,Qc@sdZddlZddlmZddlmZddlmZmZm Z ddlm Z m Z ddl m Z mZmZddlmZd efd YZd efd YZd efdYZdZdS(s jinja2.testsuite.security ~~~~~~~~~~~~~~~~~~~~~~~~~ Checks the sandbox and other security features. :copyright: (c) 2010 by the Jinja Team. :license: BSD, see LICENSE for more details. iN(t JinjaTestCase(t Environment(tSandboxedEnvironmenttImmutableSandboxedEnvironmenttunsafe(tMarkuptescape(t SecurityErrortTemplateSyntaxErrortTemplateRuntimeError(t text_typet PrivateStuffcBs)eZdZedZdZRS(cCsdS(Ni((tself((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pytbarscCsdS(Ni*((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pytfooscCsdS(NR ((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt__repr__!s(t__name__t __module__R RRR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR s t PublicStuffcBs#eZdZdZdZRS(cCsdS(Ni((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt&scCsdS(Ni*((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR'scCsdS(NR((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR)s(RRR t_fooR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR%s  tSandboxTestCasecBsPeZdZdZdZdZdZdZdZdZ RS(cCst}|jt|jdjdt|j|jdjdtd|jt|jdjdt|j|jdjdtd|j|jdjddd|j|jd jdd d|jt|jd jdddS( Ns{{ foo.foo() }}Rs{{ foo.bar() }}t23s{{ foo._foo() }}s{{ foo.__class__ }}i*ts{{ foo.func_code }}cSsdS(N(tNone(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR9ss${{ foo.__class__.__subclasses__() }}(Rt assert_raisesRt from_stringtrenderR t assert_equalR(R tenv((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt test_unsafe/s  ( (%(cCsEt}|jt|jdj|jt|jdjdS(Ns{{ [].append(23) }}s{{ {1:2}.clear() }}(RRRRR(R R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_immutable_environment>s   cCs9t}|jt|jd|jt|jddS(Ns.{% for item.attribute in seq %}...{% endfor %}s,{% for foo, bar.baz in seq %}...{% endfor %}(RRRR(R R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_restrictedEs  cCs8d}td}td}dtfdY}dS(Ns?susernameRtFoocBseZdZdZRS(cSsdS(Nsawesome((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt__html__bscSsdS(Ntawesome((R ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt __unicode__ds(RRR"R$(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR!as (Rtobject(R RtsafetxR!((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_markup_operationsLs    cCs(tdt}|jd}d}dS(Nt autoescapesf{% macro say_hello(name) %}

Hello {{ name }}!

{% endmacro %}{{ say_hello("foo") }}s,

Hello <blink>foo</blink>!

(RtTrueR(R Rttt escaped_out((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_template_dataoscCs5t}|jd}|jt|jdtdS(Ns"{{ cls|attr("__subclasses__")() }}tcls(RRRRRtint(R Rttmpl((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_attr_filter{s cCsd}xdidfdidd6dffD]\}}}t}||jd<|jd |}tdg|_|jd |}y|j|Wntk r}q/X|jd q/WdS( NcSstddS(Nsthat operator so does not work(R (tlefttright((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt disable_opss1 + 2t3sa + 2itat4t+s{{ %s }}sexpected runtime error(Rt binop_tableRt frozensettintercepted_binopsRR tfail(R R4texprtctxtrvRR+te((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt!test_binary_operator_interceptings 5  cCsd}xdidfdidd6dffD]\}}}t}||jd<|jd|}tdg|_|jd|}y|j|Wntk r}q/X|jd q/WdS( NcSstddS(Nsthat operator so does not work(R (targ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR4ss-1s-aiR6s-2t-s{{ %s }}sexpected runtime error(Rt unop_tableRR:tintercepted_unopsRR R<(R R4R=R>R?RR+R@((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt test_unary_operator_interceptings 5  ( RRRRR R(R-R1RARF(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR-s    #  cCs&tj}|jtjt|S(N(tunittestt TestSuitetaddTestt makeSuiteR(tsuite((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyRKs (t__doc__RGtjinja2.testsuiteRtjinja2Rtjinja2.sandboxRRRRRtjinja2.exceptionsRRR tjinja2._compatR R%R RRRK(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt s  v