File Manager

X7ROOT File Manager

Current Path: /usr/lib/python2.7/site-packages/jinja2/testsuite

usr / lib / python2.7 / site-packages / jinja2 / testsuite /

📁 ..
📄 __init__.py(4.53 KB)
📄 __init__.pyc(6.32 KB)
📄 __init__.pyo(6.32 KB)
📄 api.py(10.14 KB)
📄 api.pyc(12.96 KB)
📄 api.pyo(11.26 KB)
📄 bytecode_cache.py(928 B)
📄 bytecode_cache.pyc(1.6 KB)
📄 bytecode_cache.pyo(1.52 KB)
📄 core_tags.py(11.58 KB)
📄 core_tags.pyc(17.46 KB)
📄 core_tags.pyo(14.64 KB)
📄 debug.py(1.89 KB)
📄 debug.pyc(3.05 KB)
📄 debug.pyo(3.05 KB)
📄 doctests.py(905 B)
📄 doctests.pyc(1.16 KB)
📄 doctests.pyo(1.16 KB)
📄 ext.py(17.66 KB)
📄 ext.pyc(22.57 KB)
📄 ext.pyo(18.96 KB)
📄 filters.py(18.72 KB)
📄 filters.pyc(28.54 KB)
📄 filters.pyo(24.28 KB)
📄 imports.py(5.21 KB)
📄 imports.pyc(6.66 KB)
📄 imports.pyo(5.69 KB)
📄 inheritance.py(8.05 KB)
📄 inheritance.pyc(10.33 KB)
📄 inheritance.pyo(8.32 KB)
📄 lexnparse.py(21.79 KB)
📄 lexnparse.pyc(32.97 KB)
📄 lexnparse.pyo(27.24 KB)
📄 loader.py(7.97 KB)
📄 loader.pyc(10.38 KB)
📄 loader.pyo(9 KB)
📄 regression.py(8.19 KB)
📄 regression.pyc(11.46 KB)
📄 regression.pyo(9.96 KB)
📁 res
📄 security.py(6.06 KB)
📄 security.pyc(8.37 KB)
📄 security.pyo(7.4 KB)
📄 tests.py(2.8 KB)
📄 tests.pyc(4.7 KB)
📄 tests.pyo(4.05 KB)
📄 utils.py(2.18 KB)
📄 utils.pyc(3.49 KB)
📄 utils.pyo(3.19 KB)

Editing: security.py

# -*- coding: utf-8 -*-
"""
    jinja2.testsuite.security
    ~~~~~~~~~~~~~~~~~~~~~~~~~

Checks the sandbox and other security features.

:copyright: (c) 2010 by the Jinja Team.
    :license: BSD, see LICENSE for more details.
"""
import unittest

from jinja2.testsuite import JinjaTestCase

from jinja2 import Environment
from jinja2.sandbox import SandboxedEnvironment, \
     ImmutableSandboxedEnvironment, unsafe
from jinja2 import Markup, escape
from jinja2.exceptions import SecurityError, TemplateSyntaxError, \
     TemplateRuntimeError
from jinja2._compat import text_type

class PrivateStuff(object):

def bar(self):
        return 23

@unsafe
    def foo(self):
        return 42

def __repr__(self):
        return 'PrivateStuff'

class PublicStuff(object):
    bar = lambda self: 23
    _foo = lambda self: 42

def __repr__(self):
        return 'PublicStuff'

class SandboxTestCase(JinjaTestCase):

def test_unsafe(self):
        env = SandboxedEnvironment()
        self.assert_raises(SecurityError, env.from_string("{{ foo.foo() }}").render,
                           foo=PrivateStuff())
        self.assert_equal(env.from_string("{{ foo.bar() }}").render(foo=PrivateStuff()), '23')

self.assert_raises(SecurityError, env.from_string("{{ foo._foo() }}").render,
                           foo=PublicStuff())
        self.assert_equal(env.from_string("{{ foo.bar() }}").render(foo=PublicStuff()), '23')
        self.assert_equal(env.from_string("{{ foo.__class__ }}").render(foo=42), '')
        self.assert_equal(env.from_string("{{ foo.func_code }}").render(foo=lambda:None), '')
        # security error comes from __class__ already.
        self.assert_raises(SecurityError, env.from_string(
            "{{ foo.__class__.__subclasses__() }}").render, foo=42)

def test_immutable_environment(self):
        env = ImmutableSandboxedEnvironment()
        self.assert_raises(SecurityError, env.from_string(
            '{{ [].append(23) }}').render)
        self.assert_raises(SecurityError, env.from_string(
            '{{ {1:2}.clear() }}').render)

def test_restricted(self):
        env = SandboxedEnvironment()
        self.assert_raises(TemplateSyntaxError, env.from_string,
                      "{% for item.attribute in seq %}...{% endfor %}")
        self.assert_raises(TemplateSyntaxError, env.from_string,
                      "{% for foo, bar.baz in seq %}...{% endfor %}")

def test_markup_operations(self):
 # adding two strings should escape the unsafe one
 unsafe = '<script type="application/x-some-script">alert("foo");</script>'
 safe = Markup('username')
 assert unsafe + safe == text_type(escape(unsafe)) + text_type(safe)

# string interpolations are safe to use too
 assert Markup('%s') % '<bad user>' == \
 '&lt;bad user&gt;'
 assert Markup('%(username)s') % {
 'username': '<bad user>'
 } == '&lt;bad user&gt;'

# an escaped object is markup too
        assert type(Markup('foo') + 'bar') is Markup

# and it implements __html__ by returning itself
        x = Markup("foo")
        assert x.__html__() is x

# it also knows how to treat __html__ objects
 class Foo(object):
 def __html__(self):
 return 'awesome'
 def __unicode__(self):
 return 'awesome'
 assert Markup(Foo()) == 'awesome'
 assert Markup('%s') % Foo() == \
 'awesome'

# escaping and unescaping
 assert escape('"<>&\'') == '&#34;&lt;&gt;&amp;&#39;'
 assert Markup("Foo &amp; Bar").striptags() == "Foo & Bar"
 assert Markup("&lt;test&gt;").unescape() == "<test>"

def test_template_data(self):
 env = Environment(autoescape=True)
 t = env.from_string('{% macro say_hello(name) %}'
 'Hello {{ name }}!{% endmacro %}'
 '{{ say_hello("<blink>foo</blink>") }}')
 escaped_out = 'Hello &lt;blink&gt;foo&lt;/blink&gt;!'
 assert t.render() == escaped_out
 assert text_type(t.module) == escaped_out
 assert escape(t.module) == escaped_out
 assert t.module.say_hello('<blink>foo</blink>') == escaped_out
 assert escape(t.module.say_hello('<blink>foo</blink>')) == escaped_out

def test_attr_filter(self):
        env = SandboxedEnvironment()
        tmpl = env.from_string('{{ cls|attr("__subclasses__")() }}')
        self.assert_raises(SecurityError, tmpl.render, cls=int)

def test_binary_operator_intercepting(self):
        def disable_op(left, right):
            raise TemplateRuntimeError('that operator so does not work')
        for expr, ctx, rv in ('1 + 2', {}, '3'), ('a + 2', {'a': 2}, '4'):
            env = SandboxedEnvironment()
            env.binop_table['+'] = disable_op
            t = env.from_string('{{ %s }}' % expr)
            assert t.render(ctx) == rv
            env.intercepted_binops = frozenset(['+'])
            t = env.from_string('{{ %s }}' % expr)
            try:
                t.render(ctx)
            except TemplateRuntimeError as e:
                pass
            else:
                self.fail('expected runtime error')

def test_unary_operator_intercepting(self):
        def disable_op(arg):
            raise TemplateRuntimeError('that operator so does not work')
        for expr, ctx, rv in ('-1', {}, '-1'), ('-a', {'a': 2}, '-2'):
            env = SandboxedEnvironment()
            env.unop_table['-'] = disable_op
            t = env.from_string('{{ %s }}' % expr)
            assert t.render(ctx) == rv
            env.intercepted_unops = frozenset(['-'])
            t = env.from_string('{{ %s }}' % expr)
            try:
                t.render(ctx)
            except TemplateRuntimeError as e:
                pass
            else:
                self.fail('expected runtime error')

def suite():
    suite = unittest.TestSuite()
    suite.addTest(unittest.makeSuite(SandboxTestCase))
    return suite

X7ROOT File Manager

Editing: security.py

Upload File

Create Folder