�
,��Qc@s�dZddlZddlmZddlmZddlmZmZm Z ddlm
Z
mZddlm
Z
mZmZddlmZd efd
��YZdefd��YZd
efd��YZd�ZdS(s�
jinja2.testsuite.security
~~~~~~~~~~~~~~~~~~~~~~~~~
Checks the sandbox and other security features.
:copyright: (c) 2010 by the Jinja Team.
:license: BSD, see LICENSE for more details.
i����N(t
JinjaTestCase(tEnvironment(tSandboxedEnvironmenttImmutableSandboxedEnvironmenttunsafe(tMarkuptescape(t
SecurityErrortTemplateSyntaxErrortTemplateRuntimeError(t text_typetPrivateStuffcBs)eZd�Zed��Zd�ZRS(cCsdS(Ni((tself((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pytbarscCsdS(Ni*((R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pytfooscCsdS(NR((R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt__repr__!s(t__name__t
__module__R
RRR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyRs tPublicStuffcBs#eZd�Zd�Zd�ZRS(cCsdS(Ni((R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt<lambda>&scCsdS(Ni*((R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR'scCsdS(NR((R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR)s(RRR
t_fooR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR%s tSandboxTestCasecBsPeZd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Z RS(cCst�}|jt|jd�jdt��|j|jd�jdt��d�|jt|jd�jdt��|j|jd�jdt��d�|j|jd�jdd�d�|j|jd �jdd
��d�|jt|jd�jdd�dS(Ns{{ foo.foo() }}Rs{{ foo.bar() }}t23s{{ foo._foo() }}s{{ foo.__class__ }}i*ts{{ foo.func_code }}cSsdS(N(tNone(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR9ss${{ foo.__class__.__subclasses__() }}(Rt
assert_raisesRtfrom_stringtrenderRtassert_equalR(Rtenv((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_unsafe/s
(
(%(cCsEt�}|jt|jd�j�|jt|jd�j�dS(Ns{{ [].append(23) }}s{{ {1:2}.clear() }}(RRRRR(RR((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_immutable_environment>s
cCs9t�}|jt|jd�|jt|jd�dS(Ns.{% for item.attribute in seq %}...{% endfor %}s,{% for foo, bar.baz in seq %}...{% endfor %}(RRRR(RR((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_restrictedEs
cCskd}td�}||tt|��t|�ks>t�td�ddksZt�td�idd6dks}t�ttd�d �tks�t�td�}|j�|ks�t�d
tfd��Y}t|��dks�t�td
�|�dkst�td�dks+t�td�j�dksIt�td�j�dksgt�dS(Ns?<script type="application/x-some-script">alert("foo");</script>s<em>username</em>s<em>%s</em>s
<bad user>s<em><bad user></em>s<em>%(username)s</em>tusernameRR
tFoocBseZd�Zd�ZRS(cSsdS(Ns<em>awesome</em>((R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt__html__bscSsdS(Ntawesome((R((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt__unicode__ds(RRR#R%(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR"as s<em>awesome</em>s<strong>%s</strong>s!<strong><em>awesome</em></strong>s"<>&'s"<>&'s<em>Foo & Bar</em>s Foo & Bars<test>s<test>( RR
RtAssertionErrorttypeR#tobjectt striptagstunescape(RRtsafetxR"((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_markup_operationsLs$,
"cCs�tdt�}|jd�}d}|j�|ks<t�t|j�|ksWt�t|j�|ksrt�|jjd�|ks�t�t|jjd��|ks�t�dS(Nt
autoescapesf{% macro say_hello(name) %}<p>Hello {{ name }}!</p>{% endmacro %}{{ say_hello("<blink>foo</blink>") }}s,<p>Hello <blink>foo</blink>!</p>s<blink>foo</blink>( RtTrueRRR&R
tmoduleRt say_hello(RRtttescaped_out((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_template_dataoscCs5t�}|jd�}|jt|jdt�dS(Ns"{{ cls|attr("__subclasses__")() }}tcls(RRRRRtint(RRttmpl((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyttest_attr_filter{s cCs�d�}x�didfdidd6dffD]�\}}}t�}||jd<|jd |�}|j|�|ks�t�tdg�|_|jd |�}y|j|�Wntk
r�}q/X|jd
�q/WdS(NcSstd��dS(Nsthat operator so does not work(R (tlefttright((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt
disable_op�ss1 + 2t3sa + 2itat4t+s{{ %s }}sexpected runtime error( Rtbinop_tableRRR&t frozensettintercepted_binopsR tfail(RR;texprtctxtrvRR2te((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt!test_binary_operator_intercepting�s 5
cCs�d�}x�didfdidd6dffD]�\}}}t�}||jd<|jd|�}|j|�|ks�t�tdg�|_|jd|�}y|j|�Wntk
r�}q/X|jd �q/WdS(
NcSstd��dS(Nsthat operator so does not work(R (targ((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR;�ss-1s-aiR=s-2t-s{{ %s }}sexpected runtime error( Rt
unop_tableRRR&RAtintercepted_unopsR RC(RR;RDRERFRR2RG((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt test_unary_operator_intercepting�s 5
(
RRRRR R-R4R8RHRM(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyR-s # cCs&tj�}|jtjt��|S(N(tunittestt TestSuitetaddTestt makeSuiteR(tsuite((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyRR�s(t__doc__RNtjinja2.testsuiteRtjinja2Rtjinja2.sandboxRRRRRtjinja2.exceptionsRRR tjinja2._compatR
R(RRRRR(((s=/usr/lib/python2.7/site-packages/jinja2/testsuite/security.pyt<module>
s
v |