Ejemplo n.º 1
0
class SSITests(SimpleTestCase):
    def setUp(self):
        self.this_dir = os.path.dirname(os.path.abspath(upath(__file__)))
        self.ssi_dir = os.path.join(self.this_dir, "templates", "first")
        self.engine = Engine(allowed_include_roots=(self.ssi_dir,))

    def render_ssi(self, path):
        # the path must exist for the test to be reliable
        self.assertTrue(os.path.exists(path))
        return self.engine.from_string('{%% ssi "%s" %%}' % path).render(Context({}))

    def test_allowed_paths(self):
        acceptable_path = os.path.join(self.ssi_dir, "..", "first", "test.html")
        self.assertEqual(self.render_ssi(acceptable_path), 'First template\n')

    def test_relative_include_exploit(self):
        """
        May not bypass allowed_include_roots with relative paths

        e.g. if allowed_include_roots = ("/var/www",), it should not be
        possible to do {% ssi "/var/www/../../etc/passwd" %}
        """
        disallowed_paths = [
            os.path.join(self.ssi_dir, "..", "ssi_include.html"),
            os.path.join(self.ssi_dir, "..", "second", "test.html"),
        ]
        for disallowed_path in disallowed_paths:
            self.assertEqual(self.render_ssi(disallowed_path), '')
Ejemplo n.º 2
0
class DjangoTemplates(BaseEngine):

    app_dirname = 'templates'

    def __init__(self, params):
        params = params.copy()
        options = params.pop('OPTIONS').copy()
        options.setdefault('autoescape', True)
        options.setdefault('debug', settings.DEBUG)
        options.setdefault('file_charset', settings.FILE_CHARSET)
        libraries = options.get('libraries', {})
        options['libraries'] = self.get_templatetag_libraries(libraries)
        super().__init__(params)
        self.engine = Engine(self.dirs, self.app_dirs, **options)

    def from_string(self, template_code):
        return Template(self.engine.from_string(template_code), self)

    def get_template(self, template_name):
        try:
            return Template(self.engine.get_template(template_name), self)
        except TemplateDoesNotExist as exc:
            reraise(exc, self)

    def get_templatetag_libraries(self, custom_libraries):
        """
        Return a collation of template tag libraries from installed
        applications and the supplied custom_libraries argument.
        """
        libraries = get_installed_libraries()
        libraries.update(custom_libraries)
        return libraries
Ejemplo n.º 3
0
 def test_polygons_templates(self):
     # Accessing Polygon attributes in templates should work.
     engine = Engine()
     template = engine.from_string('{{ polygons.0.wkt }}')
     polygons = [fromstr(p.wkt) for p in self.geometries.multipolygons[:2]]
     content = template.render(Context({'polygons': polygons}))
     self.assertIn('MULTIPOLYGON (((100', content)
Ejemplo n.º 4
0
class DjangoTemplates(BaseEngine):

    app_dirname = 'templates'

    def __init__(self, params):
        params = params.copy()
        options = params.pop('OPTIONS').copy()
        options.setdefault('autoescape', True)
        options.setdefault('debug', settings.DEBUG)
        options.setdefault('file_charset', settings.FILE_CHARSET)
        libraries = options.get('libraries', {})
        options['libraries'] = self.get_templatetag_libraries(libraries)
        super(DjangoTemplates, self).__init__(params)
        self.engine = Engine(self.dirs, self.app_dirs, **options)

    def from_string(self, template_code):
        return Template(self.engine.from_string(template_code), self)

    def get_template(self, template_name):
        try:
            return Template(self.engine.get_template(template_name), self)
        except TemplateDoesNotExist as exc:
            reraise(exc, self)

    def get_templatetag_libraries(self, custom_libraries):
        """
        Return a collation of template tag libraries from installed
        applications and the supplied custom_libraries argument.
        """
        libraries = get_installed_libraries()
        libraries.update(custom_libraries)
        return libraries
Ejemplo n.º 5
0
class PostOfficeTemplates(BaseEngine):
    """
    Customized Template Engine which keeps track on referenced images and stores them as attachments
    to be used in multipart email messages.
    """
    app_dirname = 'templates'

    def __init__(self, params):
        params = params.copy()
        options = params.pop('OPTIONS').copy()
        options.setdefault('autoescape', True)
        options.setdefault('debug', settings.DEBUG)
        options.setdefault('file_charset', settings.FILE_CHARSET)
        libraries = options.get('libraries', {})
        options['libraries'] = self.get_templatetag_libraries(libraries)
        super(PostOfficeTemplates, self).__init__(params)
        self.engine = Engine(self.dirs, self.app_dirs, **options)

    def from_string(self, template_code):
        return Template(self.engine.from_string(template_code), self)

    def get_template(self, template_name):
        try:
            template = self.engine.get_template(template_name)
            return Template(template, self)
        except TemplateDoesNotExist as exc:
            reraise(exc, self)

    def get_templatetag_libraries(self, custom_libraries):
        libraries = get_installed_libraries()
        libraries.update(custom_libraries)
        return libraries
Ejemplo n.º 6
0
 def test_polygons_templates(self):
     # Accessing Polygon attributes in templates should work.
     engine = Engine()
     template = engine.from_string('{{ polygons.0.wkt }}')
     polygons = [fromstr(p.wkt) for p in self.geometries.multipolygons[:2]]
     content = template.render(Context({'polygons': polygons}))
     self.assertIn('MULTIPOLYGON (((100', content)
Ejemplo n.º 7
0
class SSITests(SimpleTestCase):
    def setUp(self):
        self.this_dir = os.path.dirname(os.path.abspath(upath(__file__)))
        self.ssi_dir = os.path.join(self.this_dir, "templates", "first")
        self.engine = Engine(allowed_include_roots=(self.ssi_dir, ))

    def render_ssi(self, path):
        # the path must exist for the test to be reliable
        self.assertTrue(os.path.exists(path))
        return self.engine.from_string('{%% ssi "%s" %%}' % path).render(
            Context({}))

    def test_allowed_paths(self):
        acceptable_path = os.path.join(self.ssi_dir, "..", "first",
                                       "test.html")
        self.assertEqual(self.render_ssi(acceptable_path), 'First template\n')

    def test_relative_include_exploit(self):
        """
        May not bypass allowed_include_roots with relative paths

        e.g. if allowed_include_roots = ("/var/www",), it should not be
        possible to do {% ssi "/var/www/../../etc/passwd" %}
        """
        disallowed_paths = [
            os.path.join(self.ssi_dir, "..", "ssi_include.html"),
            os.path.join(self.ssi_dir, "..", "second", "test.html"),
        ]
        for disallowed_path in disallowed_paths:
            self.assertEqual(self.render_ssi(disallowed_path), '')
Ejemplo n.º 8
0
class PostOfficeTemplates(BaseEngine):
    """
    Customized Template Engine which keeps track on referenced images and stores them as attachments
    to be used in multipart email messages.
    """
    app_dirname = 'templates'

    def __init__(self, params):
        params = params.copy()
        options = params.pop('OPTIONS').copy()
        options.setdefault('autoescape', True)
        options.setdefault('debug', settings.DEBUG)
        options.setdefault('file_charset', settings.FILE_CHARSET)
        libraries = options.get('libraries', {})
        options['libraries'] = self.get_templatetag_libraries(libraries)
        super(PostOfficeTemplates, self).__init__(params)
        self.engine = Engine(self.dirs, self.app_dirs, **options)

    def from_string(self, template_code):
        return Template(self.engine.from_string(template_code), self)

    def get_template(self, template_name):
        try:
            template = self.engine.get_template(template_name)
            return Template(template, self)
        except TemplateDoesNotExist as exc:
            reraise(exc, self)

    def get_templatetag_libraries(self, custom_libraries):
        libraries = get_installed_libraries()
        libraries.update(custom_libraries)
        return libraries
Ejemplo n.º 9
0
 def test_polygons_templates(self):
     # Accessing Polygon attributes in templates should work.
     engine = Engine()
     template = engine.from_string("{{ polygons.0.wkt }}")
     polygons = [
         OGRGeometry(p.wkt) for p in self.geometries.multipolygons[:2]
     ]
     content = template.render(Context({"polygons": polygons}))
     self.assertIn("MULTIPOLYGON (((100", content)
Ejemplo n.º 10
0
class DjangoTemplates(BaseEngine):

    app_dirname = 'templates'

    def __init__(self, params):
        params = params.copy()
        options = params.pop('OPTIONS').copy()
        options.setdefault('autoescape', True)
        options.setdefault('debug', settings.DEBUG)
        options.setdefault('file_charset', 'utf-8')
        libraries = options.get('libraries', {})
        # 下面这个值是字典对象
        # {'cache': 'django.templatetags.cache', 
        #  'i18n': 'django.templatetags.i18n', 
        #  'l10n': 'django.templatetags.l10n', 
        #  'static': 'django.templatetags.static', 
        #  'tz': 'django.templatetags.tz', 
        #  'admin_list': 'django.contrib.admin.templatetags.admin_list', 
        #  'admin_modify': 'django.contrib.admin.templatetags.admin_modify', 
        #  'admin_urls': 'django.contrib.admin.templatetags.admin_urls', 
        #  'log': 'django.contrib.admin.templatetags.log'
        # }
        options['libraries'] = self.get_templatetag_libraries(libraries)
        super().__init__(params)
        self.engine = Engine(self.dirs, self.app_dirs, **options)

    def from_string(self, template_code):
        return Template(self.engine.from_string(template_code), self)

    def get_template(self, template_name):
        # self 是「模板引擎对象」
        try:
            # self.engine 是 django.template.engine.Engine 类的实例,叫做「引擎对象」
            # self.engine.get_template 的返回值是「模板对象」,django.template.base.Template 类的实例
            # 下面这个 Template 是定义在当前模块中的类,该类的实例被称为「最终模板对象」
            return Template(self.engine.get_template(template_name), self)
        except TemplateDoesNotExist as exc:
            reraise(exc, self)

    def get_templatetag_libraries(self, custom_libraries):
        """
        Return a collation of template tag libraries from installed
        applications and the supplied custom_libraries argument.
        """
        libraries = get_installed_libraries()
        libraries.update(custom_libraries)
        return libraries
Ejemplo n.º 11
0
class DjangoTemplates(BaseEngine):

    app_dirname = 'templates'

    def __init__(self, params):
        params = params.copy()
        options = params.pop('OPTIONS').copy()
        options.setdefault('debug', settings.TEMPLATE_DEBUG)
        options.setdefault('file_charset', settings.FILE_CHARSET)
        super(DjangoTemplates, self).__init__(params)
        self.engine = Engine(self.dirs, self.app_dirs, **options)

    def from_string(self, template_code):
        return Template(self.engine.from_string(template_code))

    def get_template(self, template_name, dirs=_dirs_undefined):
        return Template(self.engine.get_template(template_name, dirs))
Ejemplo n.º 12
0
class DjangoTemplates(BaseEngine):

    app_dirname = 'templates'

    def __init__(self, params):
        params = params.copy()
        options = params.pop('OPTIONS').copy()
        options.setdefault('debug', settings.DEBUG)
        options.setdefault('file_charset', settings.FILE_CHARSET)
        super(DjangoTemplates, self).__init__(params)
        self.engine = Engine(self.dirs, self.app_dirs, **options)

    def from_string(self, template_code):
        return Template(self.engine.from_string(template_code))

    def get_template(self, template_name, dirs=_dirs_undefined):
        return Template(self.engine.get_template(template_name, dirs))
Ejemplo n.º 13
0
class TornadoTemplate(BaseEngine):

    app_dirname = 'tornado'

    def __init__(self, params):
        params = params.copy()
        options = params.pop('OPTIONS').copy()
        options.setdefault('debug', settings.DEBUG)
        options.setdefault('file_charset', settings.FILE_CHARSET)
        super(TornadoTemplate, self).__init__(params)
        self.engine = Engine(self.dirs, self.app_dirs, **options)

    def from_string(self, template_code):
        return Template(self.engine.from_string(template_code))

    def get_template(self, template_name, dirs=_dirs_undefined):
        return Template(self.engine.get_template(template_name, dirs))

        self.env = environment_cls(**options)
Ejemplo n.º 14
0
"""Library responsible for putting relevant data on the page, where it's needed"""

from django.template import Context
from django.utils.safestring import mark_safe
from django.template.engine import Engine
from django.conf import settings

import consts
import config

settings.configure()

ENGINE = Engine(dirs=["."])

TEMPLATE = open(consts.TEMPLATE_PATH, 'r').read()
HTML_TEMPLATE = ENGINE.from_string(TEMPLATE)


def make_field(pole):
    """ - """
    return '<td>' + str(pole) + '</td>'


def make_link(path, title):
    """ - """
    return '<li><a href="' + path + '/index.html">' + str(title) + '</a></li>'


def make_proc(num):
    """ - """
    return str(100 * num)[:config.PROC_PRECISION] + ' %'
Ejemplo n.º 15
0
# Since this package contains a "django" module, this is required on Python 2.