summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-08-07 17:45:03 +0200
committerAzul <azul@leap.se>2013-08-07 17:46:08 +0200
commit8e2bff3fb077410fd7facc41e4a460b402e08045 (patch)
treeb73637ad3784d4d09ff03c29c8e1853ca74b1305
parent21f39bf368ea1e0deb70eb918f0947fb6fbd900d (diff)
integration test exploiting srp vulnerability
-rw-r--r--users/test/integration/browser/account_test.rb19
1 files changed, 19 insertions, 0 deletions
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index ce63baf..b5776ff 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -20,4 +20,23 @@ class AccountTest < BrowserIntegrationTest
assert_equal '/', current_path
end
+ # trying to seed an invalid A for srp login
+ test "detects attempt to circumvent SRP" do
+ user = FactoryGirl.create :user
+ visit '/sessions/new'
+ fill_in 'Username', with: user.login
+ fill_in 'Password', with: "password"
+ inject_malicious_js
+ click_on 'Log In'
+ assert !page.has_content?("Welcome")
+ end
+
+ def inject_malicious_js
+ page.execute_script <<-EOJS
+ var calc = new srp.Calculate();
+ calc.A = function(_a) {return "00";};
+ calc.S = calc.A;
+ srp.session = new srp.Session(null, calc);
+ EOJS
+ end
end