[Zope-Checkins] CVS: Zope/lib/python/OFS/tests - testProperties.py:1.1.2.1

[Tres Seaver]

Update of /cvs-repository/Zope/lib/python/OFS/tests
In directory cvs.zope.org:/tmp/cvs-serv734/lib/python/OFS/tests

Added Files:
      Tag: Zope-2_6-branch
	testProperties.py 
Log Message:


  - Some property types were stored in a mutable data type (list) which 
    could potentially allow untrusted code to effect changes on those 
    properties without going through appropriate security checks in 
    particular scenarios.



=== Added File Zope/lib/python/OFS/tests/testProperties.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################

import os, sys, unittest
from OFS.PropertyManager import PropertyManager
from OFS.PropertySheets import PropertySheet


class TestObject(PropertyManager):
    pass


class TestProperties( unittest.TestCase ):
    """Property management tests."""

    def testLinesPropertyIsTuple( self ):
        inst = TestObject()

        inst._setProperty('prop', ['xxx', 'yyy'], 'lines')
        self.failUnless(type(inst.getProperty('prop')) == type(()))
        self.failUnless(type(inst.prop) == type(()))

        inst._setPropValue('prop', ['xxx', 'yyy'])
        self.failUnless(type(inst.getProperty('prop')) == type(()))
        self.failUnless(type(inst.prop) == type(()))

        inst._updateProperty('prop', ['xxx', 'yyy'])
        self.failUnless(type(inst.getProperty('prop')) == type(()))
        self.failUnless(type(inst.prop) == type(()))

        inst.manage_addProperty('prop2', ['xxx', 'yyy'], 'lines')
        self.failUnless(type(inst.getProperty('prop2')) == type(()))
        self.failUnless(type(inst.prop2) == type(()))


    def testPropertySheetLinesPropertyIsTuple(self):
        inst = PropertySheet('foo')

        inst._setProperty('prop', ['xxx', 'yyy'], 'lines')
        self.failUnless(type(inst.getProperty('prop')) == type(()))
        self.failUnless(type(inst.prop) == type(()))

        inst._updateProperty('prop', ['xxx', 'yyy'])
        self.failUnless(type(inst.getProperty('prop')) == type(()))
        self.failUnless(type(inst.prop) == type(()))

        inst.manage_addProperty('prop2', ['xxx', 'yyy'], 'lines')
        self.failUnless(type(inst.getProperty('prop2')) == type(()))
        self.failUnless(type(inst.prop2) == type(()))



def test_suite():
    suite = unittest.TestSuite()
    suite.addTest( unittest.makeSuite( TestProperties ) )
    return suite

def main():
    unittest.main(defaultTest='test_suite')

if __name__ == '__main__':
    main()