[CMF-checkins] CVS: CMF/CMFDefault/tests -
test_RegistrationTool.py:1.2.26.1
Tres Seaver
tseaver at zope.com
Fri May 14 17:44:44 EDT 2004
Update of /cvs-repository/CMF/CMFDefault/tests
In directory cvs.zope.org:/tmp/cvs-serv13517/CMFDefault/tests
Modified Files:
Tag: CMF-1_4-branch
test_RegistrationTool.py
Log Message:
- Collector #243: unscrubbed member property, 'email' could allow
mail header injection.
- Prep for 1.4.4 release.
=== CMF/CMFDefault/tests/test_RegistrationTool.py 1.2 => 1.2.26.1 ===
--- CMF/CMFDefault/tests/test_RegistrationTool.py:1.2 Mon Jan 6 16:07:26 2003
+++ CMF/CMFDefault/tests/test_RegistrationTool.py Fri May 14 17:44:14 2004
@@ -1,31 +1,79 @@
-from unittest import TestCase, TestSuite, makeSuite, main
+import unittest
+from Products.CMFCore.tests.base.testcase import RequestTest
import Zope
-try:
- from Interface.Verify import verifyClass
-except ImportError:
- # for Zope versions before 2.6.0
- from Interface import verify_class_implementation as verifyClass
-from Products.CMFDefault.RegistrationTool import RegistrationTool
+class FauxMembershipTool:
+ def getMemberById( self, username ):
+ return None
-class RegistrationToolTests(TestCase):
+class RegistrationToolTests(RequestTest):
+
+ def _getTargetClass(self):
+
+ from Products.CMFDefault.RegistrationTool import RegistrationTool
+ return RegistrationTool
+
+ def _makeOne(self, *args, **kw):
+
+ return self._getTargetClass()(*args, **kw)
def test_interface(self):
+
from Products.CMFCore.interfaces.portal_registration \
import portal_registration as IRegistrationTool
from Products.CMFCore.interfaces.portal_actions \
import ActionProvider as IActionProvider
+ try:
+ from Interface.Verify import verifyClass
+ except ImportError:
+ # for Zope versions before 2.6.0
+ from Interface import verify_class_implementation as verifyClass
+
+ verifyClass(IRegistrationTool, self._getTargetClass())
+ verifyClass(IActionProvider, self._getTargetClass())
+
+ def test_testPropertiesValidity_new_invalid_email( self ):
+
+ tool = self._makeOne().__of__( self.root )
+ self.root.portal_membership = FauxMembershipTool()
+
+ props = { 'email' : 'this is not an e-mail address'
+ , 'username' : 'username'
+ }
+
+ result = tool.testPropertiesValidity( props, None )
+
+ self.failIf( result is None, 'Invalid e-mail passed inspection' )
+
+ def test_spamcannon_collector_243( self ):
+
+ INJECTED_HEADERS = """
+To:someone at example.com
+cc:another_victim at elsewhere.example.com
+From:someone at example.com
+Subject:Hosed by Spam Cannon!
+
+Spam, spam, spam
+"""
+
+ tool = self._makeOne().__of__( self.root )
+ self.root.portal_membership = FauxMembershipTool()
+
+ props = { 'email' : INJECTED_HEADERS
+ , 'username' : 'username'
+ }
+
+ result = tool.testPropertiesValidity( props, None )
- verifyClass(IRegistrationTool, RegistrationTool)
- verifyClass(IActionProvider, RegistrationTool)
+ self.failIf( result is None, 'Invalid e-mail passed inspection' )
def test_suite():
- return TestSuite((
- makeSuite( RegistrationToolTests ),
+ return unittest.TestSuite((
+ unittest.makeSuite( RegistrationToolTests ),
))
if __name__ == '__main__':
- main(defaultTest='test_suite')
+ unittest.main(defaultTest='test_suite')
More information about the CMF-checkins
mailing list