Mercurial > p > roundup > code

view test/test_anydbm.py @ 8062:28aa76443f58

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 Directions for fixing: * `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing tracker homes. * `CVE-2024-39125`_ - :ref:`if Referer header is set to a script tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0, directions available for fixing in prior versions. * `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from an issue can contain embedded JavaScript which is executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions available for fixing in prior versions. prior to 2.4.0 release this weekend that fixes the last two CVE's.
author John Rouillard <rouilj@ieee.org>
date Tue, 09 Jul 2024 09:07:09 -0400
parents 3f60a71b0812
children
line wrap: on
line source

#
# Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/)
# This module is free software, and you may redistribute it and/or modify
# under the same terms as Python, so long as this copyright message and
# disclaimer are retained in their original form.
#
# IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR
# DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING
# OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
# BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE.  THE CODE PROVIDED HEREUNDER IS ON AN "AS IS"
# BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
# SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.

import unittest, os, shutil, time
from roundup.backends import get_backend

from .db_test_base import DBTest, ROTest, SchemaTest, ClassicInitTest, config
from .db_test_base import HTMLItemTest, SpecialActionTest
from .rest_common import TestCase as RestTestCase

from roundup.anypy import strings

class anydbmOpener:
    module = get_backend('anydbm')

    def nuke_database(self):
        shutil.rmtree(config.DATABASE)


class anydbmDBTest(anydbmOpener, DBTest, unittest.TestCase):
    pass


class anydbmROTest(anydbmOpener, ROTest, unittest.TestCase):
    pass


class anydbmSchemaTest(anydbmOpener, SchemaTest, unittest.TestCase):
    pass


class anydbmClassicInitTest(ClassicInitTest, unittest.TestCase):
    backend = 'anydbm'


class anydbmHTMLItemTest(HTMLItemTest, unittest.TestCase):
    backend = 'anydbm'


from .session_common import SessionTest
class anydbmSessionTest(anydbmOpener, SessionTest, unittest.TestCase):
    s2b = lambda x,y: strings.s2b(y)

    def get_ts(self):
        return (self.sessions.get('random_session', '__timestamp'),)

    def testDbType(self):
        self.assertIn("back_anydbm", repr(self.db))
        self.assertIn("roundup.backends.sessions_dbm.Sessions", repr(self.db.Session))
        
class anydbmSpecialActionTestCase(anydbmOpener, SpecialActionTest,
                                  unittest.TestCase):
    backend = 'anydbm'

class anydbmRestTest (RestTestCase, unittest.TestCase):
    backend = 'anydbm'

# vim: set filetype=python ts=4 sw=4 et si
Roundup Issue Tracker: http://roundup-tracker.org/