Mercurial > p > roundup > code

annotate roundup/test/mocknull.py @ 8356:63390dcfcfe9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: fix template use of structure with untrusted data Looks like an xSS bug with an early version of the template that was fixed in the code but never in the deployed tracker. It has been a while since this particular construct has been in the classic template which is the base for the tracker. This has been fixed on the deployed tracker as well. reported by 4bug of ChaMd5 Security Team H1 Group
author John Rouillard <rouilj@ieee.org>
date Tue, 08 Jul 2025 10:23:09 -0400
parents 617d85ce4ac3
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2532
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 class MockNull:
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 def __init__(self, **kwargs):
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 for key, value in kwargs.items():
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 self.__dict__[key] = value
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 def __call__(self, *args, **kwargs): return MockNull()
8260
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
8
2532
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 def __getattr__(self, name):
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 # This allows assignments which assume all intermediate steps are Null
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 # objects if they don't exist yet.
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 #
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 # For example (with just 'client' defined):
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 #
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 # client.db.config.TRACKER_WEB = 'BASE/'
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 self.__dict__[name] = MockNull()
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 return getattr(self, name)
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 def __getitem__(self, key): return self
8260
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
20
5457
a35d4cc8cd1a fix MissingValue / MockNull to return False on __bool__ and add a
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5404
diff changeset
21 def __bool__(self): return False
5404
3757449e00c4 Python 3 preparation: use __bool__ instead of __nonzero__.
Joseph Myers <jsm@polyomino.org.uk>
parents: 2686
diff changeset
22 # Python 2 compatibility:
3757449e00c4 Python 3 preparation: use __bool__ instead of __nonzero__.
Joseph Myers <jsm@polyomino.org.uk>
parents: 2686
diff changeset
23 __nonzero__ = __bool__
8260
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
24
5457
a35d4cc8cd1a fix MissingValue / MockNull to return False on __bool__ and add a
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5404
diff changeset
25 def __contains__(self, key): return False
8260
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
26
5461
ad8031290639 Python 3 compatibility for missing / mock value
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5457
diff changeset
27 def __eq__(self, rhs): return False
8260
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
28
5461
ad8031290639 Python 3 compatibility for missing / mock value
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5457
diff changeset
29 def __ne__(self, rhs): return False
8260
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
30
2532
24d3b25a9157 *** empty log message ***
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 def __str__(self): return ''
8260
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
32
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
33 def __repr__(self): return '<MockNull 0x%x>' % id(self)
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
34
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
35 def gettext(self, string): return string
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
36
2686
79fd8537ae3b .gettext() facility is vital for many roundup objects.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 2532
diff changeset
37 _ = gettext
8260
617d85ce4ac3 chore(ruff): variable renames, formatting, sort imports, use with open
John Rouillard <rouilj@ieee.org>
parents: 6366
diff changeset
38
5699
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5461
diff changeset
39 def get(self, name, default=None):
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5461
diff changeset
40 try:
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5461
diff changeset
41 return self.__dict__[name.lower()]
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5461
diff changeset
42 except KeyError:
b1ab8bd18e79 Adding tests for csrf protection for rest. Also test disabling of
John Rouillard <rouilj@ieee.org>
parents: 5461
diff changeset
43 return default
Roundup Issue Tracker: http://roundup-tracker.org/