Skip to content

Commit

Permalink
Bugfix: ZOPE_WATCH_CHECKERS=1 used to miss most of the checks
Browse files Browse the repository at this point in the history
  • Loading branch information
@mgedmin
mgedmin committed Mar 27, 2013
1 parent bc75e97 commit 275754c
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGES.rst
View file
Expand Up @@ -8,6 +8,8 @@ CHANGES
- Bugfix: ZOPE_WATCH_CHECKERS=2 used to incorrectly suppress
unauthorized/forbidden warnings.

- Bugfix: ZOPE_WATCH_CHECKERS=1 used to miss most of the checks.


4.0.0b1 (2013-03-11)
--------------------
Expand Down
2 changes: 2 additions & 0 deletions src/zope/security/checker.py
View file
Expand Up @@ -558,6 +558,8 @@ def check_getattr(self, object, name):
'[CHK] - Forbidden getattr: %s on %r' % (name, object))
raise

__setitem__ = check_getattr

def check_setattr(self, object, name):
try:
super(CheckerLoggingMixin, self).check_setattr(object, name)
Expand Down
12 changes: 12 additions & 0 deletions src/zope/security/tests/test_checker.py
View file
Expand Up @@ -1252,6 +1252,18 @@ def test_check_setattr_forbidden_attribute(self):
self.assertEqual(checker._file[0],
'[CHK] - Forbidden setattr: name on TESTING\n')

def test_check_setitem_unauthorized(self):
# __setitem__ is an alias for check_getattr, used for speed reasons
# (AFAIU calling tp_setitem from C is much faster than calling a
# method by name).
from zope.security.interfaces import Unauthorized
checker = self._makeOne(Unauthorized)
self.assertRaises(Unauthorized,
checker.__setitem__, self._makeObject(), 'name')
self.assertEqual(len(checker._file), 1)
self.assertEqual(checker._file[0],
'[CHK] - Unauthorized getattr: name on TESTING\n')


class Test__instanceChecker(unittest.TestCase):

Expand Down

0 comments on commit 275754c

Please sign in to comment.