def test_should_be_tainted(self):
from AccessControl.tainted import should_be_tainted
self.assertFalse(should_be_tainted('string'))
self.assertTrue(should_be_tainted('<string'))
self.assertFalse(should_be_tainted(b'string'))
self.assertTrue(should_be_tainted(b'<string'))
self.assertFalse(should_be_tainted(b'string'[0]))
self.assertTrue(should_be_tainted(b'<string'[0]))
def test_should_be_tainted(self):
from AccessControl.tainted import should_be_tainted
self.assertFalse(should_be_tainted('string'))
self.assertTrue(should_be_tainted('<string'))
self.assertFalse(should_be_tainted(b'string'))
self.assertTrue(should_be_tainted(b'<string'))
self.assertFalse(should_be_tainted(b'string'[0]))
self.assertTrue(should_be_tainted(b'<string'[0]))
def _valueIsOrHoldsTainted(self, val):
# Recursively searches a structure for a TaintedString and returns 1
# when one is found.
# Also raises an Assertion if a string which *should* have been
# tainted is found, or when a tainted string is not deemed dangerous.
from ZPublisher.HTTPRequest import record
from AccessControl.tainted import TaintedString
retval = 0
if isinstance(val, TaintedString):
self.assertTrue(
should_be_tainted(val._value),
"%r is not dangerous, no taint required." % val)
retval = 1
elif isinstance(val, record):
for attr, value in list(val.__dict__.items()):
rval = self._valueIsOrHoldsTainted(attr)
if rval:
retval = 1
rval = self._valueIsOrHoldsTainted(value)
if rval:
retval = 1
elif type(val) in (list, tuple):
for entry in val:
rval = self._valueIsOrHoldsTainted(entry)
if rval:
retval = 1
elif type(val) in (str, unicode):
self.assertFalse(
should_be_tainted(val),
"'%s' is dangerous and should have been tainted." % val)
return retval
def _valueIsOrHoldsTainted(self, val):
# Recursively searches a structure for a TaintedString and returns 1
# when one is found.
# Also raises an Assertion if a string which *should* have been
# tainted is found, or when a tainted string is not deemed dangerous.
from ZPublisher.HTTPRequest import record
from AccessControl.tainted import TaintedString
retval = 0
if isinstance(val, TaintedString):
self.assertTrue(
should_be_tainted(val._value),
"%r is not dangerous, no taint required." % val)
retval = 1
elif isinstance(val, record):
for attr, value in list(val.__dict__.items()):
rval = self._valueIsOrHoldsTainted(attr)
if rval:
retval = 1
rval = self._valueIsOrHoldsTainted(value)
if rval:
retval = 1
elif type(val) in (list, tuple):
for entry in val:
rval = self._valueIsOrHoldsTainted(entry)
if rval:
retval = 1
elif type(val) in (str, unicode):
self.assertFalse(
should_be_tainted(val),
"'%s' is dangerous and should have been tainted." % val)
return retval