def test_load_config_invalid(tmpdir): """Verifies if safe load avoid the execution of untrusted code inside yaml files""" critical_dir = os.path.join(tmpdir, 'critical') yaml_file = os.path.join(tmpdir, 'tricks_file.yaml') with open(yaml_file, 'w') as f: content = ('one: value\n' 'run: !!python/object/apply:os.system ["mkdir {}"]\n' ).format(critical_dir) f.write(content) with pytest.raises(yaml.constructor.ConstructorError): watchmedo.load_config(yaml_file) assert not os.path.exists(critical_dir)
def main(argv=None): parser = argparse.ArgumentParser() parser.add_argument( "-c", "--config", default="tricks.yaml", help="Path to tricks config", ) parser.add_argument("filenames", nargs="*", help="Filenames to compile") args = parser.parse_args(argv) conf = watchmedo.load_config(args.config) options = list(filter(lambda x: x.get(PLANTUML_REF), conf.get(TRICKS_REF))) retv = 0 if not options: raise ValueError( "Improper --config provided. Did you define '{}' settings?" - format(PLANTUML_REF), ) for opts in options: trick = PlantumlTrick(**opts.get(PLANTUML_REF)) for filename in args.filenames: trick.compile(filename) return retv
def test_load_config_invalid(tmpdir): """Verifies if safe load avoid the execution of untrusted code inside yaml files""" critical_dir = os.path.join(tmpdir, 'critical') yaml_file = os.path.join(tmpdir, 'tricks_file.yaml') with open(yaml_file, 'w') as f: content = ('one: value\n' 'run: !!python/object/apply:os.system ["mkdir {}"]\n' ).format(critical_dir) f.write(content) # PyYAML get_single_data() raises different exceptions for Linux and Windows with pytest.raises((ConstructorError, ScannerError)): watchmedo.load_config(yaml_file) assert not os.path.exists(critical_dir)
def test_load_config_invalid(tmpdir): """Verifies if safe load avoid the execution of untrusted code inside yaml files""" critical_dir = os.path.join(tmpdir, 'critical') yaml_file = os.path.join(tmpdir, 'tricks_file.yaml') with open(yaml_file, 'w') as f: content = ( 'one: value\n' 'run: !!python/object/apply:os.system ["mkdir {}"]\n' ).format(critical_dir) f.write(content) # PyYAML get_single_data() raises different exceptions for Linux and Windows with pytest.raises((ConstructorError, ScannerError)): watchmedo.load_config(yaml_file) assert not os.path.exists(critical_dir)
def test_load_config_valid(tmpdir): """Verifies the load of a valid yaml file""" yaml_file = os.path.join(tmpdir, 'config_file.yaml') with open(yaml_file, 'w') as f: f.write('one: value\ntwo:\n- value1\n- value2\n') config = watchmedo.load_config(yaml_file) assert isinstance(config, dict) assert 'one' in config assert 'two' in config assert isinstance(config['two'], list) assert config['one'] == 'value' assert config['two'] == ['value1', 'value2']