Skip to content

Commit

Permalink
Merge pull request #78 from blacklanternsecurity/rails_errorhandling
Browse files Browse the repository at this point in the history 
rails_secretkeybase error handling
  • Loading branch information
@liquidsec
liquidsec committed Jul 6, 2023
2 parents 8de1ab1 + ec375f6 commit 9c6e568
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 3 deletions.
2 changes: 1 addition & 1 deletion badsecrets/modules/rails_secretkeybase.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ def rails(self, rails_cookie, secret_key_base):
encrypted_data = base64.b64decode(data).decode()
iv = encrypted_data.split("--")[1]
data = encrypted_data.split("--")[0]
except (UnicodeDecodeError, IndexError):
except (UnicodeDecodeError, IndexError, binascii.Error):
return

if len(base64.b64decode(iv)) == 16:
Expand Down
1 change: 0 additions & 1 deletion badsecrets/resources/aspnet_machinekeys.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2779,7 +2779,6 @@ C3DD5E21134BDCAF7D951A2ED8E45F7E7395A8CEBAA6A43A8D8528A85B9AB00D,ADCBCFC864936D0
C3E566B36D7D737C3642E6AEE1FBF7E40F002E08,D993D168BAA3518CB12F32BBBF93D259A2D3E91EA0DE65A8
C3ECDA658438CB56E1B2214D481AD1357E57469F,E23294FEFD59AF24CA7BE43F355F38E94D1FB48B687A6D3C
C3F4C2EA177D400D5079E51F9CF1C9F8BBC4BD1E8ACC3C08EBB55D3FEB9D2076AFB83A4E23856B34CF4A10F98FADB0625147D3B5EC5C425995DECFFD0D10B0B7,A2C88FF5B85D9A4073DF6E63BFEDC8122D26BEFFD1436284
***REMOVED***
C404DBC640257AA6DD1632CC42279467947E0539A484964B67AF2706E0C1E50A7D0075698C692D5E27A5337A223A1D7EE78678B803918D5F8C1F0A623E2FFC07,C3C74BBF830D1FD79576F70BEE59D12D9A99CC7AB564E3BD851C27A2563A72C1
C40E61DCB9CF02AF9B87ECF85E4F098A7A92858E34654EC633A04992E4D9222AA9EE7E5B13A1A67F36336404E93A664BA05E797543C1163BF5088618507E6853,E62236F1C28D325263320588532A716642411E7417752D4D
C41E5BEB7FD938AC1368A9EE0A97BAD2F6DBC4AB563FB9F89ED37C4D0CD5B7918FA822AD2A181A5B4FB7CF3826C56F043A93B4B08816E037485F61070AB2AD6A,968DB8BE829EC55028B809D75D3DF3BAB406B2D8EF7FF712D7F36B9ABCD99016
Expand Down
10 changes: 9 additions & 1 deletion tests/rails_secretkeybase_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,9 +70,17 @@ def test_rails_malformed():
assert not found_key


def test_rails_unicode_error():
def test_rails_error_unicode():
x = Rails_SecretKeyBase()
found_key = x.check_secret(
"dUEvRldLekFNcklGZ3ZSbU1XaHJ0ZGxsLzhYTHlNTW43T3BVN05kZXE3WUhQOVVKbVA3Rm5WaSs5eG5QQ1VIRVBzeDFNTnNpZ0xCM1FKbzFZTEJISzhaNzFmVGYzME0waDFURVpCYm5TQlJFRmRFclYzNUZhR3VuN29PMmlkVHBrRi8wb3AwZWgvWmxObkFOYnpkeHR1YWpWZ3lnN0Y4ZW9xSk9LNVlQd0U4MmFsbWtLZUI5VzkzRkM4YXBFWXBWeS9NMTBNZ1RadmU5ZlFnMWVZaXpaZz09--7efe7919a5210cfd1ac4c6228e3ff82c0600d841"
)
assert not found_key


def test_rails_error_binascii():
x = Rails_SecretKeyBase()
found_key = x.check_secret(
"dUEvRldLekFNcklGZ3ZSbU1XaHJ0ZGxsLzhYTHlNTW43T3BVN05kZXE3WUhQOVVKbVA3Rm5WaSs5eG5QQ1VIRVBzeDFNTnNpZ0xCM1FKbzFZTEJISzhaNzFmVGYzME0waDFURVpCYm5TQlJFRmRFclYzNUZhR3VuN29PMmlkVHBrRi8wb3AwZWgvWmxObkFOYnpkeHR1YWpWZ3lnN0Y4ZW9xSk9LNVlQd0U4MmFsbWtLZUI5VzkzRkM4YXBFWXBWeS9NMTBNZ1RadmU5ZlFnMWV%20XpaZz09--7efe7919a5210cfd1ac4c6228e3ff82c0600d841"
)
assert not found_key

0 comments on commit 9c6e568

Please sign in to comment.