From 56b33ab4584f7584135e6a2546a093889180c916 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Oliveira?= Date: Sun, 4 Dec 2016 23:39:56 +0000 Subject: [PATCH] asked changes made, code tested and flask unittests all passed --- flask/helpers.py | 31 ++++++++++--------------------- flask/sessions.py | 8 +++++--- 2 files changed, 15 insertions(+), 24 deletions(-) diff --git a/flask/helpers.py b/flask/helpers.py index e3d23930..de9f46e1 100644 --- a/flask/helpers.py +++ b/flask/helpers.py @@ -14,7 +14,6 @@ import sys import pkgutil import posixpath import mimetypes -import warnings from time import time from zlib import adler32 from threading import RLock @@ -960,32 +959,22 @@ def total_seconds(td): """ return td.days * 60 * 60 * 24 + td.seconds -def is_ip(string, var_name): +def is_ip(ip): """Returns the if the string received is an IP or not. :param string: the string to check if it an IP or not - :param var_name: the name of the variable that is being checked + :param var_name: the name of the string that is being checked :returns: True if string is an IP, False if not :rtype: boolean """ - ipv4 = string.split('.') - ipv6 = string.split(':') - try: - for i,t in enumerate(ipv6): - if not t: - ipv6[i] = "0" - if(all(int(t,16) >= 0 and int(t,16) <= 65535 for t in ipv6)): - print("IPv6 address introduced in " + var_name) - return True - except ValueError: - pass + import socket - if len(ipv4) == 4: + for family in (socket.AF_INET, socket.AF_INET6): try: - if(all(int(t) >= 0 and int(t) <= 255 for t in ipv4)): - print("IPv4 address introduced in " + var_name) - except ValueError: - return False - else: - return False + socket.inet_pton(family, ip) + except socket.error: + pass + else: + return True + return False diff --git a/flask/sessions.py b/flask/sessions.py index a249a62b..b90e8d35 100644 --- a/flask/sessions.py +++ b/flask/sessions.py @@ -11,13 +11,14 @@ import uuid import hashlib +from warnings import warn from base64 import b64encode, b64decode from datetime import datetime from werkzeug.http import http_date, parse_date from werkzeug.datastructures import CallbackDict from . import Markup, json from ._compat import iteritems, text_type -from .helpers import total_seconds, is_IP +from .helpers import total_seconds, is_ip from itsdangerous import URLSafeTimedSerializer, BadSignature @@ -332,8 +333,9 @@ class SecureCookieSessionInterface(SessionInterface): def save_session(self, app, session, response): domain = self.get_cookie_domain(app) - if domain != None: - is_ip(domain, "SESSION_COOKIE_DOMAIN", self) + if domain is not None: + if is_ip(domain): + warnings.warn("IP introduced in SESSION_COOKIE_DOMAIN", RuntimeWarning) path = self.get_cookie_path(app) # Delete case. If there is no session we bail early.