1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
##############################################################################
#
# Copyright (c) 2004-2009 Zope Foundation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Doc tests for the pagetemplate's 'engine' module
"""
import doctest
import re
import unittest
import zope.pagetemplate.engine
from zope.testing.renormalizing import RENormalizing
class DummyNamespace(object):
def __init__(self, context):
self.context = context
class EngineTests(unittest.TestCase):
def setUp(self):
from zope.component.testing import setUp
setUp()
def tearDown(self):
from zope.component.testing import tearDown
tearDown()
def test_function_namespaces_return_secured_proxies(self):
# See https://bugs.launchpad.net/zope3/+bug/98323
from zope.component import provideAdapter
from zope.traversing.interfaces import IPathAdapter
from zope.pagetemplate.engine import _Engine
from zope.proxy import isProxy
provideAdapter(DummyNamespace, (None,), IPathAdapter, name='test')
engine = _Engine()
namespace = engine.getFunctionNamespace('test')
self.assertTrue(isProxy(namespace))
class DummyEngine(object):
def getTypes(self):
return {}
class DummyContext(object):
_engine = DummyEngine()
def __init__(self, **kw):
self.vars = kw
class ZopePythonExprTests(unittest.TestCase):
def test_simple(self):
from zope.pagetemplate.engine import ZopePythonExpr
expr = ZopePythonExpr('python', 'max(a,b)', DummyEngine())
self.assertEqual(expr(DummyContext(a=1, b=2)), 2)
def test_allowed_module_name(self):
from zope.pagetemplate.engine import ZopePythonExpr
expr = ZopePythonExpr('python', '__import__("sys").__name__',
DummyEngine())
self.assertEqual(expr(DummyContext()), 'sys')
def test_forbidden_module_name(self):
from zope.pagetemplate.engine import ZopePythonExpr
from zope.security.interfaces import Forbidden
expr = ZopePythonExpr('python', '__import__("sys").exit',
DummyEngine())
self.assertRaises(Forbidden, expr, DummyContext())
def test_disallowed_builtin(self):
from zope.pagetemplate.engine import ZopePythonExpr
expr = ZopePythonExpr('python', 'open("x", "w")', DummyEngine())
self.assertRaises(NameError, expr, DummyContext())
def test_suite():
checker = RENormalizing([
# Python 3 includes module name in exceptions
(re.compile(r"zope.security.interfaces.ForbiddenAttribute"),
"ForbiddenAttribute"),
(re.compile(r"<class 'zope.security._proxy._Proxy'>"),
"<type 'zope.security._proxy._Proxy'>"),
(re.compile(r"<class 'list'>"), "<type 'list'>"),
# PyPy/pure-Python implementation
(re.compile(r"<class 'zope.security.proxy.ProxyPy'>"),
"<type 'zope.security._proxy._Proxy'>"),
])
suite = unittest.TestSuite()
suite.addTest(doctest.DocTestSuite('zope.pagetemplate.engine',
checker=checker))
suite.addTest(unittest.makeSuite(EngineTests))
if zope.pagetemplate.engine.HAVE_UNTRUSTED:
suite.addTest(unittest.makeSuite(ZopePythonExprTests))
return suite
if __name__ == '__main__':
unittest.main(defaultTest='test_suite')
|