allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [allura] 01/01: [#8321] consider a missing honeypot field as bad as one that was erroneously filled out. Previously was raising an unhandled error
Date Wed, 31 Jul 2019 14:58:52 GMT
This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch db/8321
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 53e7ee8e7c5779fafab7f675b9b47041c4eda4bb
Author: Dave Brondsema <dave@brondsema.net>
AuthorDate: Wed Jul 31 10:54:04 2019 -0400

    [#8321] consider a missing honeypot field as bad as one that was erroneously filled out.
 Previously was raising an unhandled error
---
 Allura/allura/lib/utils.py        | 5 ++++-
 Allura/allura/tests/test_utils.py | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index 5d2b4b3..f8444b7 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -382,7 +382,10 @@ class AntiSpam(object):
                     except:
                         pass
                 for fldno in range(obj.num_honey):
-                    value = new_params.pop('honey%s' % fldno)
+                    try:
+                        value = new_params.pop('honey%s' % fldno)
+                    except KeyError:
+                        raise ValueError('Missing honeypot field: honey%s' % fldno)
                     if value:
                         raise ValueError('Value in honeypot field: %s' % value)
             except Exception as ex:
diff --git a/Allura/allura/tests/test_utils.py b/Allura/allura/tests/test_utils.py
index 199b4e5..8887cef 100644
--- a/Allura/allura/tests/test_utils.py
+++ b/Allura/allura/tests/test_utils.py
@@ -153,6 +153,13 @@ class TestAntispam(unittest.TestCase):
         r = Request.blank('/', POST=eform)
         self.assertRaises(ValueError, utils.AntiSpam.validate_request, r)
 
+    def test_missing_honey(self):
+        form = dict(a='1', b='2')
+        eform = self._encrypt_form(**form)
+        del eform[self.a.enc('honey0')]
+        r = Request.blank('/', POST=eform)
+        self.assertRaises(ValueError, utils.AntiSpam.validate_request, r)
+
     def _encrypt_form(self, **kwargs):
         encrypted_form = dict(
             (self.a.enc(k), v) for k, v in kwargs.items())


Mime
View raw message