Projet

Général

Profil

0001-misc-check-null-characters-in-query-string-and-form-.patch

Benjamin Dauvergne, 06 octobre 2020 12:47

Télécharger (3,38 ko)

Voir les différences:

Subject: [PATCH 1/2] misc: check null characters in query-string and form data
 (#46625)

 src/authentic2/middleware.py | 21 +++++++++++++++++++++
 src/authentic2/settings.py   |  1 +
 tests/test_idp_saml2.py      |  5 +++++
 tests/test_login.py          |  8 ++++++++
 4 files changed, 35 insertions(+)
src/authentic2/middleware.py
30 30
from django.utils.translation import ugettext as _
31 31
from django.utils.six.moves.urllib import parse as urlparse
32 32
from django.shortcuts import render
33
from django import http
33 34

  
34 35
from . import app_settings, utils, plugins
35 36
from .utils.service import get_service_from_request
......
215 216
            request.session['service_pk'] = service.pk
216 217

  
217 218
        return self.get_response(request)
219

  
220

  
221
def null_character_middleware(get_response):
222
    def middleware(request):
223
        def check_query_dict(qd):
224
            for key in qd:
225
                for value in qd.getlist(key):
226
                    if '\0' in value:
227
                        return False
228
            return True
229

  
230
        if not check_query_dict(request.GET):
231
            return http.HttpResponseBadRequest('null character in query string')
232

  
233
        if request.content_type == 'application/x-www-form-urlencoded':
234
            if not check_query_dict(request.POST):
235
                return http.HttpResponseBadRequest('null character in form data')
236

  
237
        return get_response(request)
238
    return middleware
src/authentic2/settings.py
88 88

  
89 89

  
90 90
MIDDLEWARE = (
91
    'authentic2.middleware.null_character_middleware',
91 92
    'authentic2.middleware.StoreRequestMiddleware',
92 93
    'authentic2.middleware.RequestIdMiddleware',
93 94
    'authentic2.middleware.ServiceAccessControlMiddleware',
tests/test_idp_saml2.py
968 968
owIDAQAB
969 969
-----END PUBLIC KEY-----'''
970 970
    response = app.get('/idp/saml2/metadata')
971

  
972

  
973
def test_null_character_nonce(app, db):
974
    response = app.get('/idp/saml2/continue/', params={'nonce': '\0'}, status=400)
975
    assert response.text == 'null character in query string'
tests/test_login.py
304 304
    for cookie in app.cookiejar:
305 305
        if cookie.name == 'A2_OPENED_SESSION':
306 306
            assert cookie.secure is True
307

  
308

  
309
def test_null_characters(app, db):
310
    response = app.get('/login/')
311
    response.form.set('username', 'xx\0xx')
312
    response.form.set('password', 'whatever')
313
    response = response.form.submit(name='login-password-submit', status=400)
314
    assert response.text == 'null character in form data'
307
-