Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Laurent S
erp5
Commits
8b96998e
Commit
8b96998e
authored
Nov 14, 2013
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add a test to check security declarations in methods.
parent
3b2430b6
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
124 additions
and
0 deletions
+124
-0
product/ERP5/tests/testSecurity.py
product/ERP5/tests/testSecurity.py
+124
-0
No files found.
product/ERP5/tests/testSecurity.py
0 → 100644
View file @
8b96998e
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2013 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly advised to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
##############################################################################
import
os
import
unittest
from
types
import
MethodType
from
Acquisition
import
aq_base
from
Products.ERP5Type.tests.ERP5TypeTestCase
import
ERP5TypeTestCase
# You can invoke security tests in your favourite collection of business templates
# by using TestSecurityMixin like the following :
#
# from Products.ERP5.tests.testERP5Security import TestSecurityMixin
# class TestMySecurity(TestSecurityMixin):
# def getBusinessTemplateList(self):
# return (...)
class
TestSecurityMixin
(
ERP5TypeTestCase
):
def
_prepareDocumentList
(
self
):
if
getattr
(
self
,
'_prepareDocumentList_finished'
,
None
):
return
portal_types
=
self
.
portal
.
portal_types
portal_type_dict
=
{}
def
createSubObject
(
obj
):
portal_type
=
obj
.
getPortalType
()
type_info
=
getattr
(
portal_types
,
portal_type
,
None
)
if
type_info
is
None
:
return
for
i
in
type_info
.
getTypeAllowedContentTypeList
():
if
i
in
portal_type_dict
:
continue
portal_type_dict
[
i
]
=
True
try
:
o
=
obj
.
newContent
(
portal_type
=
i
,
created_by_builder
=
True
)
createSubObject
(
o
)
except
:
pass
for
i
in
self
.
portal
.
objectValues
():
if
getattr
(
aq_base
(
i
),
'getPortalType'
,
None
)
is
not
None
:
createSubObject
(
i
)
self
.
_prepareDocumentList_finished
=
True
def
test_method_protection
(
self
):
"""
This test will list all implicitly Public methods in any objects in ZODB.
i.e. those who have a docstring but have no security declaration.
"""
self
.
_prepareDocumentList
()
white_method_id_list
=
[
'om_icons'
,]
app
=
self
.
portal
.
aq_parent
meta_type_dict
=
{}
error_dict
=
{}
for
idx
,
obj
in
app
.
ZopeFind
(
app
,
search_sub
=
1
):
meta_type
=
getattr
(
obj
,
'meta_type'
,
None
)
if
meta_type
is
None
:
continue
if
meta_type
in
meta_type_dict
:
continue
meta_type_dict
[
meta_type
]
=
True
if
'__roles__'
in
obj
.
__class__
.
__dict__
:
continue
method_id_list
=
[
x
for
x
in
dir
(
obj
)
if
callable
(
getattr
(
obj
,
x
,
None
))]
for
method_id
in
method_id_list
:
if
method_id
.
startswith
(
'_'
)
or
method_id
in
white_method_id_list
:
continue
method
=
getattr
(
obj
,
method_id
)
if
isinstance
(
method
,
MethodType
)
and
\
getattr
(
method
,
'func_name'
,
None
)
is
not
None
and
\
method
.
__doc__
and
\
not
hasattr
(
obj
,
'%s__roles__'
%
method_id
)
and
\
method
.
__module__
:
if
method
.
__module__
==
'Products.ERP5Type.Accessor.WorkflowState'
and
method
.
func_code
.
co_name
==
'serialize'
:
continue
func_code
=
method
.
func_code
error_dict
[(
func_code
.
co_filename
,
func_code
.
co_firstlineno
,
method_id
)]
=
True
error_list
=
error_dict
.
keys
()
if
os
.
environ
.
get
(
'erp5_debug_mode'
,
None
):
pass
else
:
error_list
=
filter
(
lambda
x
:
'/erp5/'
in
x
[
0
],
error_list
)
if
error_list
:
message
=
'
\
n
The following %s methods have a docstring but have no security assertions.
\
n
\
t
%s'
\
%
(
len
(
error_list
),
'
\
n
\
t
'
.
join
([
'%s:%s %s'
%
x
for
x
in
sorted
(
error_list
)]))
self
.
fail
(
message
)
class
TestSecurity
(
TestSecurityMixin
):
def
getTitle
(
self
):
return
"Security Test"
def
getBusinessTemplateList
(
self
):
from
Products.ERP5.tests.testXHTML
import
TestXHTML
return
TestXHTML
.
getBusinessTemplateList
()
def
test_suite
():
suite
=
unittest
.
TestSuite
()
suite
.
addTest
(
unittest
.
makeSuite
(
TestSecurity
))
return
suite
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment