Convert the base32 string to uppercase before decoding (#630)

thinkst · Dec 9, 2024 · 7e83cf6 · 7e83cf6
1 parent 0435113
commit 7e83cf6
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/canarytokens/tokens.py b/canarytokens/tokens.py
@@ -272,10 +272,10 @@ def correct_base32_padding(b32_data):
             return b32_data
 
         if file_name and file_name != "f":
-            b32_data = correct_base32_padding(file_name[0:])
+            b32_data = correct_base32_padding(file_name[0:].upper())
             data["windows_fake_fs_file_name"] = base64.b32decode(b32_data).decode()
         if process_name and process_name != "i":
-            b32_data = correct_base32_padding(process_name[0:])
+            b32_data = correct_base32_padding(process_name[0:].upper())
             data["windows_fake_fs_process_name"] = base64.b32decode(b32_data).decode()
 
         return {"src_data": data}
@@ -570,8 +570,8 @@ def _get_info_for_webdav(request: Request):
         hit_time = datetime.utcnow().strftime("%s.%f")
         hit_info = {
             "additional_info": WebDavAdditionalInfo(
-                 file_path=request.getHeader("X-Alert-Path"),
-                 useragent=http_general_info["useragent"],
+                file_path=request.getHeader("X-Alert-Path"),
+                useragent=http_general_info["useragent"],
             ),
             "geo_info": queries.get_geoinfo(ip=client_ip),
             "input_channel": INPUT_CHANNEL_HTTP,

diff --git a/tests/units/test_tokens.py b/tests/units/test_tokens.py
@@ -99,6 +99,13 @@ def test_cmd_process_pattern(
             "doc b.docx",
             "explorer.exe",
         ),
+        (
+            # ensure lowercase also works
+            "u7595.fmrxwgidcfzsg6y3y.imv4ha3dpojsxeltfpbsq.someid.sometoken.com",
+            "7595",
+            "doc b.docx",
+            "explorer.exe",
+        ),
         (
             "u7595.f.iMV4HA3DPOJSXELTFPBSQ.someid.sometoken.com",
             "7595",