From 3a9a51c969c2aeb7cceb7b2bee203a10afb2da95 Mon Sep 17 00:00:00 2001
From: Gunnar Mills <gmills@us.ibm.com>
Date: Wed, 25 Jul 2018 09:32:52 -0500
Subject: Revert "Provide the infrastructure to whitelist given URL from REST
 server"

This reverts commit 0cf702c3948487089723d539efc59275b958bf34.

This commit broke accessing the Web UI. Reverting until this can be
fixed.

Change-Id: Ie49bbcd51561cca5d587bd161ec51f3b6d22ffd0
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
---
 module/obmc/wsgi/apps/rest_dbus.py | 32 --------------------------------
 1 file changed, 32 deletions(-)

(limited to 'module/obmc')

diff --git a/module/obmc/wsgi/apps/rest_dbus.py b/module/obmc/wsgi/apps/rest_dbus.py
index d89cb68..5eaffb7 100644
--- a/module/obmc/wsgi/apps/rest_dbus.py
+++ b/module/obmc/wsgi/apps/rest_dbus.py
@@ -31,7 +31,6 @@ import crypt
 import tempfile
 import re
 import mimetypes
-import fnmatch
 have_wsock = True
 try:
     from geventwebsocket import WebSocketError
@@ -1455,36 +1454,6 @@ class ContentCheckerPlugin(object):
 
         return self.Checker(content_type, callback)
 
-class CheckURLPlugin(object):
-    ''' Ensures that anything read and written using only urls listed in
-        the url_config.json config file would allowed. '''
-    name = 'url_checker'
-    api = 2
-
-    def __init__(self):
-        config_path = '/usr/share/rest-dbus/url_config.json'
-        url_config = {}
-        urls = {}
-        self.pattern = {}
-        if os.path.exists(config_path):
-            try:
-                with open(config_path) as data_file:
-                    url_config = json.load(data_file)
-                    urls = url_config.get("urls", ["*"])
-                    self.pattern = '|'.join(fnmatch.translate(p) for p in urls)
-                    self.pattern = re.compile(self.pattern)
-            except ValueError as e:
-                    abort(404, str(e))
-        else:
-            abort(404, "Config file path not found for Whitelisted URLs")
-
-    def apply(self, callback, route):
-
-        def wrap(*a, **kw):
-                if self.pattern.match(request.path):
-                    return callback(*a, **kw)
-                abort(404,"Trying to access Blocked URL")
-        return wrap
 
 class App(Bottle):
     def __init__(self, **kw):
@@ -1513,7 +1482,6 @@ class App(Bottle):
         self.install(JsonApiResponsePlugin(self))
         self.install(JsonApiRequestPlugin())
         self.install(JsonApiRequestTypePlugin())
-        self.install(CheckURLPlugin())
 
     def install_hooks(self):
         self.error_handler_type = type(self.default_error_handler)
-- 
cgit v1.2.1