From e7a4b259f8cd580f52160c17842d797fc3ddf7dc Mon Sep 17 00:00:00 2001 From: Elena Balakhonova Date: Fri, 5 Oct 2018 18:11:39 +0300 Subject: [PATCH] Strict PrintableString sanitizing X.680 41.4 table 10. --- pyderasn.py | 8 ++++++++ tests/test_pyderasn.py | 44 +++++++++++++++++++++++++++++++++++++----- 2 files changed, 47 insertions(+), 5 deletions(-) diff --git a/pyderasn.py b/pyderasn.py index 1690ab0..9a8ccdd 100755 --- a/pyderasn.py +++ b/pyderasn.py @@ -542,6 +542,7 @@ from collections import OrderedDict from datetime import datetime from math import ceil from os import environ +from string import ascii_letters from string import digits from six import add_metaclass @@ -3511,6 +3512,13 @@ class PrintableString(CommonString): tag_default = tag_encode(19) encoding = "ascii" asn1_type_name = "PrintableString" + allowable_chars = set((ascii_letters + digits + " '()+,-./:=?").encode("ascii")) + + def _value_sanitize(self, value): + value = super(PrintableString, self)._value_sanitize(value) + if not set(value) <= self.allowable_chars: + raise DecodeError("non-printable value") + return value class TeletexString(CommonString): diff --git a/tests/test_pyderasn.py b/tests/test_pyderasn.py index 6ea1d40..8f02a02 100644 --- a/tests/test_pyderasn.py +++ b/tests/test_pyderasn.py @@ -3281,12 +3281,15 @@ class TestUTF8String(StringMixin, CommonMixin, TestCase): base_klass = UTF8String +cyrillic_letters = text( + alphabet="".join(six_unichr(i) for i in list(range(0x0410, 0x044f + 1))), + min_size=1, + max_size=5, +) + + class UnicodeDecodeErrorMixin(object): - @given(text( - alphabet="".join(six_unichr(i) for i in list(range(0x0410, 0x044f + 1))), - min_size=1, - max_size=5, - )) + @given(cyrillic_letters) def test_unicode_decode_error(self, cyrillic_text): with self.assertRaises(DecodeError): self.base_klass(cyrillic_text) @@ -3332,6 +3335,34 @@ class TestPrintableString( ): base_klass = PrintableString + def text_alphabet(self): + return ascii_letters + digits + " '()+,-./:=?" + + @given(text(alphabet=sorted(set(whitespace) - set(" ")), min_size=1, max_size=5)) + def test_non_printable(self, non_printable_text): + with assertRaisesRegex(self, DecodeError, "non-printable"): + self.base_klass(non_printable_text) + + @given( + sets(integers(min_value=0, max_value=10), min_size=2, max_size=2), + integers(min_value=0), + decode_path_strat, + ) + def test_invalid_bounds_while_decoding(self, ints, offset, decode_path): + value, bound_min = list(sorted(ints)) + + class String(self.base_klass): + bounds = (bound_min, bound_min) + with self.assertRaises(DecodeError) as err: + String().decode( + self.base_klass(b"1" * value).encode(), + offset=offset, + decode_path=decode_path, + ) + repr(err.exception) + self.assertEqual(err.exception.offset, offset) + self.assertEqual(err.exception.decode_path, decode_path) + class TestTeletexString( UnicodeDecodeErrorMixin, @@ -5837,8 +5868,11 @@ class TestGoMarshalVectors(TestCase): seq = Seq() seq["erste"] = PrintableString("test") self.assertSequenceEqual(seq.encode(), hexdec("3006130474657374")) + # Asterisk is actually not allowable + PrintableString.allowable_chars |= set(b"*") seq["erste"] = PrintableString("test*") self.assertSequenceEqual(seq.encode(), hexdec("30071305746573742a")) + PrintableString.allowable_chars -= set(b"*") class Seq(Sequence): schema = ( -- 2.44.0