completed set 4, task 31

author: Benedict <benedict@0xb8000.de> 2016-09-23 11:36:08 +0200
committer: Benedict <benedict@0xb8000.de> 2017-02-21 13:00:26 +0100
commit: 723222e769785563babdda5f78a0ce21a276cb9f (patch)
tree: 660d7312f7e85206daad7de6912ce63bee5f4b36 /set4/webapp.py
parent: 111642369ba778d5b8d18f1a9d8acf379ab45c13 (diff)
1 files changed, 46 insertions, 0 deletions
diff --git a/set4/webapp.py b/set4/webapp.py
new file mode 100644
index 0000000..4437744
--- /dev/null
+++ b/set4/webapp.py
@@ -0,0 +1,46 @@
+#!/bin/python2
+
+import web
+from time import sleep
+import hashlib
+import hmac
+
+urls = (
+    '/', 'index'
+)
+
+class crypto:
+	def __init__(self):
+		self.key = "bummbamm"
+
+	def insecure_compare(self, hmac_arg, filename, key):
+		print hmac_arg
+		print filename
+		com_hmac = hmac.new(key, filename, hashlib.sha1).digest()
+
+		com_hmac = com_hmac.encode("hex")
+		print com_hmac
+
+		for i in range(len(hmac_arg)):
+			if hmac_arg[i] == com_hmac[i]:
+				sleep(0.05)
+			else:
+				break
+
+		return 200
+
+
+class index():
+	def GET(self):
+		cry = crypto()
+		print cry.key
+		f = web.input()
+		back = f["file"] + " : " + f["signature"]
+		cry.insecure_compare(f["signature"], f["file"], cry.key)
+		print f
+		return back
+
+if __name__ == "__main__":
+	app = web.application(urls, globals())
+	app.run()
+
author	Benedict <benedict@0xb8000.de>	2016-09-23 11:36:08 +0200
committer	Benedict <benedict@0xb8000.de>	2017-02-21 13:00:26 +0100
commit	723222e769785563babdda5f78a0ce21a276cb9f (patch)
tree	660d7312f7e85206daad7de6912ce63bee5f4b36 /set4/webapp.py
parent	111642369ba778d5b8d18f1a9d8acf379ab45c13 (diff)