0001-misc-check-null-characters-in-query-string-and-form-.patch
src/authentic2/middleware.py | ||
---|---|---|
31 | 31 |
from django.utils.translation import ugettext as _ |
32 | 32 |
from django.utils.six.moves.urllib import parse as urlparse |
33 | 33 |
from django.shortcuts import render |
34 |
from django import http |
|
34 | 35 | |
35 | 36 |
from . import app_settings, utils, plugins |
36 | 37 |
from .utils.service import get_service_from_request, get_service_from_session |
... | ... | |
222 | 223 |
def middleware(request): |
223 | 224 |
request.journal = journal.Journal(request=request) |
224 | 225 |
return get_response(request) |
226 |
return middleware |
|
227 | ||
228 | ||
229 |
def null_character_middleware(get_response): |
|
230 |
def middleware(request): |
|
231 |
def check_query_dict(qd): |
|
232 |
for key in qd: |
|
233 |
for value in qd.getlist(key): |
|
234 |
if '\0' in value: |
|
235 |
return False |
|
236 |
return True |
|
225 | 237 | |
238 |
if not check_query_dict(request.GET): |
|
239 |
return http.HttpResponseBadRequest('null character in query string') |
|
240 | ||
241 |
if request.content_type == 'application/x-www-form-urlencoded': |
|
242 |
if not check_query_dict(request.POST): |
|
243 |
return http.HttpResponseBadRequest('null character in form data') |
|
244 | ||
245 |
return get_response(request) |
|
226 | 246 |
return middleware |
src/authentic2/settings.py | ||
---|---|---|
88 | 88 | |
89 | 89 | |
90 | 90 |
MIDDLEWARE = ( |
91 |
'authentic2.middleware.null_character_middleware', |
|
91 | 92 |
'authentic2.middleware.StoreRequestMiddleware', |
92 | 93 |
'authentic2.middleware.RequestIdMiddleware', |
93 | 94 |
'authentic2.middleware.ServiceAccessControlMiddleware', |
tests/test_idp_saml2.py | ||
---|---|---|
968 | 968 |
owIDAQAB |
969 | 969 |
-----END PUBLIC KEY-----''' |
970 | 970 |
response = app.get('/idp/saml2/metadata') |
971 | ||
972 | ||
973 |
def test_null_character_nonce(app, db): |
|
974 |
response = app.get('/idp/saml2/continue/', params={'nonce': '\0'}, status=400) |
|
975 |
assert response.text == 'null character in query string' |
tests/test_login.py | ||
---|---|---|
318 | 318 |
for cookie in app.cookiejar: |
319 | 319 |
if cookie.name == 'A2_OPENED_SESSION': |
320 | 320 |
assert cookie.secure is True |
321 | ||
322 | ||
323 |
def test_null_characters(app, db): |
|
324 |
response = app.get('/login/') |
|
325 |
response.form.set('username', 'xx\0xx') |
|
326 |
response.form.set('password', 'whatever') |
|
327 |
response = response.form.submit(name='login-password-submit', status=400) |
|
328 |
assert response.text == 'null character in form data' |
|
321 |
- |