| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
* Replace unittest.makeSuite with unittest.TestLoader().loadTestsFromTestCase
* import unittest from relative import
|
| |
|
|
|
|
|
| |
Specially replace complicated construct with unittest2 to one import to
M2Crypto top module.
Also, Rand.load_file should have first parameter as bytes(), not str().
|
| | |
|
| |
|
|
|
|
|
|
| |
Simple rules (like entering 'X' to random part of string) are not 100%
secure, because the string may actually have that value in the place.
ROT-13 encoding doesn't work on digits, so I try this.
Fixes #138.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The load() method of http.BaseCookie has been change substantial in Python 3.
Unfortunately this is not documented in the online docs, the only hint I found,
was a comment in the http.cookie module::
We first parse the whole cookie string and reject it if it's
syntactically invalid (this helps avoid some classes of injection
attacks).
This means, cookies with a leading 'Set-Cookie:' string like::
'Set-Cookie: _M2AUTH_="exp=1485714802.7772.... "'
are no longer valid for BaseCookie.load() and will **silently** result in an
unset/empty Cookie. Here is a small Py3 example::
>>> from http.cookies import SimpleCookie
>>> C1 = SimpleCookie()
>>> C1["foo"] = "bar"
>>> C2.output()
'Set-Cookie: foo=bar'
>>> C2 = SimpleCookie()
>>> C2.load(C.output())
>>> C2.output()
''
Loaded cookie is unset, see empty string on last line of the example above.
This also affects the AuthCookie.isGoodCookieString()
method, which uses BaseCookie.load() to validate a cookie!!
The workaround is to use an empty header argument when using outpout()::
>>> C2.load(C.output(header=""))
>>> C2.output()
'Set-Cookie: foo=bar'
To get in use of this workaround, AuthCookie.output() is fixed in a way it is
more BaseCookie compliant.
BTW: AuthCookieJar.isGoodCookieString returned ambiguous bool or int values,
which is also fixed within in this patch (return always a bool value).
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
AuthCookie.exp is float so don’t convert it from/to str unecessarily and
don’t use assertEqual on it (it should be assertAlmostEqual).
Add logging in case something goes wrong.
Collecting error data in case test_cookie_str_changed_mac goes wrong.
Fixes #157
|
| |
|
|
| |
This should be NOOP functionally.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Just run
$ find . -name \*.py -exec sed -r -i -e "s/\t/ /g" '{}' \;
$ find . -name \*.py -exec sed -r -i -e "s/[ ]+$//" '{}' \;
|
| |
|
|
| |
Negative logic makes it less readable.
|
| |
|
|
|
|
|
|
|
|
|
| |
The test tests that a modification of MAC is detected by replacing one
character by 'X', but from time to time the original MAC may have an 'X'
in that place, in which case the modification doesn’t happen.
To reproduce:
for i in $(seq 1 1000); do j=$(python tests/test_authcookie.py 2>&1); if echo "$j" | grep -q FAIL; then echo "$i": "$j"; break; fi; done
Fixes #53
|
| |
|
|
| |
Fixes #48
|
| |
|
|
|
|
|
|
| |
for example:
python setup.py test --test-suite=tests.test_x509 -q
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@504 2715db39-9adf-0310-9c64-84f055769b4b
|
| |
|
|
|
|
| |
one cookie to set, so changing the test to account for that difference.
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@484 2715db39-9adf-0310-9c64-84f055769b4b
|
| |
|
|
|
|
| |
bloat, and made working with diffs more difficult than it needed to.
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@383 2715db39-9adf-0310-9c64-84f055769b4b
|
| |
|
|
| |
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@299 2715db39-9adf-0310-9c64-84f055769b4b
|
| |
|
|
| |
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@141 2715db39-9adf-0310-9c64-84f055769b4b
|
|
|
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@129 2715db39-9adf-0310-9c64-84f055769b4b
|
