def test_can_clean_list(self):
self.assertEqual(clean_request_input(
['<img """><script>alert(\'hey\')</script>">', '<img """><script>alert(\'hey\')</script>">']
), [
'<img """><script>alert('hey')</script>">',
'<img """><script>alert('hey')</script>">'
])
def input(self, name, default=False, clean=True):
"""Get a specific input value.
Arguments:
name {string} -- Key of the input data
Keyword Arguments:
default {string} -- Default value if input does not exist (default: {False})
clean {bool} -- Whether or not the return value should be
cleaned (default: {True})
Returns:
string
"""
if '.' in name and isinstance(
self.request_variables.get(name.split('.')[0]), dict):
value = DictDot().dot(name, self.request_variables)
if value:
return value
elif '.' in name:
name = dot(name, "{1}[{.}]")
return clean_request_input(self.request_variables.get(name, default),
clean=clean)
def test_can_clean_dictionary(self):
self.assertEqual(
clean_request_input(
{'key': '<img """><script>alert(\'hey\')</script>">'}),
{
'key':
'<img """><script>alert('hey')</script>">'
})
def all(self, internal_variables=True, clean=True):
"""Get all the input data.
Keyword Arguments:
internal_variables {bool} -- Get the internal framework variables as well (default: {True})
clean {bool} -- Whether or not the return value should be cleaned (default: {True})
Returns:
dict
"""
if not internal_variables:
without_internals = {}
for key, value in self.request_variables.items():
if not key.startswith('__'):
without_internals.update({key: value})
return clean_request_input(without_internals, clean=clean)
return clean_request_input(self.request_variables, clean=clean)
def test_can_clean_multiple_dictionary(self):
assert clean_request_input({
"conta_corrente": {
"ocultar": False,
"visao_geral": True,
"extrato": True
}
}) == {
"conta_corrente": {
"ocultar": False,
"visao_geral": True,
"extrato": True
}
}
def _set_standardized_request_variables(self, variables):
"""The input data is not perfect so we have to standardize it into a dictionary.
Arguments:
variables {string|dict}
"""
if isinstance(variables, str):
variables = dict(parse_qsl(variables))
try:
for name in variables.keys():
value = clean_request_input(self._get_standardized_value(variables[name]))
self.request_variables[name.replace('[]', '')] = value
except TypeError:
self.request_variables = {}
def test_can_clean_string(self):
self.assertEqual(
clean_request_input('<img """><script>alert(\'hey\')</script>">'),
'<img """><script>alert('hey')</script>">'
)
def test_does_not_clean_field_storage_objects(self):
fieldstorage = FieldStorageTest()
self.assertEqual(clean_request_input(fieldstorage), fieldstorage)
def test_does_not_clean_bytes_objects_with_dicts(self):
obj = {'x': b'test'}
self.assertEqual(clean_request_input(obj), obj)
def test_does_not_clean_bytes_objects(self):
obj = [b'test', b'test']
self.assertEqual(clean_request_input(obj), obj)
def test_does_not_clean_field_storage_objects(self):
fieldstorage = FieldStorageTest()
assert clean_request_input(fieldstorage) == fieldstorage
