Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
138
Merge Requests
138
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
erp5
Commits
ad3b49c2
Commit
ad3b49c2
authored
Jul 13, 2022
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'origin/master' into zope4py2
parents
b9d9c26a
9405ec7d
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
55 additions
and
11 deletions
+55
-11
bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testRestrictedPythonSecurity.py
...rtal_components/test.erp5.testRestrictedPythonSecurity.py
+35
-0
product/ERP5/bootstrap/erp5_core/ToolComponentTemplateItem/portal_components/tool.erp5.SessionTool.py
...ntTemplateItem/portal_components/tool.erp5.SessionTool.py
+7
-7
product/ERP5Type/patches/CMFCoreSkinnable.py
product/ERP5Type/patches/CMFCoreSkinnable.py
+1
-1
product/ERP5Type/patches/Restricted.py
product/ERP5Type/patches/Restricted.py
+9
-0
product/ERP5Type/tests/ERP5TypeLiveTestCase.py
product/ERP5Type/tests/ERP5TypeLiveTestCase.py
+2
-2
product/ERP5Type/tests/ERP5TypeTestCase.py
product/ERP5Type/tests/ERP5TypeTestCase.py
+1
-1
No files found.
bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testRestrictedPythonSecurity.py
View file @
ad3b49c2
...
...
@@ -770,6 +770,41 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
'''
.
format
(
malicous_input
)
)
def
testIpAddressModuleAllowance
(
self
):
# Test ipaddress usability
self
.
createAndRunScript
(
'import ipaddress'
)
self
.
createAndRunScript
(
'''
from ipaddress import ip_address
return ip_address(u'90.4.85.17').is_global
'''
)
self
.
createAndRunScript
(
'''
from ipaddress import ip_network
return ip_network(u'90.4.0.0/16').is_private
'''
)
self
.
createAndRunScript
(
'''
from ipaddress import ip_address, ip_network
return ip_address(u'90.4.85.17') in ip_network(u'90.4.0.0/16')
'''
)
self
.
createAndRunScript
(
'''
from ipaddress import ip_interface
return ip_interface(u'90.4.85.17').with_prefixlen
'''
)
self
.
createAndRunScript
(
'''
from ipaddress import ip_address
return ip_address(u'2a01:cb14:818:0:7312:e251:f251:ffbe').is_global
'''
)
self
.
createAndRunScript
(
'''
from ipaddress import ip_network
return ip_network(u'2a01:cb14:818:0:7312:e251:f251::/112').is_private
'''
)
self
.
createAndRunScript
(
'''
from ipaddress import ip_address, ip_network
return ip_address(u'2a01:cb14:818:0:7312:e251:f251:ffbe') in ip_network(u'2a01:cb14:818:0:7312:e251:f251::/112')
'''
)
self
.
createAndRunScript
(
'''
from ipaddress import ip_interface
return ip_interface(u'2a01:cb14:818:0:7312:e251:f251:ffbe').with_prefixlen
'''
)
def
test_suite
():
suite
=
unittest
.
TestSuite
()
...
...
product/ERP5/bootstrap/erp5_core/ToolComponentTemplateItem/portal_components/tool.erp5.SessionTool.py
View file @
ad3b49c2
...
...
@@ -92,11 +92,11 @@ class Session(UserDict):
# used to set duration of session
session_duration
=
None
# a handle to current aquisition context
# a handle to current a
c
quisition context
_aq_context
=
None
def
__getstate__
(
self
):
"""filter out acqusition wrappers when serializing.
"""filter out acqu
i
sition wrappers when serializing.
"""
state
=
{
'session_duration'
:
self
.
session_duration
,
...
...
@@ -107,12 +107,12 @@ class Session(UserDict):
return
state
def
_updatecontext
(
self
,
aq_context
):
""" Update current aquisition context. """
""" Update current a
c
quisition context. """
self
.
_aq_context
=
aq_context
def
__getitem__
(
self
,
key
):
if
key
in
self
.
data
:
# returned it wrapped in aquisition context
# returned it wrapped in a
c
quisition context
return
restore_acquisition_wrapper
(
self
.
data
[
key
],
self
.
_aq_context
)
raise
KeyError
(
key
)
...
...
@@ -213,10 +213,10 @@ class SessionTool(BaseTool):
shopping_cart = session['shopping_cart']
Please note that:
- developer is responsible for handling an unique session
d
_id (using cookies for example).
- developer is responsible for handling an unique session_id (using cookies for example).
- it's not recommended to store in portal_sessions ZODB persistent objects because in order
to store them in Local RAM portal_sessions tool will remove aquisition wrapper. At "get"
request they'll be retur
en
d wrapped.
to store them in Local RAM portal_sessions tool will remove a
c
quisition wrapper. At "get"
request they'll be retur
ne
d wrapped.
- developer can store temporary ERP5 documents like 'TempOrder', but keep
in mind that after making changes to temporary documents they need to be
saved again in portal_sessions, so:
...
...
product/ERP5Type/patches/CMFCoreSkinnable.py
View file @
ad3b49c2
...
...
@@ -201,7 +201,7 @@ class SkinDataCleanup:
if
skindata
is
not
None
:
if
self
.
hashSkinData
(
skindata
)
==
self
.
skindata_id
:
try
:
# Entry might have already disapeared. Ignore.
# Entry might have already disap
p
eared. Ignore.
del
SKINDATA
[
tid
]
except
KeyError
:
pass
...
...
product/ERP5Type/patches/Restricted.py
View file @
ad3b49c2
...
...
@@ -574,3 +574,12 @@ else:
allow_full_write
(
pd
.
core
.
indexing
.
_LocIndexer
)
allow_full_write
(
pd
.
MultiIndex
)
allow_full_write
(
pd
.
Index
)
import
ipaddress
allow_module
(
'ipaddress'
)
allow_type
(
ipaddress
.
IPv4Address
)
allow_type
(
ipaddress
.
IPv6Address
)
allow_type
(
ipaddress
.
IPv4Network
)
allow_type
(
ipaddress
.
IPv6Network
)
allow_type
(
ipaddress
.
IPv4Interface
)
allow_type
(
ipaddress
.
IPv6Interface
)
product/ERP5Type/tests/ERP5TypeLiveTestCase.py
View file @
ad3b49c2
...
...
@@ -80,14 +80,14 @@ class ERP5TypeLiveTestCase(ERP5TypeTestCaseMixin):
def
getPortal
(
self
):
"""Returns the portal object, i.e. the "fixture root".
Rewrap the portal in an independ
a
nt request for this test.
Rewrap the portal in an independ
e
nt request for this test.
"""
if
self
.
portal
is
not
None
:
return
self
.
portal
from
Products.ERP5.ERP5Site
import
getSite
site
=
getSite
()
# reconstruct the acquis
tion chain with an independa
nt request.
# reconstruct the acquis
ition chain with an independe
nt request.
# RequestContainer -> Application -> Site
from
Testing.makerequest
import
makerequest
environ
=
{}
...
...
product/ERP5Type/tests/ERP5TypeTestCase.py
View file @
ad3b49c2
...
...
@@ -550,7 +550,7 @@ class ERP5TypeTestCaseMixin(ProcessingNodeTestCase, PortalTestCase):
User password is the reference.
"""
user
=
self
.
createUser
(
reference
,
person_kw
=
dict
(
title
=
title
))
assignment
=
self
.
createUserAssign
e
ment
(
user
,
assignment_kw
=
dict
(
function
=
function
))
assignment
=
self
.
createUserAssignment
(
user
,
assignment_kw
=
dict
(
function
=
function
))
return
user
def
createUser
(
self
,
reference
,
password
=
None
,
person_kw
=
None
):
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment