misc: check null characters in query-string and form data (#46625)
This commit is contained in:
parent
2600bfab90
commit
d3c962e095
|
@ -31,6 +31,7 @@ from django.utils.functional import SimpleLazyObject
|
|||
from django.utils.translation import ugettext as _
|
||||
from django.utils.six.moves.urllib import parse as urlparse
|
||||
from django.shortcuts import render
|
||||
from django import http
|
||||
|
||||
from . import app_settings, utils, plugins
|
||||
from .utils.service import get_service_from_request, get_service_from_session
|
||||
|
@ -222,5 +223,24 @@ def journal_middleware(get_response):
|
|||
def middleware(request):
|
||||
request.journal = journal.Journal(request=request)
|
||||
return get_response(request)
|
||||
|
||||
return middleware
|
||||
|
||||
|
||||
def null_character_middleware(get_response):
|
||||
def middleware(request):
|
||||
def check_query_dict(qd):
|
||||
for key in qd:
|
||||
for value in qd.getlist(key):
|
||||
if '\0' in value:
|
||||
return False
|
||||
return True
|
||||
|
||||
if not check_query_dict(request.GET):
|
||||
return http.HttpResponseBadRequest('null character in query string')
|
||||
|
||||
if request.content_type == 'application/x-www-form-urlencoded':
|
||||
if not check_query_dict(request.POST):
|
||||
return http.HttpResponseBadRequest('null character in form data')
|
||||
|
||||
return get_response(request)
|
||||
return middleware
|
||||
|
|
|
@ -88,6 +88,7 @@ TEMPLATES = [
|
|||
|
||||
|
||||
MIDDLEWARE = (
|
||||
'authentic2.middleware.null_character_middleware',
|
||||
'authentic2.middleware.StoreRequestMiddleware',
|
||||
'authentic2.middleware.RequestIdMiddleware',
|
||||
'authentic2.middleware.ServiceAccessControlMiddleware',
|
||||
|
|
|
@ -968,3 +968,8 @@ uGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VGTm+IVFYB7d1x457jY5zjjXJvNyso
|
|||
owIDAQAB
|
||||
-----END PUBLIC KEY-----'''
|
||||
response = app.get('/idp/saml2/metadata')
|
||||
|
||||
|
||||
def test_null_character_nonce(app, db):
|
||||
response = app.get('/idp/saml2/continue/', params={'nonce': '\0'}, status=400)
|
||||
assert response.text == 'null character in query string'
|
||||
|
|
|
@ -318,3 +318,11 @@ def test_login_opened_session_cookie(db, app, settings, simple_user):
|
|||
for cookie in app.cookiejar:
|
||||
if cookie.name == 'A2_OPENED_SESSION':
|
||||
assert cookie.secure is True
|
||||
|
||||
|
||||
def test_null_characters(app, db):
|
||||
response = app.get('/login/')
|
||||
response.form.set('username', 'xx\0xx')
|
||||
response.form.set('password', 'whatever')
|
||||
response = response.form.submit(name='login-password-submit', status=400)
|
||||
assert response.text == 'null character in form data'
|
||||
|
|
Loading…
Reference in New Issue