-
-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Branch: refs/heads/4.3.x Date: 2018-04-12T00:59:14+02:00 Author: Joni Orponen (Rotonen) <joni.orponen@gmail.com> Commit: plone/Products.CMFPlone@91dd1c3 Move the gtbn_funcglobals patch security test to functional tests. Files changed: M Products/CMFPlone/tests/testSecurity.py M docs/CHANGES.rst Repository: Products.CMFPlone Branch: refs/heads/4.3.x Date: 2018-04-12T12:49:14+02:00 Author: Maurits van Rees (mauritsvanrees) <maurits@vanrees.org> Commit: plone/Products.CMFPlone@a9caf4e Merge pull request #2382 from plone/roto-move-test-4.3.x Move the gtbn_funcglobals patch security test to functional tests Files changed: M Products/CMFPlone/tests/testSecurity.py M docs/CHANGES.rst
- Loading branch information
1 parent
f3eabca
commit deaf687
Showing
1 changed file
with
117 additions
and
111 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,128 +1,134 @@ | ||
| Repository: plone.recipe.zope2instance | ||
| Repository: Products.CMFPlone | ||
|
|
||
|
|
||
| Branch: refs/heads/4.x | ||
| Date: 2018-04-09T10:45:49-04:00 | ||
| Author: David Glick (davisagli) <dglick@gmail.com> | ||
| Commit: https://github.com/plone/plone.recipe.zope2instance/commit/b6262406a9ce012538a3423d8452643a961c401a | ||
| Branch: refs/heads/4.3.x | ||
| Date: 2018-04-12T00:59:14+02:00 | ||
| Author: Joni Orponen (Rotonen) <joni.orponen@gmail.com> | ||
| Commit: https://github.com/plone/Products.CMFPlone/commit/91dd1c395ab7f50ca6f6c0db678984278bcff9f0 | ||
|
|
||
| try to fix travis on 4.x branch | ||
| Move the gtbn_funcglobals patch security test to functional tests. | ||
|
|
||
| Files changed: | ||
| M .travis.yml | ||
|
|
||
| diff --git a/.travis.yml b/.travis.yml | ||
| index ce74056..3f7c5e8 100644 | ||
| --- a/.travis.yml | ||
| +++ b/.travis.yml | ||
| @@ -2,6 +2,7 @@ language: python | ||
| python: | ||
| - 2.7 | ||
| install: | ||
| - - python bootstrap.py | ||
| + - pip install setuptools==33.1.1 zc.buildout==2.5.3 | ||
| + - buildout bootstrap | ||
| - bin/buildout -t 3 | ||
| script: bin/test | ||
|
|
||
|
|
||
| Repository: plone.recipe.zope2instance | ||
|
|
||
|
|
||
| Branch: refs/heads/4.x | ||
| Date: 2018-04-09T10:49:47-04:00 | ||
| Author: David Glick (davisagli) <dglick@gmail.com> | ||
| Commit: https://github.com/plone/plone.recipe.zope2instance/commit/1494bb2e96723bf4d9489b5bce83689b1662954e | ||
|
|
||
| update buildout | ||
|
|
||
| Files changed: | ||
| M .travis.yml | ||
| M buildout.cfg | ||
|
|
||
| diff --git a/.travis.yml b/.travis.yml | ||
| index 3f7c5e8..526fc4c 100644 | ||
| --- a/.travis.yml | ||
| +++ b/.travis.yml | ||
| @@ -2,7 +2,7 @@ language: python | ||
| python: | ||
| - 2.7 | ||
| install: | ||
| - - pip install setuptools==33.1.1 zc.buildout==2.5.3 | ||
| + - pip install setuptools==33.1.1 zc.buildout==2.3.1 | ||
| - buildout bootstrap | ||
| - bin/buildout -t 3 | ||
| script: bin/test | ||
| diff --git a/buildout.cfg b/buildout.cfg | ||
| index a754baf..09a181e 100644 | ||
| --- a/buildout.cfg | ||
| +++ b/buildout.cfg | ||
| @@ -1,13 +1,11 @@ | ||
| [buildout] | ||
| -extends = http://download.zope.org/Zope2/index/2.13.21/versions.cfg | ||
| +index = https://pypi.python.org/simple/ | ||
| +extends = http://download.zope.org/Zope2/index/2.13.26/versions.cfg | ||
|
|
||
| versions = versions | ||
| develop = . | ||
| parts = test | ||
|
|
||
| -[versions] | ||
| -setuptools = 7.0 | ||
| M Products/CMFPlone/tests/testSecurity.py | ||
| M docs/CHANGES.rst | ||
|
|
||
| diff --git a/Products/CMFPlone/tests/testSecurity.py b/Products/CMFPlone/tests/testSecurity.py | ||
| index a411a18f1..44c57b2ad 100644 | ||
| --- a/Products/CMFPlone/tests/testSecurity.py | ||
| +++ b/Products/CMFPlone/tests/testSecurity.py | ||
| @@ -12,15 +12,6 @@ | ||
|
|
||
| class TestAttackVectorsUnit(unittest.TestCase): | ||
|
|
||
| - def test_gtbn_funcglobals(self): | ||
| - from Products.CMFPlone.utils import getToolByName | ||
| - try: | ||
| - getToolByName(self.assertTrue,'func_globals')['__builtins__'] | ||
| - except TypeError: | ||
| - pass | ||
| - else: | ||
| - self.fail('getToolByName should block access to non CMF tools') | ||
| - | ||
| [test] | ||
| recipe = zc.recipe.testrunner | ||
| eggs = plone.recipe.zope2instance | ||
| def test_setHeader_drops_LF(self): | ||
| from ZPublisher.HTTPResponse import HTTPResponse | ||
| response = HTTPResponse() | ||
| @@ -62,6 +53,15 @@ def test_get_request_var_or_attr_disallowed(self): | ||
|
|
||
| class TestAttackVectorsFunctional(ptc.FunctionalTestCase): | ||
|
|
||
| + def test_gtbn_funcglobals(self): | ||
| + from Products.CMFPlone.utils import getToolByName | ||
| + try: | ||
| + getToolByName(self.assertTrue,'func_globals')['__builtins__'] | ||
| + except TypeError: | ||
| + pass | ||
| + else: | ||
| + self.fail('getToolByName should block access to non CMF tools') | ||
| + | ||
| def test_widget_traversal_1(self): | ||
| res = self.publish('/plone/@@discussion-settings/++widget++moderator_email') | ||
| self.assertEqual(302, res.status) | ||
| diff --git a/docs/CHANGES.rst b/docs/CHANGES.rst | ||
| index c38d14c5b..495b01e6a 100644 | ||
| --- a/docs/CHANGES.rst | ||
| +++ b/docs/CHANGES.rst | ||
| @@ -19,7 +19,8 @@ New features: | ||
|
|
||
| Bug fixes: | ||
|
|
||
| -- *add item here* | ||
| +- Unflakied a unit test. | ||
| + [Rotonen] | ||
|
|
||
|
|
||
| 4.3.17 (2018-03-07) | ||
|
|
||
|
|
||
| Repository: plone.recipe.zope2instance | ||
| Repository: Products.CMFPlone | ||
|
|
||
|
|
||
| Branch: refs/heads/4.x | ||
| Date: 2018-04-09T13:09:09-04:00 | ||
| Author: David Glick (davisagli) <david.glick@plone.org> | ||
| Commit: https://github.com/plone/plone.recipe.zope2instance/commit/40fc676acf4fefb50346ca41ed13bd078e83a51d | ||
| Branch: refs/heads/4.3.x | ||
| Date: 2018-04-12T12:49:14+02:00 | ||
| Author: Maurits van Rees (mauritsvanrees) <maurits@vanrees.org> | ||
| Commit: https://github.com/plone/Products.CMFPlone/commit/a9caf4e3bc0a6ab176b8538bbfe318019eeb6bfb | ||
|
|
||
| Merge pull request #40 from plone/fix-travis | ||
| Merge pull request #2382 from plone/roto-move-test-4.3.x | ||
|
|
||
| Fix travis build on 4.x branch | ||
| Move the gtbn_funcglobals patch security test to functional tests | ||
|
|
||
| Files changed: | ||
| M .travis.yml | ||
| M buildout.cfg | ||
|
|
||
| diff --git a/.travis.yml b/.travis.yml | ||
| index ce74056..526fc4c 100644 | ||
| --- a/.travis.yml | ||
| +++ b/.travis.yml | ||
| @@ -2,6 +2,7 @@ language: python | ||
| python: | ||
| - 2.7 | ||
| install: | ||
| - - python bootstrap.py | ||
| + - pip install setuptools==33.1.1 zc.buildout==2.3.1 | ||
| + - buildout bootstrap | ||
| - bin/buildout -t 3 | ||
| script: bin/test | ||
| diff --git a/buildout.cfg b/buildout.cfg | ||
| index a754baf..09a181e 100644 | ||
| --- a/buildout.cfg | ||
| +++ b/buildout.cfg | ||
| @@ -1,13 +1,11 @@ | ||
| [buildout] | ||
| -extends = http://download.zope.org/Zope2/index/2.13.21/versions.cfg | ||
| +index = https://pypi.python.org/simple/ | ||
| +extends = http://download.zope.org/Zope2/index/2.13.26/versions.cfg | ||
|
|
||
| versions = versions | ||
| develop = . | ||
| parts = test | ||
|
|
||
| -[versions] | ||
| -setuptools = 7.0 | ||
| M Products/CMFPlone/tests/testSecurity.py | ||
| M docs/CHANGES.rst | ||
|
|
||
| diff --git a/Products/CMFPlone/tests/testSecurity.py b/Products/CMFPlone/tests/testSecurity.py | ||
| index a411a18f1..44c57b2ad 100644 | ||
| --- a/Products/CMFPlone/tests/testSecurity.py | ||
| +++ b/Products/CMFPlone/tests/testSecurity.py | ||
| @@ -12,15 +12,6 @@ | ||
|
|
||
| class TestAttackVectorsUnit(unittest.TestCase): | ||
|
|
||
| - def test_gtbn_funcglobals(self): | ||
| - from Products.CMFPlone.utils import getToolByName | ||
| - try: | ||
| - getToolByName(self.assertTrue,'func_globals')['__builtins__'] | ||
| - except TypeError: | ||
| - pass | ||
| - else: | ||
| - self.fail('getToolByName should block access to non CMF tools') | ||
| - | ||
| [test] | ||
| recipe = zc.recipe.testrunner | ||
| eggs = plone.recipe.zope2instance | ||
| def test_setHeader_drops_LF(self): | ||
| from ZPublisher.HTTPResponse import HTTPResponse | ||
| response = HTTPResponse() | ||
| @@ -62,6 +53,15 @@ def test_get_request_var_or_attr_disallowed(self): | ||
|
|
||
| class TestAttackVectorsFunctional(ptc.FunctionalTestCase): | ||
|
|
||
| + def test_gtbn_funcglobals(self): | ||
| + from Products.CMFPlone.utils import getToolByName | ||
| + try: | ||
| + getToolByName(self.assertTrue,'func_globals')['__builtins__'] | ||
| + except TypeError: | ||
| + pass | ||
| + else: | ||
| + self.fail('getToolByName should block access to non CMF tools') | ||
| + | ||
| def test_widget_traversal_1(self): | ||
| res = self.publish('/plone/@@discussion-settings/++widget++moderator_email') | ||
| self.assertEqual(302, res.status) | ||
| diff --git a/docs/CHANGES.rst b/docs/CHANGES.rst | ||
| index c38d14c5b..495b01e6a 100644 | ||
| --- a/docs/CHANGES.rst | ||
| +++ b/docs/CHANGES.rst | ||
| @@ -19,7 +19,8 @@ New features: | ||
|
|
||
| Bug fixes: | ||
|
|
||
| -- *add item here* | ||
| +- Unflakied a unit test. | ||
| + [Rotonen] | ||
|
|
||
|
|
||
| 4.3.17 (2018-03-07) | ||
|
|
||
|
|