[ADD] safe_eval: added some basic YAML tests

bzr revid: odo@openerp.com-20100601083256-sxtg24b585gwfu3h
2010-06-01 10:32:56 +02:00 · 2010-06-01 10:32:56 +02:00 · 534740885e
parent c3397574ff
commit 534740885e
1 changed files with 57 additions and 0 deletions
--- a/bin/addons/base/test/base_test.yml
+++ b/bin/addons/base/test/base_test.yml
@ -0,0 +1,57 @@
+-   |
+    Safe_Eval Scenario:
+    In order to check that common dangerous operations are 
+    not allowed by the safe_eval mechanism, attempt to 
+    evaluate some bad expressions, and verify that it triggers
+    an error.
+-
+    1. Try a few common expressions to verify they work with safe_eval
+-
+    !python {model: ir.model}: |
+        from tools.safe_eval import safe_eval
+        expected = (1, {"a": 9 * 2}, (True, False, None))
+        actual = safe_eval('(1, {"a": 9 * 2}, (True, False, None))')
+        assert actual == expected, "Simple python expressions are not working with safe_eval"
+-
+    2. Try simple literal definition to verify it works with literal_eval
+-
+    !python {model: ir.model}: |
+        from tools.safe_eval import literal_eval
+        expected = (1, {"a": 9}, (True, False, None))
+        actual = literal_eval('(1, {"a": 9}, (True, False, None))')
+        assert actual == expected, "Simple python expressions are not working with literal_eval"
+-
+    3. Try arithmetic expression in literal_eval to verify it does not work
+-
+    !python {model: ir.model}: |
+        from tools.safe_eval import literal_eval
+        try:
+           literal_eval('(1, {"a": 2*9}, (True, False, None))')
+           assert False, "literal_eval should not accept arithmetic expressions"
+        except ValueError:
+           pass
+-
+    4. Try forbidden expressions in literal_eval to verify they are not allowed
+-
+    !python {model: ir.model}: |
+        from tools.safe_eval import literal_eval
+        try:
+           literal_eval('{"a": True.__class__}')
+           assert False, "literal_eval should accept only literals"
+        except ValueError:
+           pass
+-
+    5. Try forbidden expressions in safe_eval to verify they are not allowed (open)
+-
+    !python {model: ir.model}: |
+        from tools.safe_eval import safe_eval
+        try:
+           safe_eval('open("/etc/passwd","r")')
+           assert False, "safe_eval should not allow arbitrary expressions"
+        except NameError:
+           pass
+        except:
+           # NameError should be raised because open() builtin is not found,
+           # but other exceptions probably indicate that open() was executed!
+           assert False, "safe_eval should not allow arbitrary expressions"
+