Skip to content

fixed cryptography signing #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mikeboers merged 1 commit into from
Apr 14, 2024
Merged

fixed cryptography signing #63

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 14 additions & 13 deletions flask_images/core.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import re
import struct
import sys
import hmac

from six import iteritems, PY3, string_types, text_type
if PY3:
Expand All @@ -27,11 +28,6 @@
from PIL import Image, ImageFilter
from flask import request, current_app, send_file, abort

try:
from itsdangerous import Signer, constant_time_compare
except ImportError:
from itsdangerous import Signer
from itsdangerous._compat import constant_time_compare

from . import modes
from .size import ImageSize
Expand Down Expand Up @@ -208,14 +204,16 @@ def build_url(self, local_path, **kwargs):
if v is not None and not k.startswith('_')
}
query = urlencode(sorted(iteritems(public_kwargs)), True)
signer = Signer(current_app.secret_key)
sig = signer.get_signature('%s?%s' % (local_path, query))
sig_auth = hmac.new(current_app.secret_key.encode('utf-8'),
f'{local_path}?{query}'.encode('utf-8'),
digestmod='sha256')

# I am using hexdigest to increase readability in warnings.
url = '%s/%s?%s&s=%s' % (
current_app.config['IMAGES_URL'],
urlquote(local_path, "/$-_.+!*'(),"),
query,
sig.decode('utf-8'),
sig_auth.hexdigest(),
)

if external:
Expand Down Expand Up @@ -302,13 +300,16 @@ def handle_request(self, path):

# Verify the signature.
query = dict(iteritems(request.args))
old_sig = str(query.pop('s', None))
old_sig = bytes(query.pop('s', None), 'utf-8')
if not old_sig:
abort(404)
signer = Signer(current_app.secret_key)
new_sig = signer.get_signature('%s?%s' % (path, urlencode(sorted(iteritems(query)), True)))
if not constant_time_compare(str(old_sig), str(new_sig.decode('utf-8'))):
log.warning("Signature mismatch: url's {} != expected {}".format(old_sig, new_sig))
query_info = urlencode(sorted(iteritems(query)), True)
msg_auth = hmac.new(current_app.secret_key.encode('utf-8'),
f'{path}?{query_info}'.encode('utf-8'),
digestmod='sha256')
new_sig = bytes(msg_auth.hexdigest(), 'utf-8')
if not hmac.compare_digest(old_sig, new_sig):
log.warning(f"Signature mismatch: url's {old_sig} != expected {new_sig}")
abort(404)

# Expand kwargs.
Expand Down