Fix sha1_suffix bug - Githubissues

chrispetrou / FastAudit

:shipit: A wordpress security auditor! Audit your wordpress application for security issues with even 1 request.

GNU General Public License v3.0

36 stars 10 forks source link

Fix sha1_suffix bug #2

Closed mattlorimor closed 6 years ago

mattlorimor commented 6 years ago

This PR fixes a bug with determining the sha1_suffix.

This should take care of the bug mentioned here: https://github.com/chrispetrou/FastAudit/pull/1.

That is, if self.__pass is purely a SHA1 hash. If self.__pass looks exactly like this format, then another step needs to be added: 7c6a61c68ef8b9b6b061b28c348bc1ed7921cb53:passw0rd. If self.__pass looks like this, then this PR should fix the issue: 7c6a61c68ef8b9b6b061b28c348bc1ed7921cb53.

mattlorimor commented 6 years ago

Totally my fault on not noticing that i had a :0 in there. It was causing the splits to look like this (given a SHA1 of '7c6a61c68ef8b9b6b061b28c348bc1ed7921cb53': sha1_prefix: '7c6a6' sha1_suffix: ''

When the sha1_suffix should be '1c68ef8b9b6b061b28c348bc1ed7921cb53'

chrispetrou commented 6 years ago

Thank you very much for fixing the bug - I just merged! I also fixed sha1_suffix to be sha1_suffix.upper() since HIBP shows the hashes in uppercase.

mattlorimor commented 6 years ago

Makes sense.

No problem.

chrispetrou commented 6 years ago

Also yes, the hash is supposed to be in "clear" hash form (not containing ":")!