def login(self, auth_header): if auth_header is None or auth_header.get( 'username') is None or auth_header.get('password') is None: raise MissingAuthHeaderException # mutate the existing query for nosql attacks query = {'name': auth_header['username']} sanitizer.sanitize(query) user = self.users_collection.find_one(query) if not user: raise UnrecognisedUserException if check_password_hash(user['password'], auth_header['password']): token = self.jwt.encode( { 'public_id': str(user['_id']), 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=10), 'key': sha256_crypt.encrypt( auth_header['password'], rounds=1000, salt='')[16:32] }, self.private_key, algorithm='RS256') return token.decode('UTF-8') raise WrongPasswordException
def submit_vote_to_db(request): response = {'success': False} import json if request.is_ajax(): if request.method == 'POST': print request.body response['success'] = True jbody = json.loads(request.body) print jbody # sanitze the vote object before using it in the mongo update() function from mongosanitizer.sanitizer import sanitize sanitize(jbody) # hash/encrypt the voter id before using it in the mongo update() functions import hashlib email = str(jbody['voter_id']) hashed_email_object = hashlib.md5(email.encode()) jbody['voter_id'] = hashed_email_object.hexdigest() # add vote to mongdb from mongo import Mongo mongo = Mongo() collection_q = mongo.connect(host, port, db, collection_questions_responses) query = {} # relaease this to append the vote to its correct concept query['ConceptId'] = jbody['concept_id'] #1 push = {} push['$push'] = {} push['$push']['votes'] = jbody collection_q.update( query, push ) # add voted tasks to users collections collection_u = mongo.connect(host, port, db, collection_users) query_ = {} query_['UserID'] = jbody['voter_id'] push_set = {} push_set['$push'] = {} push_set['$push']['voted_concepts_list'] = jbody['concept_id'] push_set['$push']['voted_cursor_list'] = jbody['voter_survey_cursor'] push_set['$push']['voting_dates'] = jbody['vote_date'] push_set['$set'] = {} push_set['$set']['last_vote_date'] = jbody['vote_date'] collection_u.update( query_, push_set, upsert=True ) from django.http import JsonResponse print JsonResponse(response) return HttpResponse(json.dumps(response), content_type="application/json")
def is_whitelisted_user(self, username): # mutate the existing query for nosql attacks query = {'name': username} sanitizer.sanitize(query) if not self.whitelisted_users.find_one(query): return False return True
def delete_email_and_read_all(self, user_id, email_to_delete): # mutate the existing query for nosql attacks query = {'_id': user_id} sanitizer.sanitize(query) return self.credentials_collection.find_one_and_update( query, {'$pull': { 'credentials': { 'email': email_to_delete, } }}, upsert=True, return_document=ReturnDocument.AFTER)
def get_voted_tasks_from_mongodb(request, userid): from mongo import Mongo import copy, json print 'connecting to mongodb . . . ' jresponse = {} # response['prev_tasks'] = [] jresponse['voted_tasks_concepts'] = [] jresponse['voted_tasks_cursors'] = [] mongo = Mongo() collection = mongo.connect(host, port, db, collection_users) query = {} # sanitze the userid before using it in the mongo find() function from mongosanitizer.sanitizer import sanitize sanitize(userid) # hash/encrypt user_id email before querying db to find match import hashlib email = userid hashed_email_object = hashlib.md5(email.encode()) # prepare query query['UserID'] = hashed_email_object.hexdigest() cursor = collection.find(query, no_cursor_timeout=True) voted_tasks_concepts = [] voted_tasks_cursors = [] for item in cursor: # response['prev_tasks'].extend(copy.deepcopy(concept['votes']['voted_tasks'])) print item['voted_concepts_list'] print item['voted_cursor_list'] jresponse['voted_tasks_concepts'].extend(copy.deepcopy(item['voted_concepts_list'])) jresponse['voted_tasks_cursors'].extend(copy.deepcopy(item['voted_cursor_list'])) # from django.http import JsonResponse # print response(JsonResponse(jresponse)) # return response(JsonResponse(jresponse)) response = HttpResponse(json.dumps(jresponse), content_type="application/json") # cookies set if not request.COOKIES.get('userid'): # response = HttpResponse() response.set_cookie('userid', userid, 3600 * 24 * 365) # one year cookie # return response elif request.COOKIES.get('userid') != userid: response.set_cookie('userid', userid, 3600 * 24 * 365) # one year cookie return response
def connect_find(): unsafe_search = request.args['search'] json_search = json.loads(unsafe_search) safe_search = sanitize(json_search) db = me.connect('mydb') return db.movie.find({'name': safe_search})
def add_credential_and_read_all(self, user_id, email, plain_password, key): # mutate the existing query for nosql attacks query = {'_id': user_id} sanitizer.sanitize(query) return self.credentials_collection.find_one_and_update( {'_id': user_id}, { '$push': { 'credentials': { 'email': email, 'password': key.encrypt(plain_password) } } }, upsert=True, return_document=ReturnDocument.AFTER)
def user_has_email(self, user_id, email): # mutate the existing query for nosql attacks query = {'_id': user_id} sanitizer.sanitize(query) existing_credentials = self.credentials_collection.find_one(query) if existing_credentials is None or existing_credentials.get( 'credentials') is None: return False # can be searched better for credential in existing_credentials['credentials']: if credential['email'] == email: return True return False
def register(self, name, password): # mutate the existing query for nosql attacks query = {'name': name} sanitizer.sanitize(query) # pbkdf2:sha256', salt_length=8 if self.users_collection.find_one( {'name': name}) or self.is_whitelisted_user(name) is False: return False self.users_collection.insert_one({ 'name': name, 'password': generate_password_hash(password) }) return True
def read_all_credentials(self, user_id): # mutate the existing query for nosql attacks query = {'_id': user_id} sanitizer.sanitize(query) return self.credentials_collection.find_one(query)
def test_sanitize_second_level_dict(): query = {'jim': {'$bob': 'jones'}} sanitize(query) assert '$bob' not in query['jim']
def test_sanitize_a_third_level_dict_in_a_second_level_list(): query = {'jim': [{'johnson': {'$bob': 'jones'}}]} sanitize(query) assert '$bob' not in query['jim'][0]['johnson']
def test_sanitize_in_a_second_level_list(): query = {'jim': [{'$bob': 'jones'}]} sanitize(query) assert '$bob' not in query['jim'][0]
def home_page(): unsafe_search = request.args['search'] json_search = json.loads(unsafe_search) safe_search = sanitize(json_search) return mongo.db.user.find({'name': safe_search})
def test_sanitize_first_level_key(): query = {'$bob': 'alice'} sanitize(query) assert '$bob' not in query
def home_page(): unsafe_search = request.args['search'] json_search = json.loads(unsafe_search) safe_search = sanitize(json_search) return client.db.collection.find_one({'data': safe_search})
def subclass_objects(): unsafe_search = request.args['search'] json_search = json.loads(unsafe_search) safe_search = sanitize(json_search) return Movie.objects(__raw__=safe_search)