diff options
| author | Tim Graham <timograham@gmail.com> | 2015-08-17 09:34:50 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-09-23 19:31:09 -0400 |
| commit | 04ee4059d71dbc6aa029907e251360eaf00e11bb (patch) | |
| tree | d675a92c2f0beec5e3904c7b02e415d91d8e5c10 /tests/template_tests/syntax_tests | |
| parent | 3af9b70028487be81c4f6ca65ca0d1f2be337e4f (diff) | |
Refs #24022 -- Removed the ssi tag per deprecation timeline.
Diffstat (limited to 'tests/template_tests/syntax_tests')
| -rw-r--r-- | tests/template_tests/syntax_tests/test_ssi.py | 112 |
1 files changed, 0 insertions, 112 deletions
diff --git a/tests/template_tests/syntax_tests/test_ssi.py b/tests/template_tests/syntax_tests/test_ssi.py deleted file mode 100644 index 0fd9af7712..0000000000 --- a/tests/template_tests/syntax_tests/test_ssi.py +++ /dev/null @@ -1,112 +0,0 @@ -from __future__ import unicode_literals - -import os - -from django.template import Context, Engine -from django.test import SimpleTestCase, ignore_warnings -from django.utils.deprecation import RemovedInDjango110Warning - -from ..utils import ROOT, setup - - -@ignore_warnings(category=RemovedInDjango110Warning) -class SsiTagTests(SimpleTestCase): - - # Test normal behavior - @setup({'ssi01': '{%% ssi "%s" %%}' % os.path.join( - ROOT, 'templates', 'ssi_include.html', - )}) - def test_ssi01(self): - output = self.engine.render_to_string('ssi01') - self.assertEqual(output, 'This is for testing an ssi include. {{ test }}\n') - - @setup({'ssi02': '{%% ssi "%s" %%}' % os.path.join( - ROOT, 'not_here', - )}) - def test_ssi02(self): - output = self.engine.render_to_string('ssi02') - self.assertEqual(output, ''), - - @setup({'ssi03': "{%% ssi '%s' %%}" % os.path.join( - ROOT, 'not_here', - )}) - def test_ssi03(self): - output = self.engine.render_to_string('ssi03') - self.assertEqual(output, ''), - - # Test passing as a variable - @setup({'ssi04': '{% ssi ssi_file %}'}) - def test_ssi04(self): - output = self.engine.render_to_string('ssi04', { - 'ssi_file': os.path.join(ROOT, 'templates', 'ssi_include.html') - }) - self.assertEqual(output, 'This is for testing an ssi include. {{ test }}\n') - - @setup({'ssi05': '{% ssi ssi_file %}'}) - def test_ssi05(self): - output = self.engine.render_to_string('ssi05', {'ssi_file': 'no_file'}) - self.assertEqual(output, '') - - # Test parsed output - @setup({'ssi06': '{%% ssi "%s" parsed %%}' % os.path.join( - ROOT, 'templates', 'ssi_include.html', - )}) - def test_ssi06(self): - output = self.engine.render_to_string('ssi06', {'test': 'Look ma! It parsed!'}) - self.assertEqual(output, 'This is for testing an ssi include. ' - 'Look ma! It parsed!\n') - - @setup({'ssi07': '{%% ssi "%s" parsed %%}' % os.path.join( - ROOT, 'not_here', - )}) - def test_ssi07(self): - output = self.engine.render_to_string('ssi07', {'test': 'Look ma! It parsed!'}) - self.assertEqual(output, '') - - # Test space in file name - @setup({'ssi08': '{%% ssi "%s" %%}' % os.path.join( - ROOT, 'templates', 'ssi include with spaces.html', - )}) - def test_ssi08(self): - output = self.engine.render_to_string('ssi08') - self.assertEqual(output, 'This is for testing an ssi include ' - 'with spaces in its name. {{ test }}\n') - - @setup({'ssi09': '{%% ssi "%s" parsed %%}' % os.path.join( - ROOT, 'templates', 'ssi include with spaces.html', - )}) - def test_ssi09(self): - output = self.engine.render_to_string('ssi09', {'test': 'Look ma! It parsed!'}) - self.assertEqual(output, 'This is for testing an ssi include ' - 'with spaces in its name. Look ma! It parsed!\n') - - -@ignore_warnings(category=RemovedInDjango110Warning) -class SSISecurityTests(SimpleTestCase): - - def setUp(self): - self.ssi_dir = os.path.join(ROOT, "templates", "first") - self.engine = Engine(allowed_include_roots=(self.ssi_dir,)) - - def render_ssi(self, path): - # the path must exist for the test to be reliable - self.assertTrue(os.path.exists(path)) - return self.engine.from_string('{%% ssi "%s" %%}' % path).render(Context({})) - - def test_allowed_paths(self): - acceptable_path = os.path.join(self.ssi_dir, "..", "first", "test.html") - self.assertEqual(self.render_ssi(acceptable_path), 'First template\n') - - def test_relative_include_exploit(self): - """ - May not bypass allowed_include_roots with relative paths - - e.g. if allowed_include_roots = ("/var/www",), it should not be - possible to do {% ssi "/var/www/../../etc/passwd" %} - """ - disallowed_paths = [ - os.path.join(self.ssi_dir, "..", "ssi_include.html"), - os.path.join(self.ssi_dir, "..", "second", "test.html"), - ] - for disallowed_path in disallowed_paths: - self.assertEqual(self.render_ssi(disallowed_path), '') |