Python SandboxedEnvironment Examples

Programming Language: Python

Namespace/Package Name: ambari_jinja2.sandbox

Examples at hotexamples.com: 6

Python SandboxedEnvironment - 6 examples found. These are the top rated real world Python examples of ambari_jinja2.sandbox.SandboxedEnvironment extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

SandboxedEnvironment(4)

from_string(2)

Example #1

Show file

File: security.py Project: fanzhidongyzby/ambari

    def test_unsafe(self):
        env = SandboxedEnvironment()
        self.assert_raises(SecurityError, env.from_string("{{ foo.foo() }}").render, foo=PrivateStuff())
        self.assert_equal(env.from_string("{{ foo.bar() }}").render(foo=PrivateStuff()), "23")

        self.assert_raises(SecurityError, env.from_string("{{ foo._foo() }}").render, foo=PublicStuff())
        self.assert_equal(env.from_string("{{ foo.bar() }}").render(foo=PublicStuff()), "23")
        self.assert_equal(env.from_string("{{ foo.__class__ }}").render(foo=42), "")
        self.assert_equal(env.from_string("{{ foo.func_code }}").render(foo=lambda: None), "")
        self.assert_raises(SecurityError, env.from_string("{{ foo.__class__.__subclasses__() }}").render, foo=42)

Example #2

Show file

    def test_item_and_attribute(self):
        from ambari_jinja2.sandbox import SandboxedEnvironment

        for env in Environment(), SandboxedEnvironment():
            # the |list is necessary for python3
            tmpl = env.from_string('{{ foo.items()|list }}')
            assert tmpl.render(foo={'items': 42}) == "[('items', 42)]"
            tmpl = env.from_string('{{ foo|attr("items")()|list }}')
            assert tmpl.render(foo={'items': 42}) == "[('items', 42)]"
            tmpl = env.from_string('{{ foo["items"] }}')
            assert tmpl.render(foo={'items': 42}) == '42'

Example #3

Show file

    def test_unsafe(self):
        env = SandboxedEnvironment()
        self.assert_raises(SecurityError,
                           env.from_string("{{ foo.foo() }}").render,
                           foo=PrivateStuff())
        self.assert_equal(
            env.from_string("{{ foo.bar() }}").render(foo=PrivateStuff()),
            '23')

        self.assert_raises(SecurityError,
                           env.from_string("{{ foo._foo() }}").render,
                           foo=PublicStuff())
        self.assert_equal(
            env.from_string("{{ foo.bar() }}").render(foo=PublicStuff()), '23')
        self.assert_equal(
            env.from_string("{{ foo.__class__ }}").render(foo=42), '')
        self.assert_equal(
            env.from_string("{{ foo.func_code }}").render(foo=lambda: None),
            '')
        self.assert_raises(
            SecurityError,
            env.from_string("{{ foo.__class__.__subclasses__() }}").render,
            foo=42)

Example #4

Show file

File: security.py Project: fanzhidongyzby/ambari

 def test_attr_filter(self):
     env = SandboxedEnvironment()
     tmpl = env.from_string('{{ 42|attr("__class__")|attr("__subclasses__")() }}')
     self.assert_raises(SecurityError, tmpl.render)

Example #5

Show file

 def test_restricted(self):
     env = SandboxedEnvironment()
     self.assert_raises(TemplateSyntaxError, env.from_string,
                        "{% for item.attribute in seq %}...{% endfor %}")
     self.assert_raises(TemplateSyntaxError, env.from_string,
                        "{% for foo, bar.baz in seq %}...{% endfor %}")

Example #6

Show file

 def test_attr_filter(self):
     env = SandboxedEnvironment()
     tmpl = env.from_string(
         '{{ 42|attr("__class__")|attr("__subclasses__")() }}')
     self.assert_raises(SecurityError, tmpl.render)