def test_xml_import_permission(self): logger = APILogger() # read the file file_full_path = os.path.join(xml_path, 'test_add.xml') with open(file_full_path) as opened_file: content = opened_file.read() # process the XML processor = processors.XMLImportProcessor(logger=logger) modules = processor.process(content) importer = importers.APIImporter(self.user, logger=logger) # try importing before the part is made for module in modules: importer.add_module_data(module) if logger.was_success(): self.fail("Imported to non-existent part") logger.clear() # make the part now self.part = Thing( fullname='test', type='part', parent=self.tripos, name='test' ) self.part.save() # try importing with no permission for module in modules: importer.add_module_data(module) if logger.was_success(): self.fail("Imported without permission") else: if logger.failed: self.fail("Failed to import data") logger.clear() # now give permissions and try again tag = ThingTag( thing=self.userthing, targetthing=self.part, annotation="admin" ) tag.save() for module in modules: importer.add_module_data(module) if not logger.was_success(): self.fail("Import failed "+logger.summary())
def test_malformed_import(self): files = [ 'test_badtime.xml', 'test_malformed.xml' ] logger = APILogger() for fname in files: logger.clear() file_full_path = os.path.join(xml_path, fname) with open(file_full_path) as opened_file: content = opened_file.read() processor = processors.XMLImportProcessor(logger=logger) processor.process(content) if logger.was_success(): self.fail("Imported malformed XML ({0})".format(fname))
def test_bad_xml_protection(self): files = [ 'BAD_dtdretrieve.xml', 'BAD_entityexpansion1.xml', 'BAD_entityexpansion2.xml', 'BAD_quadexpand.xml', 'BAD_xmlbomb.xml' ] logger = APILogger() for fname in files: logger.clear() file_full_path = os.path.join(xml_path, fname) with open(file_full_path) as opened_file: content = opened_file.read() processor = processors.XMLImportProcessor(logger=logger) processor.process(content) if logger.was_success(): self.fail("Imported malicious XML ({0})".format(fname))