def test_CVE_2014_3539_no_encoding(self):
# Attacker sends pickled data to the receiver socket.
receiver = doa._SocketReceiver()
payload = pickle.dumps("def foo():\n return 123\n")
received_objs = self.try_CVE_2014_3539_exploit(receiver, payload)
# Make sure the exploit did not run
self.assertEqual(0, len(received_objs))
def test_CVE_2014_3539_no_encoding(self):
# Attacker sends pickled data to the receiver socket.
receiver = doa._SocketReceiver()
payload = pickle.dumps('def foo():\n return 123\n')
received_objs = self.try_CVE_2014_3539_exploit(receiver, payload)
# Make sure the exploit did not run
self.assertEqual(0, len(received_objs))
def test_CVE_2014_3539_sanity(self):
# Tests that sending valid, signed data on the socket does work.
receiver = doa._SocketReceiver()
pickled_data = base64.b64encode(
pickle.dumps("def foo():\n return 123\n",
pickle.HIGHEST_PROTOCOL))
digest = hmac.new(receiver.key, pickled_data, hashlib.sha256).digest()
payload = base64.b64encode(digest) + b":" + pickled_data + b"\n"
received_objs = self.try_CVE_2014_3539_exploit(receiver, payload)
# Make sure the exploit did not run
self.assertEqual(1, len(received_objs))
def test_CVE_2014_3539_sanity(self):
# Tests that sending valid, signed data on the socket does work.
receiver = doa._SocketReceiver()
pickled_data = base64.b64encode(
pickle.dumps('def foo():\n return 123\n',
pickle.HIGHEST_PROTOCOL))
digest = hmac.new(receiver.key, pickled_data, hashlib.sha256).digest()
payload = (base64.b64encode(digest) + b':' + pickled_data + b'\n')
received_objs = self.try_CVE_2014_3539_exploit(receiver, payload)
# Make sure the exploit did not run
self.assertEqual(1, len(received_objs))
def test_CVE_2014_3539_signature_mismatch(self):
# Attacker sends well-formed data with an incorrect signature.
receiver = doa._SocketReceiver()
pickled_data = pickle.dumps('def foo():\n return 123\n',
pickle.HIGHEST_PROTOCOL)
digest = hmac.new(b'invalid-key', pickled_data, hashlib.sha256).digest()
payload = (base64.b64encode(digest) + b':' +
base64.b64encode(pickled_data) + b'\n')
received_objs = self.try_CVE_2014_3539_exploit(receiver, payload)
# Make sure the exploit did not run
self.assertEqual(0, len(received_objs))
def test_CVE_2014_3539_signature_mismatch(self):
# Attacker sends well-formed data with an incorrect signature.
receiver = doa._SocketReceiver()
pickled_data = pickle.dumps("def foo():\n return 123\n",
pickle.HIGHEST_PROTOCOL)
digest = hmac.new(b"invalid-key", pickled_data,
hashlib.sha256).digest()
payload = (base64.b64encode(digest) + b":" +
base64.b64encode(pickled_data) + b"\n")
received_objs = self.try_CVE_2014_3539_exploit(receiver, payload)
# Make sure the exploit did not run
self.assertEqual(0, len(received_objs))