diff options
| author | Michael Merickel <michael@merickel.org> | 2018-11-23 15:55:00 -0600 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2018-11-23 15:57:08 -0600 |
| commit | f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc (patch) | |
| tree | 2a6d06116a88662221fb607ed1fcb47655665c8a | |
| parent | b404d4b29e5eaa08fb38e9bd4818e1a2d390c10b (diff) | |
| download | pyramid-f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc.tar.gz pyramid-f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc.tar.bz2 pyramid-f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc.zip | |
always use compare_digest
| -rw-r--r-- | src/pyramid/util.py | 8 | ||||
| -rw-r--r-- | tests/test_util.py | 32 |
2 files changed, 5 insertions, 35 deletions
diff --git a/src/pyramid/util.py b/src/pyramid/util.py index cad8142dd..e552b37de 100644 --- a/src/pyramid/util.py +++ b/src/pyramid/util.py @@ -301,7 +301,7 @@ class WeakOrderedSet(object): return self._items[oid]() -def strings_differ(string1, string2, compare_digest=compare_digest): +def strings_differ(string1, string2): """Check whether two strings differ while avoiding timing attacks. This function returns True if the given strings differ and False @@ -325,11 +325,7 @@ def strings_differ(string1, string2, compare_digest=compare_digest): left = string2 right = string2 - if compare_digest is not None: - invalid_bits += not compare_digest(left, right) - else: - for a, b in zip(left, right): - invalid_bits += a != b + invalid_bits += not compare_digest(left, right) return invalid_bits != 0 diff --git a/tests/test_util.py b/tests/test_util.py index 0f313955b..84bc9379f 100644 --- a/tests/test_util.py +++ b/tests/test_util.py @@ -436,37 +436,11 @@ class Test_strings_differ(unittest.TestCase): self.assertFalse(self._callFUT('123', '123')) self.assertTrue(self._callFUT('123', '1234')) - def test_it_with_internal_comparator(self): - result = self._callFUT(b'foo', b'foo', compare_digest=None) - self.assertFalse(result) - - result = self._callFUT(b'123', b'abc', compare_digest=None) - self.assertTrue(result) - - def test_it_with_external_comparator(self): - class DummyComparator(object): - called = False - - def __init__(self, ret_val): - self.ret_val = ret_val - - def __call__(self, a, b): - self.called = True - return self.ret_val - - dummy_compare = DummyComparator(True) - result = self._callFUT(b'foo', b'foo', compare_digest=dummy_compare) - self.assertTrue(dummy_compare.called) + def test_it(self): + result = self._callFUT(b'foo', b'foo') self.assertFalse(result) - dummy_compare = DummyComparator(False) - result = self._callFUT(b'123', b'345', compare_digest=dummy_compare) - self.assertTrue(dummy_compare.called) - self.assertTrue(result) - - dummy_compare = DummyComparator(False) - result = self._callFUT(b'abc', b'abc', compare_digest=dummy_compare) - self.assertTrue(dummy_compare.called) + result = self._callFUT(b'123', b'abc') self.assertTrue(result) |