1 files changed, 141 insertions, 69 deletions

diff --git a/tests/test_security.py b/tests/test_security.py
index e30a0542..540bba92 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -10,79 +10,85 @@
 """
 import os
 import posixpath
+
 import pytest
 
-from werkzeug.security import check_password_hash, generate_password_hash, \
-    safe_join, pbkdf2_hex, safe_str_cmp
+from werkzeug.security import check_password_hash
+from werkzeug.security import generate_password_hash
+from werkzeug.security import pbkdf2_hex
+from werkzeug.security import safe_join
+from werkzeug.security import safe_str_cmp
 
 
 def test_safe_str_cmp():
-    assert safe_str_cmp('a', 'a') is True
-    assert safe_str_cmp(b'a', u'a') is True
-    assert safe_str_cmp('a', 'b') is False
-    assert safe_str_cmp(b'aaa', 'aa') is False
-    assert safe_str_cmp(b'aaa', 'bbb') is False
-    assert safe_str_cmp(b'aaa', u'aaa') is True
-    assert safe_str_cmp(u'aaa', u'aaa') is True
+    assert safe_str_cmp("a", "a") is True
+    assert safe_str_cmp(b"a", u"a") is True
+    assert safe_str_cmp("a", "b") is False
+    assert safe_str_cmp(b"aaa", "aa") is False
+    assert safe_str_cmp(b"aaa", "bbb") is False
+    assert safe_str_cmp(b"aaa", u"aaa") is True
+    assert safe_str_cmp(u"aaa", u"aaa") is True
 
 
 def test_safe_str_cmp_no_builtin():
     import werkzeug.security as sec
+
     prev_value = sec._builtin_safe_str_cmp
     sec._builtin_safe_str_cmp = None
-    assert safe_str_cmp('a', 'ab') is False
+    assert safe_str_cmp("a", "ab") is False
 
-    assert safe_str_cmp('str', 'str') is True
-    assert safe_str_cmp('str1', 'str2') is False
+    assert safe_str_cmp("str", "str") is True
+    assert safe_str_cmp("str1", "str2") is False
     sec._builtin_safe_str_cmp = prev_value
 
 
 def test_password_hashing():
-    hash0 = generate_password_hash('default')
-    assert check_password_hash(hash0, 'default')
-    assert hash0.startswith('pbkdf2:sha256:150000$')
+    hash0 = generate_password_hash("default")
+    assert check_password_hash(hash0, "default")
+    assert hash0.startswith("pbkdf2:sha256:150000$")
 
-    hash1 = generate_password_hash('default', 'sha1')
-    hash2 = generate_password_hash(u'default', method='sha1')
+    hash1 = generate_password_hash("default", "sha1")
+    hash2 = generate_password_hash(u"default", method="sha1")
     assert hash1 != hash2
-    assert check_password_hash(hash1, 'default')
-    assert check_password_hash(hash2, 'default')
-    assert hash1.startswith('sha1$')
-    assert hash2.startswith('sha1$')
+    assert check_password_hash(hash1, "default")
+    assert check_password_hash(hash2, "default")
+    assert hash1.startswith("sha1$")
+    assert hash2.startswith("sha1$")
 
     with pytest.raises(ValueError):
-        check_password_hash('$made$up$', 'default')
+        check_password_hash("$made$up$", "default")
 
     with pytest.raises(ValueError):
-        generate_password_hash('default', 'sha1', salt_length=0)
+        generate_password_hash("default", "sha1", salt_length=0)
 
-    fakehash = generate_password_hash('default', method='plain')
-    assert fakehash == 'plain$$default'
-    assert check_password_hash(fakehash, 'default')
+    fakehash = generate_password_hash("default", method="plain")
+    assert fakehash == "plain$$default"
+    assert check_password_hash(fakehash, "default")
 
-    mhash = generate_password_hash(u'default', method='md5')
-    assert mhash.startswith('md5$')
-    assert check_password_hash(mhash, 'default')
+    mhash = generate_password_hash(u"default", method="md5")
+    assert mhash.startswith("md5$")
+    assert check_password_hash(mhash, "default")
 
-    legacy = 'md5$$c21f969b5f03d33d43e04f8f136e7682'
-    assert check_password_hash(legacy, 'default')
+    legacy = "md5$$c21f969b5f03d33d43e04f8f136e7682"
+    assert check_password_hash(legacy, "default")
 
-    legacy = u'md5$$c21f969b5f03d33d43e04f8f136e7682'
-    assert check_password_hash(legacy, 'default')
+    legacy = u"md5$$c21f969b5f03d33d43e04f8f136e7682"
+    assert check_password_hash(legacy, "default")
 
 
 def test_safe_join():
-    assert safe_join('foo', 'bar/baz') == posixpath.join('foo', 'bar/baz')
-    assert safe_join('foo', '../bar/baz') is None
-    if os.name == 'nt':
-        assert safe_join('foo', 'foo\\bar') is None
+    assert safe_join("foo", "bar/baz") == posixpath.join("foo", "bar/baz")
+    assert safe_join("foo", "../bar/baz") is None
+    if os.name == "nt":
+        assert safe_join("foo", "foo\\bar") is None
 
 
 def test_safe_join_os_sep():
     import werkzeug.security as sec
+
     prev_value = sec._os_alt_seps
-    sec._os_alt_seps = '*'
-    assert safe_join('foo', 'bar/baz*') is None
+    sec._os_alt_seps = "*"
+    assert safe_join("foo", "bar/baz*") is None
     sec._os_alt_steps = prev_value
 
 
@@ -96,41 +102,107 @@ def test_pbkdf2():
     # Assumes default keylen is 20
     # check('password', 'salt', 1, None,
     #      '0c60c80f961f0e71f3a9b524af6012062fe037a6')
-    check('password', 'salt', 1, 20, 'sha1',
-          '0c60c80f961f0e71f3a9b524af6012062fe037a6')
-    check('password', 'salt', 2, 20, 'sha1',
-          'ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957')
-    check('password', 'salt', 4096, 20, 'sha1',
-          '4b007901b765489abead49d926f721d065a429c1')
-    check('passwordPASSWORDpassword', 'saltSALTsaltSALTsaltSALTsaltSALTsalt',
-          4096, 25, 'sha1', '3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038')
-    check('pass\x00word', 'sa\x00lt', 4096, 16, 'sha1',
-          '56fa6aa75548099dcc37d7f03425e0c3')
+    check("password", "salt", 1, 20, "sha1", "0c60c80f961f0e71f3a9b524af6012062fe037a6")
+    check("password", "salt", 2, 20, "sha1", "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957")
+    check(
+        "password", "salt", 4096, 20, "sha1", "4b007901b765489abead49d926f721d065a429c1"
+    )
+    check(
+        "passwordPASSWORDpassword",
+        "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+        4096,
+        25,
+        "sha1",
+        "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038",
+    )
+    check(
+        "pass\x00word", "sa\x00lt", 4096, 16, "sha1", "56fa6aa75548099dcc37d7f03425e0c3"
+    )
 
     # PBKDF2-HMAC-SHA256 test vectors
-    check('password', 'salt', 1, 32, 'sha256',
-          '120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b')
-    check('password', 'salt', 2, 32, 'sha256',
-          'ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43')
-    check('password', 'salt', 4096, 20, 'sha256',
-          'c5e478d59288c841aa530db6845c4c8d962893a0')
+    check(
+        "password",
+        "salt",
+        1,
+        32,
+        "sha256",
+        "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b",
+    )
+    check(
+        "password",
+        "salt",
+        2,
+        32,
+        "sha256",
+        "ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43",
+    )
+    check(
+        "password",
+        "salt",
+        4096,
+        20,
+        "sha256",
+        "c5e478d59288c841aa530db6845c4c8d962893a0",
+    )
 
     # This one is from the RFC but it just takes for ages
     # check('password', 'salt', 16777216, 20,
     #       'eefe3d61cd4da4e4e9945b3d6ba2158c2634e984')
 
     # From Crypt-PBKDF2
-    check('password', 'ATHENA.MIT.EDUraeburn', 1, 16, 'sha1',
-          'cdedb5281bb2f801565a1122b2563515')
-    check('password', 'ATHENA.MIT.EDUraeburn', 1, 32, 'sha1',
-          'cdedb5281bb2f801565a1122b25635150ad1f7a04bb9f3a333ecc0e2e1f70837')
-    check('password', 'ATHENA.MIT.EDUraeburn', 2, 16, 'sha1',
-          '01dbee7f4a9e243e988b62c73cda935d')
-    check('password', 'ATHENA.MIT.EDUraeburn', 2, 32, 'sha1',
-          '01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86')
-    check('password', 'ATHENA.MIT.EDUraeburn', 1200, 32, 'sha1',
-          '5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13')
-    check('X' * 64, 'pass phrase equals block size', 1200, 32, 'sha1',
-          '139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1')
-    check('X' * 65, 'pass phrase exceeds block size', 1200, 32, 'sha1',
-          '9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a')
+    check(
+        "password",
+        "ATHENA.MIT.EDUraeburn",
+        1,
+        16,
+        "sha1",
+        "cdedb5281bb2f801565a1122b2563515",
+    )
+    check(
+        "password",
+        "ATHENA.MIT.EDUraeburn",
+        1,
+        32,
+        "sha1",
+        "cdedb5281bb2f801565a1122b25635150ad1f7a04bb9f3a333ecc0e2e1f70837",
+    )
+    check(
+        "password",
+        "ATHENA.MIT.EDUraeburn",
+        2,
+        16,
+        "sha1",
+        "01dbee7f4a9e243e988b62c73cda935d",
+    )
+    check(
+        "password",
+        "ATHENA.MIT.EDUraeburn",
+        2,
+        32,
+        "sha1",
+        "01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86",
+    )
+    check(
+        "password",
+        "ATHENA.MIT.EDUraeburn",
+        1200,
+        32,
+        "sha1",
+        "5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13",
+    )
+    check(
+        "X" * 64,
+        "pass phrase equals block size",
+        1200,
+        32,
+        "sha1",
+        "139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1",
+    )
+    check(
+        "X" * 65,
+        "pass phrase exceeds block size",
+        1200,
+        32,
+        "sha1",
+        "9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a",
+    )