da8c69afa6
In an effort to help horizon more friendly to OpenStack hacking guidelines, we now gate on H40* violations. Change-Id: Id07294543660368d2f7f5ac363710176ab23b874 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
72 lines
2.4 KiB
Python
72 lines
2.4 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright (c) 2012 OpenStack Foundation
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from django import template
|
|
from django.template import loader
|
|
from openstack_dashboard.test import helpers as test
|
|
|
|
|
|
class FakeUser(object):
|
|
username = "cool user"
|
|
|
|
|
|
class TemplateRenderTest(test.TestCase):
|
|
"""Tests for templates render."""
|
|
|
|
def test_openrc_html_escape(self):
|
|
context = {
|
|
"user": FakeUser(),
|
|
"tenant_id": "some-cool-id",
|
|
"auth_url": "http://tests.com",
|
|
"tenant_name": "ENG Perf R&D"}
|
|
out = loader.render_to_string(
|
|
'project/access_and_security/api_access/openrc.sh.template',
|
|
context,
|
|
template.Context(context))
|
|
|
|
self.assertFalse("&" in out)
|
|
self.assertTrue("ENG Perf R&D" in out)
|
|
|
|
def test_openrc_html_evil_shell_escape(self):
|
|
context = {
|
|
"user": FakeUser(),
|
|
"tenant_id": "some-cool-id",
|
|
"auth_url": "http://tests.com",
|
|
"tenant_name": 'o"; sudo rm -rf /'}
|
|
out = loader.render_to_string(
|
|
'project/access_and_security/api_access/openrc.sh.template',
|
|
context,
|
|
template.Context(context))
|
|
|
|
self.assertFalse('o"' in out)
|
|
self.assertTrue('\"' in out)
|
|
|
|
def test_openrc_html_evil_shell_backslash_escape(self):
|
|
context = {
|
|
"user": FakeUser(),
|
|
"tenant_id": "some-cool-id",
|
|
"auth_url": "http://tests.com",
|
|
"tenant_name": 'o\"; sudo rm -rf /'}
|
|
out = loader.render_to_string(
|
|
'project/access_and_security/api_access/openrc.sh.template',
|
|
context,
|
|
template.Context(context))
|
|
|
|
self.assertFalse('o\"' in out)
|
|
self.assertFalse('o"' in out)
|
|
self.assertTrue('\\"' in out)
|