[FIX] safe_eval: better exception handling:
- the re-raising of exceptions ignored the "legal" exceptions (the one used to early abort RPC calls and generate pop-ups) - re-raising the exception was attempting to re-use the original exception type but it does not always take only one argument so it was breaking. lp bug: https://launchpad.net/bugs/1146256 fixed bzr revid: vmt@openerp.com-20130320132238-qzo3jptww59ndlch
This commit is contained in:
parent
fa3a3414f2
commit
a51b6912bd
|
@ -47,7 +47,7 @@
|
|||
with mute_logger('openerp.tools.safe_eval'):
|
||||
safe_eval('open("/etc/passwd","r")')
|
||||
assert False, "safe_eval should not allow calling open() builtin"
|
||||
except NameError:
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
-
|
||||
|
|
|
@ -35,4 +35,34 @@ class m(openerp.osv.osv.Model):
|
|||
def generate_undefined(self, cr, uid, ids, context=None):
|
||||
self.surely_undefined_symbol
|
||||
|
||||
|
||||
def generate_except_osv_safe_eval(self, cr, uid, ids, context=None):
|
||||
self.generate_safe_eval(cr, uid, ids, self.generate_except_osv, context)
|
||||
|
||||
def generate_except_orm_safe_eval(self, cr, uid, ids, context=None):
|
||||
self.generate_safe_eval(cr, uid, ids, self.generate_except_orm, context)
|
||||
|
||||
def generate_warning_safe_eval(self, cr, uid, ids, context=None):
|
||||
self.generate_safe_eval(cr, uid, ids, self.generate_warning, context)
|
||||
|
||||
def generate_redirect_warning_safe_eval(self, cr, uid, ids, context=None):
|
||||
self.generate_safe_eval(cr, uid, ids, self.generate_redirect_warning, context)
|
||||
|
||||
def generate_access_denied_safe_eval(self, cr, uid, ids, context=None):
|
||||
self.generate_safe_eval(cr, uid, ids, self.generate_access_denied, context)
|
||||
|
||||
def generate_access_error_safe_eval(self, cr, uid, ids, context=None):
|
||||
self.generate_safe_eval(cr, uid, ids, self.generate_access_error, context)
|
||||
|
||||
def generate_exc_access_denied_safe_eval(self, cr, uid, ids, context=None):
|
||||
self.generate_safe_eval(cr, uid, ids, self.generate_exc_access_denied, context)
|
||||
|
||||
def generate_undefined_safe_eval(self, cr, uid, ids, context=None):
|
||||
self.generate_safe_eval(cr, uid, ids, self.generate_undefined, context)
|
||||
|
||||
|
||||
def generate_safe_eval(self, cr, uid, ids, f, context):
|
||||
globals_dict = { 'generate': lambda *args: f(cr, uid, ids, context) }
|
||||
openerp.tools.safe_eval.safe_eval("generate()", mode='exec', globals_dict=globals_dict)
|
||||
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
|
@ -7,9 +7,11 @@
|
|||
<field name="model">test.exceptions.model</field>
|
||||
<field name="arch" type="xml">
|
||||
<form string="Test exceptions">
|
||||
<label string="Each button generates a specific exception on the server. The text on the right is the expected representation of the exception when displayed on the client."/>
|
||||
<label string="Each button generates a specific exception on the server. The text on the right is the expected representation of the exception when displayed on the client. Button marked with a '*' use safe_eval()."/>
|
||||
<separator string="" colspan="8"/>
|
||||
<group colspan="8" col="8">
|
||||
<group colspan="4" col="8">
|
||||
<group colspan="8" col="8">
|
||||
<separator string="" colspan="8"/>
|
||||
<button name="generate_except_osv" string="except_osv" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Warning-description"/>
|
||||
</group>
|
||||
|
@ -41,6 +43,42 @@
|
|||
<button name="generate_undefined" string="Undefined" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Server error-traceback"/>
|
||||
</group>
|
||||
</group>
|
||||
<group colspan="4" col="8">
|
||||
<group colspan="8" col="8">
|
||||
<button name="generate_except_osv_safe_eval" string="except_osv*" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Warning-description"/>
|
||||
</group>
|
||||
<group colspan="8" col="8">
|
||||
<button name="generate_except_orm_safe_eval" string="except_orm*" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Warning-description"/>
|
||||
</group>
|
||||
<group colspan="8" col="8">
|
||||
<button name="generate_warning_safe_eval" string="Warning*" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Warning-description"/>
|
||||
</group>
|
||||
<group colspan="8" col="8">
|
||||
<button name="generate_redirect_warning_safe_eval" string="RedirectWarning*" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Warning-description-redirection button"/>
|
||||
</group>
|
||||
<group colspan="8" col="8">
|
||||
<button name="generate_access_denied_safe_eval" string="AccessDenied*" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Access denied-traceback"/>
|
||||
</group>
|
||||
<group colspan="8" col="8">
|
||||
<button name="generate_access_error_safe_eval" string="AccessError*" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Access rights error-description"/>
|
||||
</group>
|
||||
<group colspan="8" col="8">
|
||||
<button name="generate_exc_access_denied_safe_eval" string="Exc AccessDenied*" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Access denied-traceback"/>
|
||||
</group>
|
||||
<group colspan="8" col="8">
|
||||
<button name="generate_undefined_safe_eval" string="Undefined*" type="object" icon="gtk-ok" colspan="1"/>
|
||||
<label string="Server error-traceback"/>
|
||||
</group>
|
||||
</group>
|
||||
</group>
|
||||
</form>
|
||||
</field>
|
||||
</record>
|
||||
|
|
|
@ -37,6 +37,8 @@ import logging
|
|||
|
||||
from .misc import ustr
|
||||
|
||||
import openerp
|
||||
|
||||
__all__ = ['test_expr', 'safe_eval', 'const_eval']
|
||||
|
||||
# The time module is usually already provided in the safe_eval environment
|
||||
|
@ -242,9 +244,19 @@ def safe_eval(expr, globals_dict=None, locals_dict=None, mode="eval", nocopy=Fal
|
|||
c = test_expr(expr, _SAFE_OPCODES, mode=mode)
|
||||
try:
|
||||
return eval(c, globals_dict, locals_dict)
|
||||
except openerp.osv.orm.except_orm:
|
||||
raise
|
||||
except openerp.exceptions.Warning:
|
||||
raise
|
||||
except openerp.exceptions.RedirectWarning:
|
||||
raise
|
||||
except openerp.exceptions.AccessDenied:
|
||||
raise
|
||||
except openerp.exceptions.AccessError:
|
||||
raise
|
||||
except Exception, e:
|
||||
import sys
|
||||
exc_info = sys.exc_info()
|
||||
raise exc_info[0], '"%s" while evaluating\n%r' % (ustr(e), expr), exc_info[2]
|
||||
raise ValueError, '"%s" while evaluating\n%r' % (ustr(e), expr), exc_info[2]
|
||||
|
||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||
|
|
Loading…
Reference in New Issue