Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
erp5
Commits
4f6c130b
Commit
4f6c130b
authored
Feb 27, 2019
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
restricted: allow urlparse in restricted python
/reviewed-on
nexedi/erp5!839
parent
f1bbc5aa
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
35 additions
and
4 deletions
+35
-4
product/ERP5Type/patches/Restricted.py
product/ERP5Type/patches/Restricted.py
+3
-0
product/ERP5Type/tests/testRestrictedPythonSecurity.py
product/ERP5Type/tests/testRestrictedPythonSecurity.py
+32
-4
No files found.
product/ERP5Type/patches/Restricted.py
View file @
4f6c130b
...
@@ -261,6 +261,9 @@ allow_type(type(hashlib.md5()))
...
@@ -261,6 +261,9 @@ allow_type(type(hashlib.md5()))
allow_module
(
'time'
)
allow_module
(
'time'
)
allow_module
(
'unicodedata'
)
allow_module
(
'unicodedata'
)
allow_module
(
'urlparse'
)
allow_module
(
'urlparse'
)
import
urlparse
allow_type
(
urlparse
.
ParseResult
)
allow_type
(
urlparse
.
SplitResult
)
allow_module
(
'struct'
)
allow_module
(
'struct'
)
ModuleSecurityInfo
(
'os.path'
).
declarePublic
(
ModuleSecurityInfo
(
'os.path'
).
declarePublic
(
...
...
product/ERP5Type/tests/testRestrictedPythonSecurity.py
View file @
4f6c130b
...
@@ -91,7 +91,35 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
...
@@ -91,7 +91,35 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
self
.
createAndRunScript
(
'import decimal'
,
self
.
createAndRunScript
(
'import decimal'
,
'return decimal.Decimal.from_float(3.3)'
)
'return decimal.Decimal.from_float(3.3)'
)
def
test_suite
():
def
test_urlparse
(
self
):
suite
=
unittest
.
TestSuite
()
self
.
createAndRunScript
(
suite
.
addTest
(
unittest
.
makeSuite
(
TestRestrictedPythonSecurity
))
'import urlparse'
,
return
suite
'return urlparse.urlparse("http://example.com/pa/th/?q=s").path'
,
expected
=
'/pa/th/'
)
# access computed attributes (property) is also OK
self
.
createAndRunScript
(
'import urlparse'
,
'return urlparse.urlparse("http://example.com/pa/th/?q=s").hostname'
,
expected
=
'example.com'
)
self
.
createAndRunScript
(
'import urlparse'
,
'return urlparse.urlsplit("http://example.com/pa/th/?q=s").path'
,
expected
=
'/pa/th/'
)
self
.
createAndRunScript
(
'import urlparse'
,
'return urlparse.urldefrag("http://example.com/#frag")[1]'
,
expected
=
'frag'
)
self
.
createAndRunScript
(
'import urlparse'
,
'return urlparse.parse_qs("q=s")'
,
expected
=
{
'q'
:
[
's'
]}
)
self
.
createAndRunScript
(
'import urlparse'
,
'return urlparse.parse_qsl("q=s")'
,
expected
=
[(
'q'
,
's'
)]
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment