openstack/oslo.utils
Code Issues Proposed changes

Merge "Adding a check of string type for hmacs"

Browse Source
This commit is contained in:
Jenkins 2017-05-27 12:58:45 +00:00 committed by Gerrit Code Review
commit c0193b7a46
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
oslo_utils/secretutils.py
View File

@ -20,6 +20,8 @@ Secret utilities.
import hmac
import six
try:
constant_time_compare = hmac.compare_digest
@ -33,6 +35,10 @@ except AttributeError:
content-based short circuiting behaviour, making it appropriate
for cryptography.
"""
if isinstance(first, six.string_types):
first = first.encode('utf-8')
if isinstance(second, six.string_types):
second = second.encode('utf-8')
if len(first) != len(second):
return False
result = 0

2
oslo_utils/tests/test_secretutils.py
View File

@ -34,6 +34,7 @@ class SecretUtilsTest(testscenarios.TestWithScenarios,
self.converter(u'abcd')))
self.assertTrue(ctc(self.converter(u''),
self.converter(u'')))
self.assertTrue(ctc('abcd', 'abcd'))
self.assertFalse(ctc(self.converter(u'abcd'),
self.converter(u'efgh')))
self.assertFalse(ctc(self.converter(u'abc'),
@ -50,3 +51,4 @@ class SecretUtilsTest(testscenarios.TestWithScenarios,
self.converter(u'a')))
self.assertFalse(ctc(self.converter(u'abcd1234'),
self.converter(u'1234abcd')))
self.assertFalse(ctc('abcd1234', '1234abcd'))