fix hmac.compare_digest under python277

charsyam · charsyam · commit af51cb1d7d40 · 2016-10-19T17:52:55.000+09:00
fix indent

implement tscmp for preventing timing attack

remove semicolon

apply flake8

apply flake8

refactoring using hasattr

refactoring using len2 directly

add test and refactoring
diff --git a/linebot/utils.py b/linebot/utils.py
@@ -45,3 +45,26 @@ def to_camel_case(text):
     """
     split = text.split('_')
     return split[0] + "".join(x.title() for x in split[1:])
+
+
+def safe_compare_digest(val1, val2):
+    """compare_digest method. for test extract safe_compare_digest method
+
+    :param str or bytes val1: string or bytes for compare
+    :param str or bytes val2: string or bytes for compare
+    :rtype: bool
+    :return: result
+    """
+
+    if len(val1) != len(val2):
+        return False
+
+    result = 0
+    if PY3 and isinstance(val1, bytes) and isinstance(val2, bytes):
+        for i, j in zip(val1, val2):
+            result |= i ^ j
+    else:
+        for i, j in zip(val1, val2):
+            result |= (ord(i) ^ ord(j))
+
+    return result == 0
diff --git a/linebot/webhook.py b/linebot/webhook.py
@@ -32,7 +32,29 @@
     PostbackEvent,
     BeaconEvent
 )
-from .utils import LOGGER, PY3
+from .utils import LOGGER, PY3, safe_compare_digest
+
+
+if hasattr(hmac, "compare_digest"):
+    def compare_digest(val1, val2):
+        """compare_digest method.
+
+        :param str or bytes val1: string or bytes for compare
+        :param str or bytes val2: string or bytes for compare
+        :rtype: bool
+        :return: result
+        """
+        return hmac.compare_digest(val1, val2)
+else:
+    def compare_digest(val1, val2):
+        """compare_digest method.
+
+        :param str or bytes val1: string or bytes for compare
+        :param str or bytes val2: string or bytes for compare
+        :rtype: bool
+        :return: result
+        """
+        return safe_compare_digest(val1, val2)
 
 
 class SignatureValidator(object):
@@ -64,8 +86,8 @@ def validate(self, body, signature):
             hashlib.sha256
         ).digest()
 
-        return hmac.compare_digest(
-            signature.encode('utf-8'), base64.b64encode(gen_signature)
+        return compare_digest(
+                signature.encode('utf-8'), base64.b64encode(gen_signature)
         )
 
 
diff --git a/tests/test_utils.py b/tests/test_utils.py
@@ -16,7 +16,7 @@
 
 import unittest
 
-from linebot.utils import to_camel_case, to_snake_case
+from linebot.utils import to_camel_case, to_snake_case, safe_compare_digest
 
 
 class TestUtils(unittest.TestCase):
@@ -26,6 +26,15 @@ def test_to_snake_case(self):
     def test_to_camel_case(self):
         self.assertEqual(to_camel_case('hoge_bar'), 'hogeBar')
 
+    def test_safe_compare_digest_true(self):
+        self.assertTrue(safe_compare_digest('/gg9a+LvFevTH1sd7', '/gg9a+LvFevTH1sd7'))
+
+    def test_safe_compare_digest_false_same_size(self):
+        self.assertFalse(safe_compare_digest('/gg9a+LvFevTH1sd7', '/gg9a+LvFevTH1sd8'))
+
+    def test_safe_compare_digest_false_different_size(self):
+        self.assertFalse(safe_compare_digest('/gg9a+LvFevTH1sd7', '/gg9a+LvFevTH1sd78'))
+
 
 if __name__ == '__main__':
     unittest.main()
