  • Status changed from 5 to CLOSED - CURRENTRELEASE
Actions #9

Updated by bmbouter almost 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF