[Zope-Checkins] CVS: Products/Transience/tests -
testTransientObject.py:1.8.68.2
Jens Vagelpohl
jens at dataflake.org
Sat Oct 1 09:18:49 EDT 2005
Update of /cvs-repository/Products/Transience/tests
In directory cvs.zope.org:/tmp/cvs-serv19060/lib/python/Products/Transience/tests
Modified Files:
Tag: Zope-2_7-branch
testTransientObject.py
Log Message:
- Collector #1863: Prevent possibly sensitive information to leak via
the TransientObject's __repr__ method.
=== Products/Transience/tests/testTransientObject.py 1.8.68.1 => 1.8.68.2 ===
--- Products/Transience/tests/testTransientObject.py:1.8.68.1 Fri May 14 18:52:13 2004
+++ Products/Transience/tests/testTransientObject.py Sat Oct 1 09:18:19 2005
@@ -115,6 +115,15 @@
t.delete('foobie')
self.assertEqual(t.get('foobie'), None)
+ def test_repr_leaking_information(self):
+ # __repr__ used to show all contents, which could lead to sensitive
+ # information being visible in e.g. the ErrorLog object.
+ t = self.t.new('password-storing-session')
+ t.set('__ac_password__', 'secret')
+ self.failIf( repr(t).find('secret') != -1
+ , '__repr__ leaks: %s' % repr(t)
+ )
+
def test_suite():
testsuite = makeSuite(TestTransientObject, 'test')
More information about the Zope-Checkins
mailing list