mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-09 15:10:27 +00:00
17e3a8f942
Currently passing an invalid Basic auth header (random string base64 encoded) would result in an exception being raised due to a username, password = auth_header.split(). Similary passing a `Digest` authentication type would result in an exception as there is no :. Thirdly passing invalid base64 encoded UTF-8 code sequences would result in exceptions as this issue (#1424). I added code to check explicitly that we are doing basic authentication then by checking the number of entries returned by the split. I also added exception handling for invalid UTF-8 code sequence exceptions. Tested with a fuzzer. Tested with valid and invalid credentials. This fixes #1424. |
||
|---|---|---|
| .. | ||
| lib | ||
| models | ||
| routes | ||
| services | ||
| static | ||
| templates | ||
| __init__.py | ||
| assets.py | ||
| decorators.py | ||
| default_config.py | ||
| swagger-spec.yaml | ||