diff options
author | Stephan Richter <stephan.richter@gmail.com> | 2013-03-11 00:26:51 -0400 |
---|---|---|
committer | Stephan Richter <stephan.richter@gmail.com> | 2013-03-11 00:26:51 -0400 |
commit | 53db18f89778d18cae8ad9e0581eb5f4e059a3f1 (patch) | |
tree | b9830f25fd44d5c9cf8791957938e9513ba24c1a /src/zope/security/tests | |
parent | 8cce64bbef274d776ac4856843ebe25b7d9cb51f (diff) | |
download | zope-security-53db18f89778d18cae8ad9e0581eb5f4e059a3f1.tar.gz |
Actually made the security proxy secure by not allowing access to
_wrapped and _checker.
Diffstat (limited to 'src/zope/security/tests')
-rw-r--r-- | src/zope/security/tests/test_proxy.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/zope/security/tests/test_proxy.py b/src/zope/security/tests/test_proxy.py index 7c15d52..ce7a046 100644 --- a/src/zope/security/tests/test_proxy.py +++ b/src/zope/security/tests/test_proxy.py @@ -1327,13 +1327,23 @@ class ProxyPyTests(unittest.TestCase, ProxyTestBase): from zope.security.proxy import ProxyPy return ProxyPy + def test_wrapper_checker_unaccessible(self): + from zope.security.proxy import _secret + # Can't access '_wrapped' / '_checker' in C version + target = object() + checker = object() + proxy = self._makeOne(target, checker) + self.assertRaises(AttributeError, getattr, proxy, '_wrapped') + self.assertRaises(AttributeError, getattr, proxy, '_checker') + def test_ctor_w_checker(self): + from zope.security.proxy import _secret # Can't access '_wrapped' / '_checker' in C version target = object() checker = object() proxy = self._makeOne(target, checker) - self.assertTrue(proxy._wrapped is target) - self.assertTrue(proxy._checker is checker) + self.assertTrue(getattr(proxy, '_wrapped'+_secret) is target) + self.assertTrue(getattr(proxy, '_checker'+_secret) is checker) def test___delattr___w__wrapped(self): target = object() |