8889841có ,òQc@sßdZddlZddlmZddlmZddlmZmZm Z ddlm Z m Z ddl m Z mZmZddlmZd efd „ƒYZd efd „ƒYZd efd„ƒYZd„ZdS(sÐ jinja2.testsuite.security ~~~~~~~~~~~~~~~~~~~~~~~~~ Checks the sandbox and other security features. :copyright: (c) 2010 by the Jinja Team. :license: BSD, see LICENSE for more details. iÿÿÿÿN(t JinjaTestCase(t Environment(tSandboxedEnvironmenttImmutableSandboxedEnvironmenttunsafe(tMarkuptescape(t SecurityErrortTemplateSyntaxErrortTemplateRuntimeError(t text_typet PrivateStuffcBs)eZd„Zed„ƒZd„ZRS(cCsdS(Ni((tself((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pytbarscCsdS(Ni*((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pytfooscCsdS(NR ((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt__repr__!s(t__name__t __module__R RRR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR s t PublicStuffcBs#eZd„Zd„Zd„ZRS(cCsdS(Ni((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt&scCsdS(Ni*((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR'scCsdS(NR((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR)s(RRR t_fooR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR%s  tSandboxTestCasecBsPeZd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Z RS(cCstƒ}|jt|jdƒjdtƒƒ|j|jdƒjdtƒƒdƒ|jt|jdƒjdtƒƒ|j|jdƒjdtƒƒdƒ|j|jdƒjddƒdƒ|j|jd ƒjdd „ƒdƒ|jt|jd ƒjddƒdS( Ns{{ foo.foo() }}Rs{{ foo.bar() }}t23s{{ foo._foo() }}s{{ foo.__class__ }}i*ts{{ foo.func_code }}cSsdS(N(tNone(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR9ss${{ foo.__class__.__subclasses__() }}(Rt assert_raisesRt from_stringtrenderR t assert_equalR(R tenv((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt test_unsafe/s  ( (%(cCsEtƒ}|jt|jdƒjƒ|jt|jdƒjƒdS(Ns{{ [].append(23) }}s{{ {1:2}.clear() }}(RRRRR(R R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_immutable_environment>s   cCs9tƒ}|jt|jdƒ|jt|jdƒdS(Ns.{% for item.attribute in seq %}...{% endfor %}s,{% for foo, bar.baz in seq %}...{% endfor %}(RRRR(R R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_restrictedEs  cCskd}tdƒ}||tt|ƒƒt|ƒks>t‚tdƒddksZt‚tdƒidd6dks}t‚ttdƒd ƒtksŸt‚tdƒ}|jƒ|ksÃt‚d tfd „ƒY}t|ƒƒd ksôt‚td ƒ|ƒdkst‚tdƒdks+t‚tdƒjƒdksIt‚tdƒjƒdksgt‚dS(Ns?susernames %ss s<bad user>s%(username)stusernameRR tFoocBseZd„Zd„ZRS(cSsdS(Nsawesome((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt__html__bscSsdS(Ntawesome((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt __unicode__ds(RRR#R%(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR"as sawesomes%ss!awesomes"<>&'s"<>&'sFoo & Bars Foo & Bars <test>s( RR RtAssertionErrorttypeR#tobjectt striptagstunescape(R RtsafetxR"((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_markup_operationsLs$ ,  " cCs¸tdtƒ}|jdƒ}d}|jƒ|ks<t‚t|jƒ|ksWt‚t|jƒ|ksrt‚|jjdƒ|kst‚t|jjdƒƒ|ks´t‚dS(Nt autoescapesf{% macro say_hello(name) %}

Hello {{ name }}!

{% endmacro %}{{ say_hello("foo") }}s,

Hello <blink>foo</blink>!

sfoo( RtTrueRRR&R tmoduleRt say_hello(R Rttt escaped_out((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_template_dataoscCs5tƒ}|jdƒ}|jt|jdtƒdS(Ns"{{ cls|attr("__subclasses__")() }}tcls(RRRRRtint(R Rttmpl((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_attr_filter{s cCsãd„}xÓdidfdidd6dffD]¬\}}}tƒ}||jd<|jd |ƒ}|j|ƒ|ks‚t‚tdgƒ|_|jd |ƒ}y|j|ƒWntk rÍ}q/X|jd ƒq/WdS( NcSstdƒ‚dS(Nsthat operator so does not work(R (tlefttright((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt disable_opss1 + 2t3sa + 2itat4t+s{{ %s }}sexpected runtime error( Rt binop_tableRRR&t frozensettintercepted_binopsR tfail(R R;texprtctxtrvRR2te((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt!test_binary_operator_intercepting€s 5  cCsãd„}xÓdidfdidd6dffD]¬\}}}tƒ}||jd<|jd|ƒ}|j|ƒ|ks‚t‚tdgƒ|_|jd|ƒ}y|j|ƒWntk rÍ}q/X|jd ƒq/WdS( NcSstdƒ‚dS(Nsthat operator so does not work(R (targ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR;’ss-1s-aiR=s-2t-s{{ %s }}sexpected runtime error( Rt unop_tableRRR&RAtintercepted_unopsR RC(R R;RDRERFRR2RG((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt test_unary_operator_intercepting‘s 5  ( RRRRR R-R4R8RHRM(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR-s    #  cCs&tjƒ}|jtjtƒƒ|S(N(tunittestt TestSuitetaddTestt makeSuiteR(tsuite((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyRR£s (t__doc__RNtjinja2.testsuiteRtjinja2Rtjinja2.sandboxRRRRRtjinja2.exceptionsRRR tjinja2._compatR R(R RRRR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt s  v