Exemplo n.º 1
0
 def test_typeSecurity(self):
     """
     Test for type-level security of serialization.
     """
     taster = jelly.SecurityOptions()
     dct = jelly.jelly({})
     self.assertRaises(jelly.InsecureJelly, jelly.unjelly, dct, taster)
Exemplo n.º 2
0
 def testClassSecurity(self):
     """
     test for class-level security of serialization
     """
     taster = jelly.SecurityOptions()
     taster.allowInstancesOf(A, B)
     a = A()
     b = B()
     c = C()
     # add a little complexity to the data
     a.b = b
     a.c = c
     # and a backreference
     a.x = b
     b.c = c
     # first, a friendly insecure serialization
     friendly = jelly.jelly(a, taster)
     x = jelly.unjelly(friendly, taster)
     assert isinstance(
         x.c, jelly.Unpersistable), "C came back: %s" % x.c.__class__
     # now, a malicious one
     mean = jelly.jelly(a)
     try:
         x = jelly.unjelly(mean, taster)
         assert 0, "x came back: %s" % x
     except jelly.InsecureJelly:
         # OK
         pass
     assert x.x is x.b, "Identity mismatch"
Exemplo n.º 3
0
 def test_classSecurity(self):
     """
     Test for class-level security of serialization.
     """
     taster = jelly.SecurityOptions()
     taster.allowInstancesOf(A, B)
     a = A()
     b = B()
     c = C()
     # add a little complexity to the data
     a.b = b
     a.c = c
     # and a backreference
     a.x = b
     b.c = c
     # first, a friendly insecure serialization
     friendly = jelly.jelly(a, taster)
     x = jelly.unjelly(friendly, taster)
     self.assertIsInstance(x.c, jelly.Unpersistable)
     # now, a malicious one
     mean = jelly.jelly(a)
     self.assertRaises(jelly.InsecureJelly, jelly.unjelly, mean, taster)
     self.assertIs(x.x, x.b, "Identity mismatch")
     # test class serialization
     friendly = jelly.jelly(A, taster)
     x = jelly.unjelly(friendly, taster)
     self.assertIs(x, A, "A came back: %s" % x)
Exemplo n.º 4
0
class ProtocolMixin:
    """
    """
    security = jelly.SecurityOptions()
    security.allowTypes('list')
    
    commands = ('login', 'get', 'set',
                'items', 'flavors', 'updates', 'sql')
Exemplo n.º 5
0
 def test_serverSecurityCustomization(self):
     """
     Check that the security settings are passed from the server factory to
     the broker object.
     """
     security = jelly.SecurityOptions()
     factory = pb.PBServerFactory(Echoer(), security=security)
     broker = factory.buildProtocol(None)
     self.assertIdentical(broker.security, security)
Exemplo n.º 6
0
 def start(self):
     self.decoder = remote.DecodeReport(self)
     # don't accept anything unpleasant from the (untrusted) build slave
     # The jellied stream may have Failures, but everything inside should
     # be a string
     security = jelly.SecurityOptions()
     security.allowBasicTypes()
     security.allowInstancesOf(failure.Failure)
     self.decoder.taster = security
     self.results = TwistedJellyTestResults()
     RunUnitTests.start(self)
Exemplo n.º 7
0
 def testTypeSecurity(self):
     """
     test for type-level security of serialization
     """
     taster = jelly.SecurityOptions()
     dct = jelly.jelly({})
     try:
         jelly.unjelly(dct, taster)
         assert 0, "Insecure Jelly unjellied successfully."
     except jelly.InsecureJelly:
         # OK, works
         pass
Exemplo n.º 8
0
    def _testSecurity(self, inputList, atom):
        """
        Helper test method to test security options for a type.

        @param inputList: a sample input for the type.
        @type inputList: L{list}

        @param atom: atom identifier for the type.
        @type atom: L{str}
        """
        c = jelly.jelly(inputList)
        taster = jelly.SecurityOptions()
        taster.allowBasicTypes()
        # By default, it should succeed
        jelly.unjelly(c, taster)
        taster.allowedTypes.pop(atom)
        # But it should raise an exception when disallowed
        self.assertRaises(jelly.InsecureJelly, jelly.unjelly, c, taster)
Exemplo n.º 9
0
    import pickle

from twisted.python.reflect import safe_repr
from twisted.spread import jelly

from bridgedb import Bridges
from bridgedb import filters
from bridgedb.distributors.email import distributor as emailDistributor
from bridgedb.distributors.https import distributor as httpsDistributor
from bridgedb.configure import Conf
#from bridgedb.proxy import ProxySet

_state = None

#: Types and classes which are allowed to be jellied:
_security = jelly.SecurityOptions()
#_security.allowInstancesOf(ProxySet)
_security.allowModules(filters, Bridges, emailDistributor, httpsDistributor)


class MissingState(Exception):
    """Raised when the file or class storing global state is missing."""


def _getState():
    """Retrieve the global state instance.

    :rtype: :class:`~bridgedb.persistent.State`
    :returns: An unpickled de-sexp'ed state object, which may contain just
        about anything, but should contain things like options, loaded config
        settings, etc.