Permalink
Browse files

Write tests for dict.__init__/__builtins__.__init__

Update also 1.0.2 changelog
  • Loading branch information...
1 parent 5fbe725 commit 9344f1208c6ac12ce188a8f6584bb42b725baaf0 Victor Stinner committed Sep 16, 2010
Showing with 33 additions and 12 deletions.
  1. +3 −2 ChangeLog
  2. +30 −10 tests.py
View
@@ -4,8 +4,9 @@ Version 1.0.3 (2010-09-16)
Version 1.0.2 (2010-09-15)
- * SECURITY FIX: Deny access to all dict methods able to modify a dict, not
- only dict.__delitem__ and dict.__setitem__.
+ * SECURITY FIX: Deny access to all dict methods able to modify a dict to
+ protect __builtins__: block clear, pop, popitem, setdefault and update
+ methods (__delitem__ and __setitem__ were already blocked).
Version 1.0.1 (2010-07-26)
* Fix Python 2.5 compatibility
View
@@ -511,17 +511,17 @@ def setDict(person):
else:
print "USE_CSANDBOX=False: disable test_modify_objectproxy()"
-def builtins_superglobal():
- if isinstance(__builtins__, dict):
- __builtins__['SUPERGLOBAL'] = 42
- assert SUPERGLOBAL == 42
- del __builtins__['SUPERGLOBAL']
- else:
- __builtins__.SUPERGLOBAL = 42
- assert SUPERGLOBAL == 42
- del __builtins__.SUPERGLOBAL
+def test_builtins_setitem():
+ def builtins_superglobal():
+ if isinstance(__builtins__, dict):
+ __builtins__['SUPERGLOBAL'] = 42
+ assert SUPERGLOBAL == 42
+ del __builtins__['SUPERGLOBAL']
+ else:
+ __builtins__.SUPERGLOBAL = 42
+ assert SUPERGLOBAL == 42
+ del __builtins__.SUPERGLOBAL
-def test_modify_builtins():
def readonly_builtins():
try:
builtins_superglobal()
@@ -533,6 +533,26 @@ def readonly_builtins():
builtins_superglobal()
+def test_builtins_init():
+ def check_init():
+ try:
+ __builtins__.__init__({})
+ except SandboxError, err:
+ assert str(err) == "Read only object"
+ else:
+ assert False
+ createSandbox().call(check_init)
+
+ def check_dict_init():
+ try:
+ dict.__init__(__builtins__, {})
+ except ImportError, err:
+ assert str(err) == 'Import "_warnings" blocked by the sandbox'
+ else:
+ assert False
+ config = createSandboxConfig()
+ Sandbox(config).call(check_dict_init)
+
def builtins_dict_superglobal():
dict.__setitem__(__builtins__, 'SUPERGLOBAL', 42)
assert SUPERGLOBAL == 42

0 comments on commit 9344f12

Please sign in to comment.