[Python-checkins] r55633 - in python/branches/bcannon-objcap: run_security_tests.py tests/README tests/fail/builtin_execfile--NameError.py tests/fail/builtin_execfile.py tests/fail/builtin_open--NameError.py tests/fail/builtin_open.py tests/fail/execfile__builtin__--AttributeError.py tests/fail/execfile__builtins__--AttributeError.py tests/fail/file_constructor--TypeError.py tests/fail/file_constructor.py tests/fail/import_unsafe_builtin--ImportError.py tests/fail/import_unsafe_builtin.py tests/fail/import_unsafe_extension--ImportError.py tests/fail/import_unsafe_extension.py tests/fail/open__builtin__--AttributeError.py tests/fail/open__builtins__--AttributeError.py
brett.cannon
python-checkins at python.org
Tue May 29 03:51:05 CEST 2007
Author: brett.cannon
Date: Tue May 29 03:51:00 2007
New Revision: 55633
Added:
python/branches/bcannon-objcap/tests/fail/builtin_execfile.py (contents, props changed)
python/branches/bcannon-objcap/tests/fail/builtin_open.py (contents, props changed)
python/branches/bcannon-objcap/tests/fail/file_constructor.py
- copied, changed from r55632, python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py
python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin.py (contents, props changed)
python/branches/bcannon-objcap/tests/fail/import_unsafe_extension.py
- copied, changed from r55632, python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py
Removed:
python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py
python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py
python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py
python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py
python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py
python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py
python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py
python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py
python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py
Modified:
python/branches/bcannon-objcap/run_security_tests.py
python/branches/bcannon-objcap/tests/README
Log:
Rework tests such that 'fail' tests actually output nothing to the terminal and
isntead use try/except statements to verify that the proper thing occurred.
This led to consolidating several tests into single files.
Modified: python/branches/bcannon-objcap/run_security_tests.py
==============================================================================
--- python/branches/bcannon-objcap/run_security_tests.py (original)
+++ python/branches/bcannon-objcap/run_security_tests.py Tue May 29 03:51:00 2007
@@ -25,7 +25,7 @@
debug_refs_regex = re.compile(r"^\[\d+ refs\]$")
-def verify_succeed_test(test_name, stderr):
+def verify_no_output(test_name, stderr):
"""Should only have debug build output.
Does not work for non-debug builds!
@@ -36,15 +36,15 @@
return True
-def verify_fail_test(test_name, stderr):
+def verify_exception(test_name, stderr):
"""Should have an exception line with the proper exception raised."""
exc_name = test_name.split('--')[1]
if not re.search('^'+exc_name, stderr, re.MULTILINE):
return False
return True
-for type_, verifier in (('succeed', verify_succeed_test),
- ('fail', verify_fail_test)):
+for type_, verifier in (('succeed', verify_no_output),
+ ('fail', verify_no_output)):
failures = run_tests(type_, verifier)
if failures:
print '%s failures: %s' % (len(failures), ', '.join(failures))
Modified: python/branches/bcannon-objcap/tests/README
==============================================================================
--- python/branches/bcannon-objcap/tests/README (original)
+++ python/branches/bcannon-objcap/tests/README Tue May 29 03:51:00 2007
@@ -1,5 +1,23 @@
-The 'succeed' directory contains files that when run should always run to
-conclusion without failure.
+==========
+How to Use
+==========
-The 'fail' directory has files that should always raise the exception specified
-in the file's name.
+Run the test driver ``../run_security_tests.py`` with a standard Python
+interpreter. The driver will execute the scripts using 'subprocess' and the
+``../secure_python.exe`` interpreter.
+
+
+==============
+Types of Tests
+==============
+
+* succeed
+ All tests in this directory represent code that should always work in a
+ secured interpreter.
+
+* fail
+ Tests that contain code that should not work in a secured interpreter. All
+ insecure code should be contained with in proper try/except statements.
+ The smallest amount of code required to test a security feature should be
+ within each try/except statement (of which there may be several within a
+ single file).
Deleted: /python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py
==============================================================================
--- /python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py Tue May 29 03:51:00 2007
+++ (empty file)
@@ -1,2 +0,0 @@
-"""'execfile' should not be in the built-in namespace."""
-_ = execfile
Added: python/branches/bcannon-objcap/tests/fail/builtin_execfile.py
==============================================================================
--- (empty file)
+++ python/branches/bcannon-objcap/tests/fail/builtin_execfile.py Tue May 29 03:51:00 2007
@@ -0,0 +1,16 @@
+"""The built-in execfile should not be reachable."""
+try:
+ _ = execfile
+except NameError:
+ pass
+
+try:
+ import __builtin__
+ __builtin__.execfile
+except AttributeError:
+ pass
+
+try:
+ __builtins__.execfile
+except AttributeError:
+ pass
Deleted: /python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py
==============================================================================
--- /python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py Tue May 29 03:51:00 2007
+++ (empty file)
@@ -1,2 +0,0 @@
-"""'open' should not be in the built-in namespace."""
-_ = open
Added: python/branches/bcannon-objcap/tests/fail/builtin_open.py
==============================================================================
--- (empty file)
+++ python/branches/bcannon-objcap/tests/fail/builtin_open.py Tue May 29 03:51:00 2007
@@ -0,0 +1,16 @@
+"""The built-in 'open' should not be accessible."""
+try:
+ _ = open
+except NameError:
+ pass
+
+try:
+ import __builtin__
+ __builtin__.open
+except AttributeError:
+ pass
+
+try:
+ __builtins__.open
+except AttributeError:
+ pass
Deleted: /python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py
==============================================================================
--- /python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py Tue May 29 03:51:00 2007
+++ (empty file)
@@ -1,3 +0,0 @@
-"""'execfile' should not be accessible from __builtin__."""
-import __builtin__
-__builtin__.execfile
Deleted: /python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py
==============================================================================
--- /python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py Tue May 29 03:51:00 2007
+++ (empty file)
@@ -1,2 +0,0 @@
-"""'execfile' should not be accessible from __builtins__."""
-__builtins__.execfile
Deleted: /python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py
==============================================================================
--- /python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py Tue May 29 03:51:00 2007
+++ (empty file)
@@ -1,2 +0,0 @@
-"""The constructor for 'file' should not work to open a file."""
-_ = file('README', 'r')
Copied: python/branches/bcannon-objcap/tests/fail/file_constructor.py (from r55632, python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py)
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py (original)
+++ python/branches/bcannon-objcap/tests/fail/file_constructor.py Tue May 29 03:51:00 2007
@@ -1,2 +1,5 @@
"""The constructor for 'file' should not work to open a file."""
-_ = file('README', 'r')
+try:
+ _ = file('README', 'r')
+except TypeError:
+ pass
Deleted: /python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py
==============================================================================
--- /python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py Tue May 29 03:51:00 2007
+++ (empty file)
@@ -1,2 +0,0 @@
-"""You should not be able to import non-whitelisted modules, especially sys."""
-import sys
Added: python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin.py
==============================================================================
--- (empty file)
+++ python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin.py Tue May 29 03:51:00 2007
@@ -0,0 +1,5 @@
+"""You should not be able to import non-whitelisted modules, especially sys."""
+try:
+ import sys
+except ImportError:
+ pass
Deleted: /python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py
==============================================================================
--- /python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py Tue May 29 03:51:00 2007
+++ (empty file)
@@ -1,2 +0,0 @@
-"""Importing non-whitelisted extension modules should fail."""
-import thread
Copied: python/branches/bcannon-objcap/tests/fail/import_unsafe_extension.py (from r55632, python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py)
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py (original)
+++ python/branches/bcannon-objcap/tests/fail/import_unsafe_extension.py Tue May 29 03:51:00 2007
@@ -1,2 +1,5 @@
"""Importing non-whitelisted extension modules should fail."""
-import thread
+try:
+ import thread
+except ImportError:
+ pass
Deleted: /python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py
==============================================================================
--- /python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py Tue May 29 03:51:00 2007
+++ (empty file)
@@ -1,3 +0,0 @@
-"""'open' should not exist in __builtin__."""
-import __builtin__
-__builtin__.open
Deleted: /python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py
==============================================================================
--- /python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py Tue May 29 03:51:00 2007
+++ (empty file)
@@ -1,2 +0,0 @@
-"""'open' should not be in __builtins__."""
-__builtins__.open
More information about the Python-checkins
mailing list