Commit 5b995163 authored by Jérome Perrin's avatar Jérome Perrin

patches/Restricted: properly support StringIO

Our patch was wrong, it caused guarded_getattr to always allow
attributes of not protected instances of old-style classes. While this
look like a severe security hole, I don't we are using any sensitive non
protected instances

Because cStringIO.StringIO("initial value") makes a read-only StringIO
using another type, this was not supported.
parent 900a9c1c
Pipeline #8772 passed with stage
in 0 seconds
...@@ -417,6 +417,43 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase): ...@@ -417,6 +417,43 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
expected=1 expected=1
) )
def test_StringIO(self):
self.createAndRunScript(
textwrap.dedent('''\
import StringIO
s = StringIO.StringIO()
s.write("ok")
return s.getvalue()
'''),
expected="ok"
)
self.createAndRunScript(
textwrap.dedent('''\
import StringIO
return StringIO.StringIO("ok").getvalue()
'''),
expected="ok"
)
def test_cStringIO(self):
self.createAndRunScript(
textwrap.dedent('''\
import cStringIO
s = cStringIO.StringIO()
s.write("ok")
return s.getvalue()
'''),
expected="ok"
)
self.createAndRunScript(
textwrap.dedent('''\
import cStringIO
return cStringIO.StringIO("ok").getvalue()
'''),
expected="ok"
)
def test_suite(): def test_suite():
suite = unittest.TestSuite() suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestRestrictedPythonSecurity)) suite.addTest(unittest.makeSuite(TestRestrictedPythonSecurity))
......
...@@ -258,13 +258,14 @@ allow_type(type(re.compile(''))) ...@@ -258,13 +258,14 @@ allow_type(type(re.compile('')))
allow_type(type(re.match('x','x'))) allow_type(type(re.match('x','x')))
allow_type(type(re.finditer('x','x'))) allow_type(type(re.finditer('x','x')))
import cStringIO, StringIO
f_cStringIO = cStringIO.StringIO()
f_StringIO = StringIO.StringIO()
allow_module('cStringIO')
allow_module('StringIO') allow_module('StringIO')
allow_type(type(f_cStringIO)) import StringIO
allow_type(type(f_StringIO)) StringIO.StringIO.__allow_access_to_unprotected_subobjects__ = 1
allow_module('cStringIO')
import cStringIO
allow_type(cStringIO.InputType)
allow_type(cStringIO.OutputType)
ModuleSecurityInfo('cgi').declarePublic('escape', 'parse_header') ModuleSecurityInfo('cgi').declarePublic('escape', 'parse_header')
allow_module('datetime') allow_module('datetime')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment