def test_get_required_parameters_when_single_dependency_and_many_params( self): values_provider = DependantScriptValuesProvider( 'ls ${param1}', self.create_parameters_supplier('param1', 'param2', 'param3')) self.assertCountEqual(['param1'], values_provider.get_required_parameters())
def test_no_code_injection_for_and_operator(self, shell, expected_values): values_provider = DependantScriptValuesProvider( "echo ${param1}", self.create_parameters_supplier('param1'), shell=shell) self.assertEqual(expected_values, values_provider.get_values({'param1': '1 && echo 2'}))
def test_get_required_parameters_when_multiple_dependencies(self, shell): values_provider = DependantScriptValuesProvider( 'ls ${param1}/${param2}', self.create_parameters_supplier('param1', 'param2', 'param3'), shell=shell) self.assertCountEqual(['param1', 'param2'], values_provider.get_required_parameters())
def test_get_values_when_numeric_parameter(self, shell): values_provider = DependantScriptValuesProvider( "echo '_${param1}_'", self.create_parameters_supplier('param1'), shell=shell) self.assertEqual(['_123_'], values_provider.get_values({'param1': 123}))
def test_get_values_when_parameter_repeats(self, shell): values_provider = DependantScriptValuesProvider( "echo '_${param1}_\n' 'test\n' '+${param1}+'", self.create_parameters_supplier('param1'), shell=shell) self.assertEqual(['_123_', ' test', ' +123+'], values_provider.get_values({'param1': '123'}))
def test_get_values_when_single_parameter(self, shell): values_provider = DependantScriptValuesProvider( "echo '_${param1}_'", self.create_parameters_supplier('param1'), shell=shell) self.assertEqual(['_hello world_'], values_provider.get_values({'param1': 'hello world'}))
def test_get_required_parameters_when_single_dependency(self, shell): values_provider = DependantScriptValuesProvider( 'ls ${param1}', self.create_parameters_supplier('param1'), shell=shell) self.assertCountEqual(['param1'], values_provider.get_required_parameters())
def test_get_values_when_newline_response(self, shell): values_provider = DependantScriptValuesProvider( "ls '${param1}'", self.create_parameters_supplier('param1'), shell=shell) self.assertEqual([], values_provider.get_values( {'param1': test_utils.temp_folder}))
def test_get_values_when_multiple_parameters(self): files_path = os.path.join(test_utils.temp_folder, 'path1', 'path2') for i in range(0, 5): file_utils.write_file(os.path.join(files_path, 'f' + str(i) + '.txt'), 'test') values_provider = DependantScriptValuesProvider( 'ls ' + test_utils.temp_folder + '/${param1}/${param2}', self.create_parameters_supplier('param1', 'param2')) self.assertEqual(['f0.txt', 'f1.txt', 'f2.txt', 'f3.txt', 'f4.txt'], values_provider.get_values({'param1': 'path1', 'param2': 'path2'}))
def test_no_code_injection_for_pipe_operator(self, shell, expected_values): test_utils.create_files(['x1', 'y2', 'y3']) values_provider = DependantScriptValuesProvider( "ls ${param1}", self.create_parameters_supplier('param1'), shell=shell) self.assertEqual( expected_values, values_provider.get_values( {'param1': test_utils.temp_folder + ' | grep y'}))
def _create_values_provider(self, values_config, type, constant): if constant: return NoneValuesProvider() if self._is_plain_server_file(): return FilesProvider(self._list_files_dir, self.file_type, self.file_extensions) if (type != 'list') and (type != PARAM_TYPE_MULTISELECT): return NoneValuesProvider() if is_empty(values_config): return EmptyValuesProvider() if isinstance(values_config, list): return ConstValuesProvider(values_config) elif 'script' in values_config: script = values_config['script'] if '${' not in script: return ScriptValuesProvider(script) return DependantScriptValuesProvider(script, self._parameters_supplier) else: message = 'Unsupported "values" format for ' + self.name raise Exception(message)
def _create_values_provider(self, values_config, type, constant): if constant: return NoneValuesProvider() if self._is_plain_server_file(): return FilesProvider(self._list_files_dir, self.file_type, self.file_extensions) if (type in [PARAM_TYPE_MULTISELECT, PARAM_TYPE_LIST]): if is_empty(values_config): return EmptyValuesProvider() if isinstance(values_config, list): return ConstValuesProvider(values_config) if PARAM_TYPE_DEPENDANT_LIST in values_config: return DependantValuesProvider( self.name, values_config[PARAM_TYPE_DEPENDANT_LIST], self._parameters_supplier) if 'script' in values_config: script = replace_auth_vars(values_config['script'], self._username, self._audit_name) if '${' not in script: return ScriptValuesProvider(script) return DependantScriptValuesProvider(script, self._parameters_supplier) elif (type in ["text"]): if is_empty(values_config): return NoneValuesProvider() if 'script' in values_config: script = values_config['script'] if '${' not in script: return ScriptValuesProvider(script) return DependantScriptValuesProvider(script, self._parameters_supplier) else: return NoneValuesProvider() message = 'Unsupported "values" format for ' + self.name raise Exception(message)
def _create_values_provider(values, parameter, parameters): if values: if isinstance(values, list): return ConstValuesProvider(values) elif 'script' in values: script = values['script'] if '${' not in script: return ScriptValuesProvider(script) return DependantScriptValuesProvider(script, parameters) else: raise Exception('Unsupported "values" format for ' + parameter.name) else: return EmptyValuesProvider()
def _create_values_provider(self, values_config, type, constant): if constant or ((type != 'list') and (type != 'multiselect')): return NoneValuesProvider() if is_empty(values_config): return EmptyValuesProvider() if isinstance(values_config, list): return ConstValuesProvider(values_config) elif 'script' in values_config: script = values_config['script'] if '${' not in script: return ScriptValuesProvider(script) return DependantScriptValuesProvider(script, self._parameters_supplier) else: message = 'Unsupported "values" format for ' + self.name raise Exception(message)
def _create_values_provider(self, values_config, type, constant): if constant: return NoneValuesProvider() if self._is_plain_server_file(): return FilesProvider(self._list_files_dir, self.file_type, self.file_extensions, self.excluded_files_matcher) if (type != 'list') and (type != PARAM_TYPE_MULTISELECT) and ( type != PARAM_TYPE_EDITABLE_LIST): return NoneValuesProvider() if is_empty(values_config): return EmptyValuesProvider() if isinstance(values_config, list): return ConstValuesProvider(values_config) elif 'script' in values_config: original_script = values_config['script'] has_variables = ('${' in original_script) script = replace_auth_vars(original_script, self._username, self._audit_name) shell = read_bool_from_config('shell', values_config, default=not has_variables) if '${' not in script: return ScriptValuesProvider(script, shell) return DependantScriptValuesProvider(script, self._parameters_supplier, shell) else: message = 'Unsupported "values" format for ' + self.name raise Exception(message)
def test_script_fails(self): values_provider = DependantScriptValuesProvider( "echo2 ${param1}", self.create_parameters_supplier('param1')) self.assertEqual([], values_provider.get_values({'param1': 'abc'}))
def test_no_code_injection(self): values_provider = DependantScriptValuesProvider( "echo ${param1}", self.create_parameters_supplier('param1')) self.assertEqual(['1 && echo 2'], values_provider.get_values({'param1': '1 && echo 2'}))
def test_get_values_when_no_values(self): values_provider = DependantScriptValuesProvider( 'ls ${param1}', self.create_parameters_supplier('param1')) self.assertEqual([], values_provider.get_values({}))