Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / jinja / c9fe16ed8d727b01cd13f4c0c8939e00ee174d7b / . / tests / test_security.py
blob: 78a1e0a2f5ad5661bde1084bd7f7cc2706ac6d3e [file] [log] [blame]
# -*- coding: utf-8 -*-
"""
unit test for security features
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:copyright: 2007 by Armin Ronacher.
:license: BSD, see LICENSE for more details.
"""
class PrivateStuff(object):
bar = lambda self: 23
foo = lambda self: 42
foo.jinja_unsafe_call = True
class PublicStuff(object):
jinja_allowed_attributes = ['bar']
bar = lambda self: 23
foo = lambda self: 42
test_unsafe = '''
>>> env.from_string("{{ foo.foo() }}").render(foo=MODULE.PrivateStuff())
u''
>>> env.from_string("{{ foo.bar() }}").render(foo=MODULE.PrivateStuff())
u'23'
>>> env.from_string("{{ foo.foo() }}").render(foo=MODULE.PublicStuff())
u''
>>> env.from_string("{{ foo.bar() }}").render(foo=MODULE.PublicStuff())
u'23'
>>> env.from_string("{{ foo.__class__ }}").render(foo=42)
u''
>>> env.from_string("{{ foo.func_code }}").render(foo=lambda:None)
u''
'''
test_restricted = '''
>>> env.from_string("{% for item.attribute in seq %}...{% endfor %}")
Traceback (most recent call last):
...
TemplateSyntaxError: cannot assign to expression (line 1)
>>> env.from_string("{% for foo, bar.baz in seq %}...{% endfor %}")
Traceback (most recent call last):
...
TemplateSyntaxError: cannot assign to expression (line 1)
'''