cloudvision/cvlib: Update doType7Obfuscation and add tests

KhalidANET · KhalidANET · commit f54d88f7426b · 2025-12-19T19:51:15.000Z
- Make salt(random value if not provided), obf(default value if
  not provided) parameter optional in doType7Obfuscation.

- Add Unit Tests for doType7Obfuscation.

Closes: BUG852371

Change-Id: I3af269821645bc84941ca2200638bad8e16b3b03
diff --git a/cloudvision/cvlib/utils.py b/cloudvision/cvlib/utils.py
@@ -4,6 +4,7 @@
 
 import re
 import crypt
+import random
 from typing import Any, Dict
 from json import loads
 
@@ -65,28 +66,45 @@ def extractJSONEncodedListArg(listArg: str):
     return extractedList
 
 
-def doType7Obfuscation(plaintext: str, salt: int, obf: str):
+OBFUSCATOR = "dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncxv9873254k;fg87"
+
+
+def doType7Obfuscation(plaintext: str, salt: int | None = None, obf: str = ""):
     """
     Perform Type 7 password obfuscation using XOR encoding.
 
     Args:
         plaintext (str): The plaintext password to obfuscate.
-        salt (int): The salt value (0-99) to use for obfuscation.
-        obf (str): The obfuscator string to use for obfuscation.
+        salt (int | None): The salt value (0-15). If None, a random salt is generated.
+        obf (str): The obfuscator string for XOR encoding. If empty,
+            a default obfuscator is used.
 
     Returns:
-        The obfuscated password as a string.
+        The obfuscated password prefixed with the 2-digit salt,
+            or empty string if plaintext is empty.
     """
-    assert 0 <= salt < 100
     if not plaintext:
+        # If the password is empty, return an empty string without the salt
         return plaintext
-    result = f"{salt:02d}"
-    obfsize = len(obf)
-    for i, x in enumerate(plaintext):
-        y = obf[(i + salt) % obfsize]
-        key = ord(x) ^ ord(y)
-        result += f'{key:02X}'
-    return result
+
+    if salt is None:
+        salt = random.randint(0, 15)
+
+    if salt < 0 or salt > 15:
+        raise ValueError("Salt must be between 0 and 15")
+
+    if not obf:
+        obf = OBFUSCATOR
+
+    obf_bytes = obf.encode("UTF-8")
+    plaintext_bytes = plaintext.encode("UTF-8")
+
+    result_bytes = bytearray()
+    for i, char_byte in enumerate(plaintext_bytes):
+        key_byte = obf_bytes[(i + salt) % len(obf_bytes)]
+        result_bytes.append(char_byte ^ key_byte)
+
+    return f"{salt:02d}{result_bytes.hex().upper()}"
 
 
 def doSHA512Hashing(plaintext: str, salt: str):
diff --git a/test/cvlib/context/test_utils.py b/test/cvlib/context/test_utils.py
@@ -4,7 +4,7 @@
 
 import pytest
 
-from cloudvision.cvlib.utils import doSHA512Hashing
+from cloudvision.cvlib.utils import doSHA512Hashing, doType7Obfuscation
 
 
 sha512Cases = [
@@ -34,3 +34,57 @@
 def test_sha512_hashing(input, salt, expected):
     actual = doSHA512Hashing(input, salt)
     assert actual == expected
+
+
+type7ObfuscationCases = [
+    # Success cases (exception=False)
+    pytest.param("", 0, None, "", False, id="empty_input"),
+    pytest.param("password", 10, None, "105E080A16001D1908", False, id="base_case"),
+    pytest.param("password", 0, None, "00141215174C04140B", False, id="salt_zero"),
+    pytest.param("password", 15, None, "15020A1F173D24362C", False, id="salt_fifteen"),
+    pytest.param("茶", 10, None, "10C6E5CF", False, id="unicode_input"),
+    pytest.param(
+        "password",
+        10,
+        "ABCDEFGHIJKLMNOPQRST",
+        "103B2D3E3D383F2336",
+        False,
+        id="custom_obfuscator",
+    ),
+    pytest.param(
+        "password",
+        10,
+        "茶",
+        "10FCD79BFFC187FED2",
+        False,
+        id="unicode_obfuscator",
+    ),
+    # Error cases (exception=True)
+    pytest.param(
+        "password",
+        -1,
+        None,
+        "Salt must be between 0 and 15",
+        True,
+        id="salt_negative",
+    ),
+    pytest.param(
+        "password",
+        16,
+        None,
+        "Salt must be between 0 and 15",
+        True,
+        id="salt_too_large",
+    ),
+]
+
+
+@pytest.mark.parametrize("input, salt, obf, expected, exception", type7ObfuscationCases)
+def test_type7_obfuscation(input, salt, obf, expected, exception):
+    if exception:
+        with pytest.raises(ValueError) as exc_info:
+            doType7Obfuscation(input, salt, obf)
+        assert expected in str(exc_info.value), "Unexpected exception"
+    else:
+        actual = doType7Obfuscation(input, salt, obf)
+        assert actual == expected, "Response is not expected"
