diff options
author | Jesse Luehrs <doy@tozt.net> | 2019-04-13 04:30:50 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2019-04-13 04:30:50 -0400 |
commit | 01e62e9baaf5860f0b9dee39e985a89333c0a854 (patch) | |
tree | 1305097c8943d56edfc7cf9a06016a30fb1ce195 | |
parent | c48a2b579673d4f4034bb7275165b72077e60fbd (diff) | |
download | matasano-01e62e9baaf5860f0b9dee39e985a89333c0a854.tar.gz matasano-01e62e9baaf5860f0b9dee39e985a89333c0a854.zip |
adjust the signature of create_query_string a bit
-rw-r--r-- | src/http.rs | 14 | ||||
-rw-r--r-- | tests/set2.rs | 8 | ||||
-rw-r--r-- | tests/set4.rs | 6 |
3 files changed, 14 insertions, 14 deletions
diff --git a/src/http.rs b/src/http.rs index 10b0eca..359502f 100644 --- a/src/http.rs +++ b/src/http.rs @@ -25,7 +25,7 @@ pub fn parse_query_string(string: &str) -> Option<HashMap<&str, &str>> { return Some(map); } -pub fn create_query_string(params: HashMap<&str, &str>) -> String { +pub fn create_query_string(params: &HashMap<&str, String>) -> String { fn escape(s: &str) -> String { s.replace("%", "%25") .replace("&", "%26") @@ -57,10 +57,10 @@ fn test_parse_query_string() { #[test] fn test_create_query_string() { let mut params = HashMap::new(); - params.insert("foo", "bar"); - params.insert("baz", "qux"); - params.insert("zap", "zazzle"); - let got = create_query_string(params); + params.insert("foo", "bar".to_string()); + params.insert("baz", "qux".to_string()); + params.insert("zap", "zazzle".to_string()); + let got = create_query_string(¶ms); let expected1 = "foo=bar&baz=qux&zap=zazzle"; let expected2 = "foo=bar&zap=zazzle&baz=qux"; let expected3 = "baz=qux&foo=bar&zap=zazzle"; @@ -82,8 +82,8 @@ fn test_create_query_string() { #[test] fn test_create_query_string_malicious() { let mut params = HashMap::new(); - params.insert("email", "foo@bar.com&role=admin"); - let got = create_query_string(params); + params.insert("email", "foo@bar.com&role=admin".to_string()); + let got = create_query_string(¶ms); let expected = "email=foo@bar.com%26role%3Dadmin"; assert_eq!(got, expected); } diff --git a/tests/set2.rs b/tests/set2.rs index 04614de..a77cf7a 100644 --- a/tests/set2.rs +++ b/tests/set2.rs @@ -99,10 +99,10 @@ fn problem_12() { fn problem_13() { fn profile_for(email: &str) -> String { let mut params = HashMap::new(); - params.insert("email", email); - params.insert("uid", "10"); - params.insert("role", "user"); - return matasano::create_query_string(params); + params.insert("email", email.to_string()); + params.insert("uid", "10".to_string()); + params.insert("role", "user".to_string()); + return matasano::create_query_string(¶ms); } let key = util::random_aes_128_key(); diff --git a/tests/set4.rs b/tests/set4.rs index 5095b6a..89581e2 100644 --- a/tests/set4.rs +++ b/tests/set4.rs @@ -215,12 +215,12 @@ fn problem_31() { let file = "filename.txt"; let got = matasano::crack_hmac_timing(file, |guess| { let mut params = std::collections::HashMap::new(); - params.insert("file", file); - params.insert("signature", guess); + params.insert("file", file.to_string()); + params.insert("signature", guess.to_string()); let res = reqwest::get(&format!( "{}{}", "http://localhost:9000/?", - matasano::create_query_string(params) + matasano::create_query_string(¶ms) )) .unwrap(); let status = res.status(); |