def test_cookie_str_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = cout[:64] + 'X' + cout[65:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header="")))
def test_cookie_str_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = self._corrupt_part_str(cout, 64, 66) s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header="")))
def test_cookie_str_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() cout_str = cout[:36] + 'X' + cout[37:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output()))
def test_cookie_str_arbitrary_change(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output(header="") cout_str = cout[:20] + 'this is bad' + cout[20:] s = SimpleCookie() s.load(cout_str) self.assertFalse(self.jar.isGoodCookieString(s.output(header="")))
def test_cookie_str_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() cout_str = cout[:76] + 'X' + cout[77:] s = SimpleCookie() s.load(cout_str) observed = self.jar.isGoodCookieString(s.output(), _debug=True) self.assertFalse(observed)
def test_mix_unmix3(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output()) exp, data, digest = unmix3(s[self._token].value) self.assertEqual(data, self.data) self.assertEqual(float(exp), self.exp) key = self.jar._key # Peeking... mac = util.bin_to_hex( EVP.hmac(key, util.py3bytes(mix(self.exp, self.data)), 'sha1')) self.assertEqual(digest, mac)
def test_mix_unmix3(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output(header="")) exp, data, digest = unmix3(s[self._token].value) self.assertEqual(data, self.data) # see comment in test_mix_unmix self.assertAlmostEqual(exp, self.exp, places=4) key = self.jar._key # pylint: disable=protected-access mac = util.bin_to_hex( EVP.hmac(key, six.ensure_binary(mix(self.exp, self.data)), 'sha1')) self.assertEqual(digest, mac)
def isGoodCookieString(self, cookie_str): # type: (Union[dict, bytes]) -> Union[bool, int] c = SimpleCookie() c.load(cookie_str) if _TOKEN not in c: return 0 undough = unmix3(c[_TOKEN].value) if undough is None: return 0 exp, data, mac = undough c2 = self.makeCookie(exp, data) return (not c2.isExpired()) and (c2._mac == mac)
def test_mix_unmix3(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output(header="")) exp, data, digest = unmix3(s[self._token].value) self.assertEqual(data, self.data) # see comment in test_mix_unmix self.assertAlmostEqual(exp, self.exp, places=4) key = self.jar._key # pylint: disable=protected-access mac = util.bin_to_hex( EVP.hmac(key, util.py3bytes(mix(self.exp, self.data)), 'sha1')) self.assertEqual(digest, mac)
def isGoodCookieString(self, cookie_str, _debug=False): # type: (Union[dict, bytes], bool) -> Union[bool, int] c = SimpleCookie() c.load(cookie_str) if _TOKEN not in c: log.debug('_TOKEN not in c (keys = %s)', dir(c)) return 0 undough = unmix3(c[_TOKEN].value) if undough is None: log.debug('undough is None') return 0 exp, data, mac = undough c2 = self.makeCookie(exp, data) if _debug and (c2._mac == mac): log.error('cookie_str = %s', cookie_str) log.error('c2.isExpired = %s', c2.isExpired()) log.error('mac = %s', mac) log.error('c2._mac = %s', c2._mac) log.error('c2._mac == mac: %s', str(c2._mac == mac)) return (not c2.isExpired()) and (c2._mac == mac)
def test_cookie_str2(self): c = self.jar.makeCookie(self.exp, self.data) s = SimpleCookie() s.load(c.output(header="")) self.assertTrue(self.jar.isGoodCookieString(s.output(header="")))
def test_cookie_str_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) s = SimpleCookie() s.load(c.output(header="")) self.assertFalse(self.jar.isGoodCookieString(s.output(header="")))