Exemple #1
0
 def test_emulate_execute(self):
     self.test_targets.append(error.emulate_execute)
     
     # This allows us to monkey-patch the append function
     class MagicList(list): pass
     
     # In theory all queries to be appended will now go though this function
     queries = MagicList()
     queries.append = error.emulate_execute(queries.append)
     
     # SELECT is allowed
     queries.append("SELECT * FROM users")
     self.assertEqual(len(queries), 1)
     
     # INSERT is not allowed
     queries.append("INSERT INTO users (username) VALUES ('new_username');")
     self.assertEqual(len(queries), 1)
     
     # UPDATE is not allowed
     queries.append("UPDATE users SET username = '******' WHERE id = 1;")
     self.assertEqual(len(queries), 1)
     
     # DELETE is most certainly now allowed
     queries.append("DELETE FROM users;")
     self.assertEqual(len(queries), 1)
Exemple #2
0
def main(cursor, emulate_mode="", user_id=-1, mask_cursor=True):
    user_id      = int(common_f.get_val("user_id", user_id))
    emulate_mode = common_f.get_val("emulate_mode", emulate_mode)
    mask_cursor  = bool(common_f.get_val("mask_cursor", mask_cursor))
    
    if user_id < 1 and emulate_mode == "":
        return show_form(cursor)
    
    if user_id < 1:
        return "No user selected"
    
    if emulate_mode == "":
        return "No mode to emulate"
    
    # Allows us to test the traceback display
    force_error = bool(common_f.get_val("force_error", False))
    if force_error:
        return force_error_func()
    
    # Set ourselves to fake the user that saw the bug
    real_user = common_f.cache['user']
    the_user = common_q.get_one(cursor, user.User, id=user_id)
    common_f.cache['user'] = the_user
    
    output = []
    
    # The two new lines are for our regex
    # the_error.args += "\n\n"
    # re_results = re.findall(r"([a-zA-Z_]*?) = (.*?\n\n)", the_error.args)
    
    # Now build the CGI form
    # cgi_fields = [(k, v.strip()) for k,v in re_results]
    # gui_test_utils.new_cgi_form(cgi_fields)
    
    # Alter the require function to suit our emulation needs
    user.require = error.emulate_require
    
    # Also stop our cursor from altering the database
    if mask_cursor:
        cursor.execute = error.emulate_execute(cursor.execute)
    
    # Lets try importing the page
    try:
        the_page = web.import_page(emulate_mode, handle_exception=False)
    except Exception:
        return "&nbsp;&nbsp; Unable to import page" + error.html_render(headers=False)
    
    # Some variables for displaying stuff
    output.append("""
    <div style="padding:10px;">
        <strong>Emulating:</strong> <a href="?mode=edit_user&amp;user={user_id}">{user}</a>
        &nbsp;&nbsp;&nbsp;
        
        <strong>Mode:</strong> {mode}
        &nbsp;&nbsp;&nbsp;
        
        <a style="float:right;" href="web.py">Your dashboard</a>
    </div>
    <hr>
    <div style='padding:10px;'>
        <span class="stitle">Page output</span><br /><br />
    """.format(
        user = the_user.username,
        user_id = the_user.id,
        mode = emulate_mode,
    ))
    
    # Good good, now lets try executing it
    try:
        page_output = the_page.main(cursor)
    except Exception:
        output.append(error.html_render(headers=False))
    else:
        output.append(page_output)
    finally:
        output.append("</div>")
    
    # Reset the real user
    # common_f.cache['user'] = real_user
    
    return "".join(output)