Mercurial > p > roundup > code
view test/session_common.py @ 5726:e199d0ae4a25
issue2551033: prevent reverse engineering hidden data by using etags
as an oracle to identify when the right data has been
guessed. Identified by Joseph Myers who also suggested remediation
methods. Implemented John Rouillard.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 23 May 2019 18:56:57 -0400 |
| parents | d26921b851c3 |
| children | 95a366d46065 |
line wrap: on
line source
import os, shutil, unittest from .db_test_base import config class SessionTest(object): def setUp(self): # remove previous test, ignore errors if os.path.exists(config.DATABASE): shutil.rmtree(config.DATABASE) os.makedirs(config.DATABASE + '/files') self.db = self.module.Database(config, 'admin') self.sessions = self.db.getSessionManager() self.otks = self.db.getOTKManager() def tearDown(self): if hasattr(self, 'db'): self.db.close() if os.path.exists(config.DATABASE): shutil.rmtree(config.DATABASE) def testList(self): self.sessions.list() self.sessions.set('random_key', text='hello, world!') self.sessions.list() def testGetAll(self): self.sessions.set('random_key', text='hello, world!') self.assertEqual(self.sessions.getall('random_key'), {'text': 'hello, world!'}) def testDestroy(self): self.sessions.set('random_key', text='hello, world!') self.assertEquals(self.sessions.getall('random_key'), {'text': 'hello, world!'}) self.sessions.destroy('random_key') self.assertRaises(KeyError, self.sessions.getall, 'random_key') def testSetSession(self): self.sessions.set('random_key', text='hello, world!') self.assertEqual(self.sessions.get('random_key', 'text'), 'hello, world!') def testUpdateSession(self): self.sessions.set('random_key', text='hello, world!') self.assertEqual(self.sessions.get('random_key', 'text'), 'hello, world!') self.sessions.set('random_key', text='nope') self.assertEqual(self.sessions.get('random_key', 'text'), 'nope')