0001-misc-check-null-characters-in-query-string-and-form-.patch
src/authentic2/middleware.py | ||
---|---|---|
30 | 30 |
from django.utils.translation import ugettext as _ |
31 | 31 |
from django.utils.six.moves.urllib import parse as urlparse |
32 | 32 |
from django.shortcuts import render |
33 |
from django import http |
|
33 | 34 | |
34 | 35 |
from . import app_settings, utils, plugins |
35 | 36 |
from .utils.service import get_service_from_request |
... | ... | |
215 | 216 |
request.session['service_pk'] = service.pk |
216 | 217 | |
217 | 218 |
return self.get_response(request) |
219 | ||
220 | ||
221 |
def null_character_middleware(get_response): |
|
222 |
def middleware(request): |
|
223 |
def check_query_dict(qd): |
|
224 |
for key in qd: |
|
225 |
for value in qd.getlist(key): |
|
226 |
if '\0' in value: |
|
227 |
return False |
|
228 |
return True |
|
229 | ||
230 |
if not check_query_dict(request.GET): |
|
231 |
return http.HttpResponseBadRequest('null character in query string') |
|
232 | ||
233 |
if request.content_type == 'application/x-www-form-urlencoded': |
|
234 |
if not check_query_dict(request.POST): |
|
235 |
return http.HttpResponseBadRequest('null character in form data') |
|
236 | ||
237 |
return get_response(request) |
|
238 |
return middleware |
src/authentic2/settings.py | ||
---|---|---|
88 | 88 | |
89 | 89 | |
90 | 90 |
MIDDLEWARE = ( |
91 |
'authentic2.middleware.null_character_middleware', |
|
91 | 92 |
'authentic2.middleware.StoreRequestMiddleware', |
92 | 93 |
'authentic2.middleware.RequestIdMiddleware', |
93 | 94 |
'authentic2.middleware.ServiceAccessControlMiddleware', |
tests/test_idp_saml2.py | ||
---|---|---|
968 | 968 |
owIDAQAB |
969 | 969 |
-----END PUBLIC KEY-----''' |
970 | 970 |
response = app.get('/idp/saml2/metadata') |
971 | ||
972 | ||
973 |
def test_null_character_nonce(app, db): |
|
974 |
response = app.get('/idp/saml2/continue/', params={'nonce': '\0'}, status=400) |
|
975 |
assert response.text == 'null character in query string' |
tests/test_login.py | ||
---|---|---|
304 | 304 |
for cookie in app.cookiejar: |
305 | 305 |
if cookie.name == 'A2_OPENED_SESSION': |
306 | 306 |
assert cookie.secure is True |
307 | ||
308 | ||
309 |
def test_null_characters(app, db): |
|
310 |
response = app.get('/login/') |
|
311 |
response.form.set('username', 'xx\0xx') |
|
312 |
response.form.set('password', 'whatever') |
|
313 |
response = response.form.submit(name='login-password-submit', status=400) |
|
314 |
assert response.text == 'null character in form data' |
|
307 |
- |