Beispiel #1
0
def test_type_bases():
    from sys import version_info
    if version_info < (2, 6):
        raise SkipTest("tests disabled on Python < 2.6")

    code = unindent('''
    def test():
        class A(object):
            pass
        class B(object):
            pass
        class X(A):
            pass
        X.__bases__ = (B,)
        if not issubclass(X, B):
            raise AttributeError("__bases__ error")
    ''')

    unsafe_code = code + unindent('''
        try:
            test()
        except AttributeError, err:
            assert str(err) == "__bases__ error"
        else:
            assert False
    ''')
    createSandbox().execute(unsafe_code)

    safe_code = code + unindent('''
        test()
    ''')
    execute_code(safe_code)
Beispiel #2
0
def test_func_globals():
    code = unindent('''
        SECRET = 42

        def get_secret_from_func_globals():
            def mysum(a, b):
                return a+b
            try:
                func_globals = mysum.func_globals
            except AttributeError:
                # Python 2.6+
                func_globals = mysum.__globals__
            return func_globals['SECRET']
    ''')

    unsafe_code = code + unindent('''
        try:
            get_secret_from_func_globals()
        except AttributeError, err:
            assert str(err) == "'function' object has no attribute '__globals__'"
        else:
            assert False
    ''')
    createSandbox().execute(unsafe_code)

    safe_code = code + unindent("""
        assert get_secret_from_func_globals() == 42
    """)
    execute_code(safe_code)
Beispiel #3
0
def test_del_builtin():
    code = unindent('''
        def del_builtin_import():
            import_func = __builtins__['__import__']
            dict.__delitem__(__builtins__, '__import__')
            try:
                try:
                    import sys
                except NameError as err:
                    assert str(err) == "type object 'dict' has no attribute '__setitem__'"
            finally:
                __builtins__['__import__'] = import_func
    ''')

    unsafe_code = code + unindent('''
        try:
            del_builtin_import()
        except AttributeError as err:
            assert str(err) == "type object 'dict' has no attribute '__delitem__'"
        except SandboxError as err:
            assert str(err) == "Read only object"
        else:
            assert False
    ''')

    config = createSandboxConfig()
    config.allowModule('sys')
    Sandbox(config).execute(unsafe_code)
Beispiel #4
0
def test_builtins_init():
    import warnings

    code = unindent('''
        def check_init():
            __builtins__.__init__({})

        def check_dict_init():
            try:
                dict.__init__(__builtins__, {})
            except ImportError as err:
                assert str(err) == 'Import "_warnings" blocked by the sandbox'
            except DeprecationWarning as err:
                assert str(err) == 'object.__init__() takes no parameters'
            else:
                assert False
    ''')

    unsafe_code = code + unindent('''
        check_init()
    ''')

    try:
        createSandbox().execute(unsafe_code)
    except SandboxError as err:
        assert str(err) == "Read only object", str(err)
    else:
        assert False
Beispiel #5
0
def test_builtins_setitem():
    code = unindent('''
        def builtins_superglobal():
            if isinstance(__builtins__, dict):
                __builtins__['SUPERGLOBAL'] = 42
                assert SUPERGLOBAL == 42
                del __builtins__['SUPERGLOBAL']
            else:
                __builtins__.SUPERGLOBAL = 42
                assert SUPERGLOBAL == 42
                del __builtins__.SUPERGLOBAL
    ''')

    unsafe_code = code + unindent('''
        try:
            builtins_superglobal()
        except SandboxError as err:
            assert str(err) == "Read only object"
        else:
            assert False
    ''')
    createSandbox().execute(unsafe_code)

    safe_code = code + unindent('''
        builtins_superglobal()
    ''')
    execute_code(safe_code)
Beispiel #6
0
def test_builtins_init():
    import warnings

    code = unindent('''
        def check_init():
            __builtins__.__init__({})

        def check_dict_init():
            try:
                dict.__init__(__builtins__, {})
            except ImportError, err:
                assert str(err) == 'Import "_warnings" blocked by the sandbox'
            except DeprecationWarning, err:
                assert str(err) == 'object.__init__() takes no parameters'
            else:
                assert False
    ''')

    unsafe_code = code + unindent('''
        check_init()
    ''')

    try:
        createSandbox().execute(unsafe_code)
    except SandboxError, err:
        assert str(err) == "Read only object", str(err)
Beispiel #7
0
def test_builtins_setitem():
    code = unindent('''
        def builtins_superglobal():
            if isinstance(__builtins__, dict):
                __builtins__['SUPERGLOBAL'] = 42
                assert SUPERGLOBAL == 42
                del __builtins__['SUPERGLOBAL']
            else:
                __builtins__.SUPERGLOBAL = 42
                assert SUPERGLOBAL == 42
                del __builtins__.SUPERGLOBAL
    ''')

    unsafe_code = code + unindent('''
        try:
            builtins_superglobal()
        except SandboxError, err:
            assert str(err) == "Read only object"
        else:
            assert False
    ''')
    createSandbox().execute(unsafe_code)

    safe_code = code + unindent('''
        builtins_superglobal()
    ''')
    execute_code(safe_code)
Beispiel #8
0
def test_del_builtin():
    code = unindent('''
        def del_builtin_import():
            import_func = __builtins__['__import__']
            dict.__delitem__(__builtins__, '__import__')
            try:
                try:
                    import sys
                except NameError, err:
                    assert str(err) == "type object 'dict' has no attribute '__setitem__'"
            finally:
                __builtins__['__import__'] = import_func
    ''')

    unsafe_code = code + unindent('''
        try:
            del_builtin_import()
        except AttributeError, err:
            assert str(err) == "type object 'dict' has no attribute '__delitem__'"
        except SandboxError, err:
            assert str(err) == "Read only object"
        else:
            assert False
    ''')

    config = createSandboxConfig()
    config.allowModule('sys')
    Sandbox(config).execute(unsafe_code)
Beispiel #9
0
def test_modify_builtins_dict():
    code = unindent('''
        def builtins_dict_superglobal():
            __builtins__['SUPERGLOBAL'] = 42
            assert SUPERGLOBAL == 42
            del __builtins__['SUPERGLOBAL']
    ''')

    unsafe_code = code + unindent('''
        try:
            builtins_dict_superglobal()
        except AttributeError as err:
            assert str(err) == "type object 'dict' has no attribute '__setitem__'"
        else:
            assert False
    ''')
    try:
        createSandbox().execute(unsafe_code)
    except SandboxError as err:
        assert str(err) == "Read only object"
Beispiel #10
0
def test_modify_builtins_dict():
    code = unindent('''
        def builtins_dict_superglobal():
            __builtins__['SUPERGLOBAL'] = 42
            assert SUPERGLOBAL == 42
            del __builtins__['SUPERGLOBAL']
    ''')

    unsafe_code = code + unindent('''
        try:
            builtins_dict_superglobal()
        except AttributeError, err:
            assert str(err) == "type object 'dict' has no attribute '__setitem__'"
        else:
            assert False
    ''')
    try:
        createSandbox().execute(unsafe_code)
    except SandboxError, err:
        assert str(err) == "Read only object"
Beispiel #11
0
def test_call_exec_builtins():
    code = unindent('''
        result = []
        exec "result.append(type(__builtins__))" in {'result': result}
        builtin_type = result[0]
        assert builtin_type != dict
    ''')
    config = createSandboxConfig()
    if HAVE_PYPY:
        # FIXME: is it really needed?
        config._builtins_whitelist.add('compile')
    Sandbox(config).execute(code)
Beispiel #12
0
def test_call_exec_builtins():
    code = unindent('''
        result = []
        exec "result.append(type(__builtins__))" in {'result': result}
        builtin_type = result[0]
        assert builtin_type != dict
    ''')
    config = createSandboxConfig()
    if HAVE_PYPY:
        # FIXME: is it really needed?
        config._builtins_whitelist.add('compile')
    Sandbox(config).execute(code)
Beispiel #13
0
def test_closure():
    code = unindent('''
        def read_closure_secret():
            def createClosure(secret):
                def closure():
                    return secret
                return closure
            func = createClosure(42)
            try:
                cell = func.func_closure[0]
            except AttributeError:
                # Python 2.6+
                cell = func.__closure__[0]
            # Does Python < 2.5 have the cell_contents attribute?  See this recipe,
            # get_cell_value(), for version without the attribute:
            # http://code.activestate.com/recipes/439096/
            secret = cell.cell_contents
            assert secret == 42
    ''')

    # Begin by a test outside the sandbox to fill the type cache
    unsafe_code = code + unindent('''
        try:
            read_closure_secret()
        except AttributeError, err:
            assert str(err) == "'function' object has no attribute '__closure__'"
        else:
            assert False, "func_closure is present"
    ''')
    createSandbox().execute(unsafe_code)

    # Repeat the test to ensure that the attribute cache is cleared correctly
    safe_code = code + unindent('''
        read_closure_secret()
    ''')
    execute_code(safe_code)
Beispiel #14
0
def test_func_defaults():
    from sys import version_info
    if version_info < (2, 6):
        raise SkipTest("tests disabled on Python < 2.6")

    unsafe_code = unindent('''
        try:
            open.__defaults__
        except AttributeError, err:
            assert str(err) in (
                # open is safe_open()
                "'function' object has no attribute '__defaults__'",
                # builtin open() in restricted mode
                "'builtin_function_or_method' object has no attribute '__defaults__'",
            )
        else:
            assert False
    ''')

    if version_info < (3, 0):
        unsafe_code += unindent('''
            try:
                open.func_defaults
            except AttributeError, err:
                assert str(err) in (
                    # open is safe_open()
                    "'function' object has no attribute 'func_defaults'",
                    # builtin open() in restricted mode
                    "'builtin_function_or_method' object has no attribute 'func_defaults'",
                )
            else:
                assert False
        ''')

    sandbox = createSandbox()
    sandbox.execute(unsafe_code)