def test_view_in_whitelisted_app(self): """Checks that a view from an app considered safe is considered safe itself""" rules = { 'failclose': [] } self.assertTrue(utils.is_safe(self.view, rules=rules))
def test_view_in_rules(self): """Checks that a view marked as safe in rules is confirmed safe""" rules = { 'failclose': ['ugly'] } self.assertTrue(utils.is_safe(self.view, rules=rules))
def process_view(self, request, view_func, view_args, view_kwargs): # if the view is marked as safe, we execute it if is_safe(view_func): return view_func(request, *view_args, **view_kwargs) if settings.FORBIDDEN_URL: return redirect(settings.FORBIDDEN_URL) else: return HttpResponseForbidden()
def test_view_namespaces(self): """Verifies that app namespaces are followed when checking view safety in rules""" # setting up the project used to check the view self.old_project_name = getattr(settings, 'PROJECT_NAME', None) settings.PROJECT_NAME = 'foobar' rules = { 'foobar': ['ugly'], } self.assertFalse(utils.is_safe(self.view, rules=rules)) # rolling back the settings if self.old_project_name is not None: settings.PROJECT_NAME = self.old_project_name
def test_decorated_view(self): """Checks that a decorated view is marked as safe""" self.decorated_view = utils.safe(self.view) self.assertTrue(utils.is_safe(self.decorated_view, rules={}))
def test_unsafe_view(self): """Checks that an unsafe view is marked as such""" self.assertFalse(utils.is_safe(self.view, rules={}))