| 1 | n/a | """Test the secrets module. |
|---|
| 2 | n/a | |
|---|
| 3 | n/a | As most of the functions in secrets are thin wrappers around functions |
|---|
| 4 | n/a | defined elsewhere, we don't need to test them exhaustively. |
|---|
| 5 | n/a | """ |
|---|
| 6 | n/a | |
|---|
| 7 | n/a | |
|---|
| 8 | n/a | import secrets |
|---|
| 9 | n/a | import unittest |
|---|
| 10 | n/a | import string |
|---|
| 11 | n/a | |
|---|
| 12 | n/a | |
|---|
| 13 | n/a | # === Unit tests === |
|---|
| 14 | n/a | |
|---|
| 15 | n/a | class Compare_Digest_Tests(unittest.TestCase): |
|---|
| 16 | n/a | """Test secrets.compare_digest function.""" |
|---|
| 17 | n/a | |
|---|
| 18 | n/a | def test_equal(self): |
|---|
| 19 | n/a | # Test compare_digest functionality with equal (byte/text) strings. |
|---|
| 20 | n/a | for s in ("a", "bcd", "xyz123"): |
|---|
| 21 | n/a | a = s*100 |
|---|
| 22 | n/a | b = s*100 |
|---|
| 23 | n/a | self.assertTrue(secrets.compare_digest(a, b)) |
|---|
| 24 | n/a | self.assertTrue(secrets.compare_digest(a.encode('utf-8'), b.encode('utf-8'))) |
|---|
| 25 | n/a | |
|---|
| 26 | n/a | def test_unequal(self): |
|---|
| 27 | n/a | # Test compare_digest functionality with unequal (byte/text) strings. |
|---|
| 28 | n/a | self.assertFalse(secrets.compare_digest("abc", "abcd")) |
|---|
| 29 | n/a | self.assertFalse(secrets.compare_digest(b"abc", b"abcd")) |
|---|
| 30 | n/a | for s in ("x", "mn", "a1b2c3"): |
|---|
| 31 | n/a | a = s*100 + "q" |
|---|
| 32 | n/a | b = s*100 + "k" |
|---|
| 33 | n/a | self.assertFalse(secrets.compare_digest(a, b)) |
|---|
| 34 | n/a | self.assertFalse(secrets.compare_digest(a.encode('utf-8'), b.encode('utf-8'))) |
|---|
| 35 | n/a | |
|---|
| 36 | n/a | def test_bad_types(self): |
|---|
| 37 | n/a | # Test that compare_digest raises with mixed types. |
|---|
| 38 | n/a | a = 'abcde' |
|---|
| 39 | n/a | b = a.encode('utf-8') |
|---|
| 40 | n/a | assert isinstance(a, str) |
|---|
| 41 | n/a | assert isinstance(b, bytes) |
|---|
| 42 | n/a | self.assertRaises(TypeError, secrets.compare_digest, a, b) |
|---|
| 43 | n/a | self.assertRaises(TypeError, secrets.compare_digest, b, a) |
|---|
| 44 | n/a | |
|---|
| 45 | n/a | def test_bool(self): |
|---|
| 46 | n/a | # Test that compare_digest returns a bool. |
|---|
| 47 | n/a | self.assertIsInstance(secrets.compare_digest("abc", "abc"), bool) |
|---|
| 48 | n/a | self.assertIsInstance(secrets.compare_digest("abc", "xyz"), bool) |
|---|
| 49 | n/a | |
|---|
| 50 | n/a | |
|---|
| 51 | n/a | class Random_Tests(unittest.TestCase): |
|---|
| 52 | n/a | """Test wrappers around SystemRandom methods.""" |
|---|
| 53 | n/a | |
|---|
| 54 | n/a | def test_randbits(self): |
|---|
| 55 | n/a | # Test randbits. |
|---|
| 56 | n/a | errmsg = "randbits(%d) returned %d" |
|---|
| 57 | n/a | for numbits in (3, 12, 30): |
|---|
| 58 | n/a | for i in range(6): |
|---|
| 59 | n/a | n = secrets.randbits(numbits) |
|---|
| 60 | n/a | self.assertTrue(0 <= n < 2**numbits, errmsg % (numbits, n)) |
|---|
| 61 | n/a | |
|---|
| 62 | n/a | def test_choice(self): |
|---|
| 63 | n/a | # Test choice. |
|---|
| 64 | n/a | items = [1, 2, 4, 8, 16, 32, 64] |
|---|
| 65 | n/a | for i in range(10): |
|---|
| 66 | n/a | self.assertTrue(secrets.choice(items) in items) |
|---|
| 67 | n/a | |
|---|
| 68 | n/a | def test_randbelow(self): |
|---|
| 69 | n/a | # Test randbelow. |
|---|
| 70 | n/a | for i in range(2, 10): |
|---|
| 71 | n/a | self.assertIn(secrets.randbelow(i), range(i)) |
|---|
| 72 | n/a | self.assertRaises(ValueError, secrets.randbelow, 0) |
|---|
| 73 | n/a | self.assertRaises(ValueError, secrets.randbelow, -1) |
|---|
| 74 | n/a | |
|---|
| 75 | n/a | |
|---|
| 76 | n/a | class Token_Tests(unittest.TestCase): |
|---|
| 77 | n/a | """Test token functions.""" |
|---|
| 78 | n/a | |
|---|
| 79 | n/a | def test_token_defaults(self): |
|---|
| 80 | n/a | # Test that token_* functions handle default size correctly. |
|---|
| 81 | n/a | for func in (secrets.token_bytes, secrets.token_hex, |
|---|
| 82 | n/a | secrets.token_urlsafe): |
|---|
| 83 | n/a | with self.subTest(func=func): |
|---|
| 84 | n/a | name = func.__name__ |
|---|
| 85 | n/a | try: |
|---|
| 86 | n/a | func() |
|---|
| 87 | n/a | except TypeError: |
|---|
| 88 | n/a | self.fail("%s cannot be called with no argument" % name) |
|---|
| 89 | n/a | try: |
|---|
| 90 | n/a | func(None) |
|---|
| 91 | n/a | except TypeError: |
|---|
| 92 | n/a | self.fail("%s cannot be called with None" % name) |
|---|
| 93 | n/a | size = secrets.DEFAULT_ENTROPY |
|---|
| 94 | n/a | self.assertEqual(len(secrets.token_bytes(None)), size) |
|---|
| 95 | n/a | self.assertEqual(len(secrets.token_hex(None)), 2*size) |
|---|
| 96 | n/a | |
|---|
| 97 | n/a | def test_token_bytes(self): |
|---|
| 98 | n/a | # Test token_bytes. |
|---|
| 99 | n/a | for n in (1, 8, 17, 100): |
|---|
| 100 | n/a | with self.subTest(n=n): |
|---|
| 101 | n/a | self.assertIsInstance(secrets.token_bytes(n), bytes) |
|---|
| 102 | n/a | self.assertEqual(len(secrets.token_bytes(n)), n) |
|---|
| 103 | n/a | |
|---|
| 104 | n/a | def test_token_hex(self): |
|---|
| 105 | n/a | # Test token_hex. |
|---|
| 106 | n/a | for n in (1, 12, 25, 90): |
|---|
| 107 | n/a | with self.subTest(n=n): |
|---|
| 108 | n/a | s = secrets.token_hex(n) |
|---|
| 109 | n/a | self.assertIsInstance(s, str) |
|---|
| 110 | n/a | self.assertEqual(len(s), 2*n) |
|---|
| 111 | n/a | self.assertTrue(all(c in string.hexdigits for c in s)) |
|---|
| 112 | n/a | |
|---|
| 113 | n/a | def test_token_urlsafe(self): |
|---|
| 114 | n/a | # Test token_urlsafe. |
|---|
| 115 | n/a | legal = string.ascii_letters + string.digits + '-_' |
|---|
| 116 | n/a | for n in (1, 11, 28, 76): |
|---|
| 117 | n/a | with self.subTest(n=n): |
|---|
| 118 | n/a | s = secrets.token_urlsafe(n) |
|---|
| 119 | n/a | self.assertIsInstance(s, str) |
|---|
| 120 | n/a | self.assertTrue(all(c in legal for c in s)) |
|---|
| 121 | n/a | |
|---|
| 122 | n/a | |
|---|
| 123 | n/a | if __name__ == '__main__': |
|---|
| 124 | n/a | unittest.main() |
|---|
