Loading searx/webapp.py +2 −2 Original line number Diff line number Diff line Loading @@ -71,6 +71,7 @@ from searx.webutils import ( get_themes, prettify_url, new_hmac, is_hmac_of, is_flask_run_cmdline, ) from searx.webadapter import ( Loading Loading @@ -1067,8 +1068,7 @@ def image_proxy(): if not url: return '', 400 h = new_hmac(settings['server']['secret_key'], url.encode()) if h != request.args.get('h'): if not is_hmac_of(settings['server']['secret_key'], url.encode(), request.args.get('h', '')): return '', 400 maximum_size = 5 * 1024 * 1024 Loading searx/webutils.py +6 −8 Original line number Diff line number Diff line Loading @@ -77,14 +77,12 @@ def get_result_templates(templates_path): def new_hmac(secret_key, url): try: secret_key_bytes = bytes(secret_key, 'utf-8') except TypeError as err: if isinstance(secret_key, bytes): secret_key_bytes = secret_key else: raise err return hmac.new(secret_key_bytes, url, hashlib.sha256).hexdigest() return hmac.new(secret_key.encode(), url, hashlib.sha256).hexdigest() def is_hmac_of(secret_key, value, hmac_to_check): hmac_of_value = new_hmac(secret_key, value) return len(hmac_of_value) == len(hmac_to_check) and hmac.compare_digest(hmac_of_value, hmac_to_check) def prettify_url(url, max_length=74): Loading tests/unit/test_webutils.py +9 −7 Original line number Diff line number Diff line Loading @@ -78,10 +78,12 @@ class TestUnicodeWriter(SearxTestCase): class TestNewHmac(SearxTestCase): def test_bytes(self): for secret_key in ['secret', b'secret', 1]: if secret_key == 1: with self.assertRaises(TypeError): webutils.new_hmac(secret_key, b'http://example.com') continue res = webutils.new_hmac(secret_key, b'http://example.com') data = b'http://example.com' with self.assertRaises(AttributeError): webutils.new_hmac(b'secret', data) with self.assertRaises(AttributeError): webutils.new_hmac(1, data) res = webutils.new_hmac('secret', data) self.assertEqual(res, '23e2baa2404012a5cc8e4a18b4aabf0dde4cb9b56f679ddc0fd6d7c24339d819') Loading
searx/webapp.py +2 −2 Original line number Diff line number Diff line Loading @@ -71,6 +71,7 @@ from searx.webutils import ( get_themes, prettify_url, new_hmac, is_hmac_of, is_flask_run_cmdline, ) from searx.webadapter import ( Loading Loading @@ -1067,8 +1068,7 @@ def image_proxy(): if not url: return '', 400 h = new_hmac(settings['server']['secret_key'], url.encode()) if h != request.args.get('h'): if not is_hmac_of(settings['server']['secret_key'], url.encode(), request.args.get('h', '')): return '', 400 maximum_size = 5 * 1024 * 1024 Loading
searx/webutils.py +6 −8 Original line number Diff line number Diff line Loading @@ -77,14 +77,12 @@ def get_result_templates(templates_path): def new_hmac(secret_key, url): try: secret_key_bytes = bytes(secret_key, 'utf-8') except TypeError as err: if isinstance(secret_key, bytes): secret_key_bytes = secret_key else: raise err return hmac.new(secret_key_bytes, url, hashlib.sha256).hexdigest() return hmac.new(secret_key.encode(), url, hashlib.sha256).hexdigest() def is_hmac_of(secret_key, value, hmac_to_check): hmac_of_value = new_hmac(secret_key, value) return len(hmac_of_value) == len(hmac_to_check) and hmac.compare_digest(hmac_of_value, hmac_to_check) def prettify_url(url, max_length=74): Loading
tests/unit/test_webutils.py +9 −7 Original line number Diff line number Diff line Loading @@ -78,10 +78,12 @@ class TestUnicodeWriter(SearxTestCase): class TestNewHmac(SearxTestCase): def test_bytes(self): for secret_key in ['secret', b'secret', 1]: if secret_key == 1: with self.assertRaises(TypeError): webutils.new_hmac(secret_key, b'http://example.com') continue res = webutils.new_hmac(secret_key, b'http://example.com') data = b'http://example.com' with self.assertRaises(AttributeError): webutils.new_hmac(b'secret', data) with self.assertRaises(AttributeError): webutils.new_hmac(1, data) res = webutils.new_hmac('secret', data) self.assertEqual(res, '23e2baa2404012a5cc8e4a18b4aabf0dde4cb9b56f679ddc0fd6d7c24339d819')
