ó ,òQc@sßdZddlZddlmZddlmZddlmZmZm Z ddlm Z m Z ddl m Z mZmZddlmZd efd „ƒYZd efd „ƒYZd efd„ƒYZd„ZdS(sÐ jinja2.testsuite.security ~~~~~~~~~~~~~~~~~~~~~~~~~ Checks the sandbox and other security features. :copyright: (c) 2010 by the Jinja Team. :license: BSD, see LICENSE for more details. iÿÿÿÿN(t JinjaTestCase(t Environment(tSandboxedEnvironmenttImmutableSandboxedEnvironmenttunsafe(tMarkuptescape(t SecurityErrortTemplateSyntaxErrortTemplateRuntimeError(t text_typet PrivateStuffcBs)eZd„Zed„ƒZd„ZRS(cCsdS(Ni((tself((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pytbarscCsdS(Ni*((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pytfooscCsdS(NR ((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt__repr__!s(t__name__t __module__R RRR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR s t PublicStuffcBs#eZd„Zd„Zd„ZRS(cCsdS(Ni((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt&scCsdS(Ni*((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR'scCsdS(NR((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR)s(RRR t_fooR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR%s  tSandboxTestCasecBsPeZd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Z RS(cCstƒ}|jt|jdƒjdtƒƒ|j|jdƒjdtƒƒdƒ|jt|jdƒjdtƒƒ|j|jdƒjdtƒƒdƒ|j|jdƒjddƒdƒ|j|jd ƒjdd „ƒdƒ|jt|jd ƒjddƒdS( Ns{{ foo.foo() }}Rs{{ foo.bar() }}t23s{{ foo._foo() }}s{{ foo.__class__ }}i*ts{{ foo.func_code }}cSsdS(N(tNone(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR9ss${{ foo.__class__.__subclasses__() }}(Rt assert_raisesRt from_stringtrenderR t assert_equalR(R tenv((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt test_unsafe/s  ( (%(cCsEtƒ}|jt|jdƒjƒ|jt|jdƒjƒdS(Ns{{ [].append(23) }}s{{ {1:2}.clear() }}(RRRRR(R R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_immutable_environment>s   cCs9tƒ}|jt|jdƒ|jt|jdƒdS(Ns.{% for item.attribute in seq %}...{% endfor %}s,{% for foo, bar.baz in seq %}...{% endfor %}(RRRR(R R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_restrictedEs  cCs8d}tdƒ}tdƒ}dtfd„ƒY}dS(Ns?susernameRtFoocBseZd„Zd„ZRS(cSsdS(Nsawesome((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt__html__bscSsdS(Ntawesome((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt __unicode__ds(RRR"R$(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR!as (Rtobject(R RtsafetxR!((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_markup_operationsLs    cCs(tdtƒ}|jdƒ}d}dS(Nt autoescapesf{% macro say_hello(name) %}

Hello {{ name }}!

{% endmacro %}{{ say_hello("foo") }}s,

Hello <blink>foo</blink>!

(RtTrueR(R Rttt escaped_out((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_template_dataoscCs5tƒ}|jdƒ}|jt|jdtƒdS(Ns"{{ cls|attr("__subclasses__")() }}tcls(RRRRRtint(R Rttmpl((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_attr_filter{s cCsÈd„}x¸didfdidd6dffD]‘\}}}tƒ}||jd<|jd |ƒ}tdgƒ|_|jd |ƒ}y|j|ƒWntk r²}q/X|jd ƒq/WdS( NcSstdƒ‚dS(Nsthat operator so does not work(R (tlefttright((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt disable_opss1 + 2t3sa + 2itat4t+s{{ %s }}sexpected runtime error(Rt binop_tableRt frozensettintercepted_binopsRR tfail(R R4texprtctxtrvRR+te((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt!test_binary_operator_intercepting€s 5  cCsÈd„}x¸didfdidd6dffD]‘\}}}tƒ}||jd<|jd|ƒ}tdgƒ|_|jd|ƒ}y|j|ƒWntk r²}q/X|jd ƒq/WdS( NcSstdƒ‚dS(Nsthat operator so does not work(R (targ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR4’ss-1s-aiR6s-2t-s{{ %s }}sexpected runtime error(Rt unop_tableRR:tintercepted_unopsRR R<(R R4R=R>R?RR+R@((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt test_unary_operator_intercepting‘s 5  ( RRRRR R(R-R1RARF(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR-s    #  cCs&tjƒ}|jtjtƒƒ|S(N(tunittestt TestSuitetaddTestt makeSuiteR(tsuite((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyRK£s (t__doc__RGtjinja2.testsuiteRtjinja2Rtjinja2.sandboxRRRRRtjinja2.exceptionsRRR tjinja2._compatR R%R RRRK(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt s  v