本文整理汇总了Python中esapi.core.ESAPI.http_utilities方法的典型用法代码示例。如果您正苦于以下问题:Python ESAPI.http_utilities方法的具体用法?Python ESAPI.http_utilities怎么用?Python ESAPI.http_utilities使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类esapi.core.ESAPI的用法示例。
在下文中一共展示了ESAPI.http_utilities方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_add_exception
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_add_exception(self):
ESAPI.intrusion_detector().add_exception( RuntimeError('message') )
ESAPI.intrusion_detector().add_exception(
ValidationException("user message", "log message") )
ESAPI.intrusion_detector().add_exception(
IntrusionException("user message", "log message") )
username = "testAddException"
password = "addException"
auth = ESAPI.authenticator()
user = auth.create_user(username, password, password)
user.enable()
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
user.login_with_password(password)
# Generate some exceptions to disable the account
for i in range(15):
IntegrityException(
"IntegrityException %s" % i,
"IntegrityException %s" % i )
self.assertFalse(user.is_logged_in())
self.assertTrue(user.is_locked())示例2: test_get_user_from_token
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_get_user_from_token(self):
instance = ESAPI.authenticator()
instance.logout()
account_name = "testUserFromToken"
password = instance.generate_strong_password()
user = instance.create_user(account_name, password, password)
user.enable()
###
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
m = Morsel()
m.key = HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME
m.value = "ridiculous"
request.cookies[m.key] = m
# Wrong cookie should fail
self.assertRaises(AuthenticationException, instance.login, request, response)
user.logout()
###
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.authenticator().current_user = user
new_token = ESAPI.http_utilities().set_remember_token(
password, 10000, "test.com", request.path, request, response )
request.set_cookie( key=HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, value=new_token )
ESAPI.http_utilities().set_current_http(request, response)
# Logout the current user so we can log them in with the remember cookie
user2 = instance.login(request, response)
self.assertEquals(user, user2)示例3: test_add_csrf_token
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_add_csrf_token(self):
instance = ESAPI.authenticator()
username = "addCSRFUser"
password = 'addCSRFToken'
user = instance.create_user(username, password, password)
instance.current_user = user
csrf1 = ESAPI.http_utilities().add_csrf_token('/test1')
self.assertTrue(csrf1.find('?') > -1)
csrf2 = ESAPI.http_utilities().add_csrf_token('test1?one=two')
self.assertTrue(csrf2.find('?') > -1)示例4: test_save_too_long_state_in_cookie
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_save_too_long_state_in_cookie(self):
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
foo = "abcd" * 1000
data = {'long': foo}
try:
ESAPI.http_utilities().encrypt_state_in_cookie(response, data)
self.fail()
except:
pass示例5: login_with_password
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def login_with_password(self, password):
if password is None:
self.last_failed_login_time = datetime.now()
self.increment_failed_login_count()
raise AuthenticationLoginException( _("Login failed"),
_("Missing password: %(account_name)s") %
{'account_name' : self.account_name})
# Don't let disabled users log in
if not self.is_enabled():
self.last_failed_login_time = datetime.now()
self.increment_failed_login_count()
raise AuthenticationLoginException( _("Login failed"),
_("Disabled user attempt to login: %(account_name)s") %
{'account_name' : self.account_name})
# Don't let locked users log in
if self.is_locked():
self.last_failed_login_time = datetime.now()
self.increment_failed_login_count()
raise AuthenticationLoginException( _("Login failed"),
_("Locked user attempt to login: %(account_name)s") %
{'account_name' : self.account_name})
# Don't let expired users log in
if self.is_expired():
self.last_failed_login_time = datetime.now()
self.increment_failed_login_count()
raise AuthenticationLoginException( _("Login failed"),
_("Expired user attempt to login: %(account_name)s") %
{'account_name' : self.account_name})
self.logout()
if self.verify_password( password ):
self._logged_in = True
ESAPI.http_utilities().change_session_identifier( ESAPI.current_request() )
ESAPI.authenticator().current_user = self
self.last_login_time = datetime.now()
self.last_host_address = ESAPI.http_utilities().get_current_request().remote_host
self.logger.trace(Logger.SECURITY_SUCCESS,
_("User logged in: %(account_name)s") %
{'account_name' : self.account_name})
else:
self._logged_in = False
self.last_failed_login_time = datetime.now()
self.increment_failed_login_count()
if self.get_failed_login_count() >= ESAPI.security_configuration().get_allowed_login_attempts():
self.lock()
raise AuthenticationLoginException( _("Login failed"),
_("Incorrect password provided for %(account_name)s") %
{'account_name' : self.account_name})示例6: test_set_no_cache_headers
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_set_no_cache_headers(self):
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
self.assertEquals(0, len(response.headers))
response.headers["test1"] = "1"
response.headers["test2"] = "2"
response.headers["test3"] = "3"
self.assertEquals(3, len(response.headers))
ESAPI.http_utilities().set_no_cache_headers( response )
self.assertTrue(response.headers.has_key('Cache-Control'))
self.assertTrue(response.headers.has_key('Expires'))示例7: test_change_session_identifier
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_change_session_identifier(self):
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
session = request.session
session['one'] = 'one'
session['two'] = 'two'
session['three'] = 'three'
id1 = request.session.id
session = ESAPI.http_utilities().change_session_identifier(request)
id2 = request.session.id
self.assertFalse(id1 == id2)
self.assertEquals("one", session['one'])示例8: test_set_remember_token
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_set_remember_token(self):
instance = ESAPI.authenticator()
account_name = "joestheplumber"
password = instance.generate_strong_password()
user = instance.create_user(account_name, password, password)
user.enable()
request = MockHttpRequest()
request.POST['username'] = account_name
request.POST['password'] = password
response = MockHttpResponse()
instance.login(request, response)
max_age = 60 * 60 * 24 * 14
ESAPI.http_utilities().set_remember_token( password, max_age, "domain", '/', request, response )示例9: test_state_from_encrypted_cookie
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_state_from_encrypted_cookie(self):
request = MockHttpRequest()
response = MockHttpResponse()
empty = ESAPI.http_utilities().decrypt_state_from_cookie(request)
self.assertEquals({}, empty)
m = {'one' : 'aspect',
'two' : 'ridiculous',
'test_hard' : "&(@#*!^|;,." }
ESAPI.http_utilities().encrypt_state_in_cookie(m, response)
value = response.headers['Set-Cookie']
encrypted = value[value.find('=')+1:value.find(';')]
ESAPI.encryptor().decrypt(encrypted)示例10: is_session_timeout
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def is_session_timeout(self):
session = ESAPI.http_utilities().current_request.session
if session is None:
return True
deadline = session.last_accessed_time + self.IDLE_TIMEOUT_LENGTH
return datetime.now() > deadline示例11: is_session_absolute_timeout
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def is_session_absolute_timeout(self):
session = ESAPI.http_utilities().current_request.session
if session is None:
return True
deadline = session.creation_time + self.ABSOLUTE_TIMEOUT_LENGTH
return datetime.now() > deadline示例12: test_add_header
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_add_header(self):
instance = ESAPI.http_utilities()
request = MockHttpRequest()
response = MockHttpResponse()
instance.set_current_http(request, response)
instance.add_header('HeaderName', 'HeaderValue')示例13: test_query_to_dict
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_query_to_dict(self):
instance = ESAPI.http_utilities()
query = '?a=1&b=2&c=3'
testing = instance.query_to_dict(query)
correct = {'a' : '1', 'b' : '2', 'c' : '3'}
self.assertEquals(testing, correct)示例14: log
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def log(self, level, event_type, message, exception=None):
"""
Log the message after optionally encoding any special characters
that might be dangerous when viewed by an HTML based log viewer.
Also encode any carriage returns and line feeds to prevent log
injection attacks. This logs all the supplied parameters plus the
user ID, user's source IP, a logging specific session ID, and the
current date/time.
It will only log the message if the current logging level is
enabled, otherwise it will discard the message.
@param level: the severity level of the security event
@param event_type: the event_type of the event
(SECURITY, FUNCTIONALITY, etc.)
@param message: the message
@param exception: an exception
"""
# Before we waste all kinds of time preparing this event for the
# log, let check to see if its loggable
if not self.pyLogger.isEnabledFor(level):
return
user = ESAPI.authenticator().current_user
# create a random session number for the user to represent the
# user's 'session', if it doesn't exist already
sid = _("unknown")
request = ESAPI.http_utilities().current_request
if request is not None:
session = request.session
if session is not None:
sid = session.get('ESAPI_SESSION', None)
# if there is no session id for the user yet, create one
# and store it in the user's session
if sid is None:
sid = str(ESAPI.randomizer().get_random_integer(0, 1000000))
session['ESAPI_SESSION'] = sid
# ensure there's something to log
if message is None:
message = ""
# ensure no CRLF injection into logs for forging records
clean = message.replace('\n', '_').replace('\r', '_')
if ESAPI.security_configuration().get_log_encoding_required():
clean = ESAPI.encoder().encode_for_html(message)
if message != clean:
clean += " (Encoded)"
extra = {
'eventType' : str(event_type),
'eventSuccess' : [_("SUCCESS"),_("FAILURE")][event_type.is_success()],
'user' : user.account_name,
'hostname' : user.last_host_address,
'sessionID' : sid,
}
self.pyLogger.log(level, clean, extra=extra) 示例15: test_add_event
# 需要导入模块: from esapi.core import ESAPI [as 别名]
# 或者: from esapi.core.ESAPI import http_utilities [as 别名]
def test_add_event(self):
username = "testAddEventIDS"
password = "addEvent"
auth = ESAPI.authenticator()
user = auth.create_user(username, password, password)
user.enable()
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
user.login_with_password(password)
# Generate some events to disable the account
for i in range(15):
ESAPI.intrusion_detector().add_event("test", "test message")
self.assertTrue(user.is_locked())