summaryrefslogtreecommitdiff
path: root/tests/test_session.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/test_session.py')
-rw-r--r--tests/test_session.py22
1 files changed, 2 insertions, 20 deletions
diff --git a/tests/test_session.py b/tests/test_session.py
index 6f93864a5..5e2a1ff55 100644
--- a/tests/test_session.py
+++ b/tests/test_session.py
@@ -364,10 +364,10 @@ class TestSignedCookieSession(SharedCookieSessionTests, unittest.TestCase):
import base64
import hashlib
import hmac
- import pickle
+ import json
digestmod = lambda: hashlib.new(hashalg)
- cstruct = pickle.dumps(value, pickle.HIGHEST_PROTOCOL)
+ cstruct = json.dumps(value).encode('utf-8')
sig = hmac.new(salt + b'secret', cstruct, digestmod).digest()
return base64.urlsafe_b64encode(sig + cstruct).rstrip(b'=')
@@ -505,24 +505,6 @@ class TestSignedCookieSession(SharedCookieSessionTests, unittest.TestCase):
self.assertEqual(result, None)
self.assertTrue('Set-Cookie' in dict(response.headerlist))
- def test_bad_pickle(self):
- import base64
- import hashlib
- import hmac
-
- digestmod = lambda: hashlib.new('sha512')
- # generated from dumping an object that cannot be found anymore, eg:
- # class Foo: pass
- # print(pickle.dumps(Foo()))
- cstruct = b'(i__main__\nFoo\np0\n(dp1\nb.'
- sig = hmac.new(b'pyramid.session.secret', cstruct, digestmod).digest()
- cookieval = base64.urlsafe_b64encode(sig + cstruct).rstrip(b'=')
-
- request = testing.DummyRequest()
- request.cookies['session'] = cookieval
- session = self._makeOne(request, secret='secret')
- self.assertEqual(session, {})
-
class Test_manage_accessed(unittest.TestCase):
def _makeOne(self, wrapped):
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 19:26:23 +0000