def testXPathSecurity(self):
'''
test that we can't access insecure 4Suite extension functions
after importing raccoon
'''
from rx import RxPath
from Ft.Xml import XPath
node = None
context = XPath.Context.Context(node,
processorNss=raccoon.DefaultNsMap)
from Ft.Xml.XPath import BuiltInExtFunctions
#print BuiltInExtFunctions.ExtFunctions[(XPath.FT_EXT_NAMESPACE, 'env-var')]
try:
RxPath.evalXPath('xf:env-var("foo")', context)
except (XPath.RuntimeException), e:
pass
def If(context, cond, v1, v2=None):
"""
just like Ft.Xml.XPath.BuiltInExtFunctions.If
but the then and else parameters are strings that evaluated dynamically
thus supporting the short circuit logic you expect from if expressions
"""
from Ft.Xml.XPath import Conversions
from rx import raccoon
queryCache = getattr(context.node.ownerDocument, 'queryCache', None)
expCache = raccoon.RequestProcessor.expCache
if Conversions.BooleanValue(cond):
xpath = Conversions.StringValue(v1)
return RxPath.evalXPath(xpath, context, expCache, queryCache)
elif v2 is None:
return []
else:
xpath = Conversions.StringValue(v2)
return RxPath.evalXPath(xpath, context, expCache, queryCache)
def eval(l, node):
mapContext.node = node
mapContext.position += 1
mapContext.varBindings[(RXWIKI_XPATH_EXT_NS, 'current')] = node
result = RxPath.evalXPath(xpath, mapContext, expCache, queryCache)
if type(result) != type([]):
if not isinstance(result, unicode):
result = unicode(str(result), 'utf8')
result = String2NodeSet(mapContext, result)
l.extend(result)
return l
def evalXPath(self, xpath, context, expCache=None, queryCache=None):
self.log.debug(xpath)
return RxPath.evalXPath(xpath, context, expCache, queryCache)