Commit ff2e471a authored by Jérome Perrin's avatar Jérome Perrin Committed by Your Name

restricted: allow urlparse in restricted python

/reviewed-on nexedi/erp5!839
parent fa4ca0c5
......@@ -261,6 +261,9 @@ allow_type(type(hashlib.md5()))
allow_module('time')
allow_module('unicodedata')
allow_module('urlparse')
import urlparse
allow_type(urlparse.ParseResult)
allow_type(urlparse.SplitResult)
allow_module('struct')
ModuleSecurityInfo('os.path').declarePublic(
......
......@@ -91,7 +91,35 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
self.createAndRunScript('import decimal',
'return decimal.Decimal.from_float(3.3)')
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestRestrictedPythonSecurity))
return suite
def test_urlparse(self):
self.createAndRunScript(
'import urlparse',
'return urlparse.urlparse("http://example.com/pa/th/?q=s").path',
expected='/pa/th/'
)
# access computed attributes (property) is also OK
self.createAndRunScript(
'import urlparse',
'return urlparse.urlparse("http://example.com/pa/th/?q=s").hostname',
expected='example.com'
)
self.createAndRunScript(
'import urlparse',
'return urlparse.urlsplit("http://example.com/pa/th/?q=s").path',
expected='/pa/th/'
)
self.createAndRunScript(
'import urlparse',
'return urlparse.urldefrag("http://example.com/#frag")[1]',
expected='frag'
)
self.createAndRunScript(
'import urlparse',
'return urlparse.parse_qs("q=s")',
expected={'q': ['s']}
)
self.createAndRunScript(
'import urlparse',
'return urlparse.parse_qsl("q=s")',
expected=[('q', 's')]
)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment