test/sec_test.rb in ruote-0.9.18 vs test/sec_test.rb in ruote-0.9.19
- old
+ new
@@ -5,201 +5,202 @@
# John Mettraux at openwfe.org
#
# Tue Jan 2 13:14:37 JST 2007
#
+require 'rubygems'
+
require 'test/unit'
require 'openwfe/workitem'
require 'openwfe/engine/engine'
class SecTest < Test::Unit::TestCase
- #def setup
- #end
+ #def setup
+ #end
- #def teardown
- #end
+ #def teardown
+ #end
- def test_sec_0
+ def test_sec_0
- engine = OpenWFE::Engine.new
+ engine = OpenWFE::Engine.new
- engine.ac[:ruby_eval_allowed] = true
- engine.ac[:definition_in_launchitem_allowed] = true
+ engine.ac[:ruby_eval_allowed] = true
+ engine.ac[:definition_in_launchitem_allowed] = true
- def0 = \
+ def0 = \
'''<process-definition name="" revision="0">
- <sequence>
- <!--
- <reval>puts "ok"</reval>
- <reval>self.ac[:ruby_eval_allowed] = false</reval>
- <reval>puts self.ac[:ruby_eval_allowed]</reval>
- <reval>puts "ok after"</reval>
- -->
- <reval>File.open("nada.txt") do |f| f.write("nada"); end</reval>
- </sequence>
-</process-definition>'''
+ <sequence>
+ <!--
+ <reval>puts "ok"</reval>
+ <reval>self.ac[:ruby_eval_allowed] = false</reval>
+ <reval>puts self.ac[:ruby_eval_allowed]</reval>
+ <reval>puts "ok after"</reval>
+ -->
+ <reval>File.open("nada.txt") do |f| f.write("nada"); end</reval>
+ </sequence>
+</process-definition>'''
- dotest engine, def0
+ dotest engine, def0
- assert(
- OpenWFE::grep(
- "Insecure operation - initialize",
- "logs/openwferu.log").size > 0)
+ assert(
+ OpenWFE::grep(
+ "exception : .:call, .:const, :File.. is excluded",
+ "logs/openwferu.log").size > 0)
- def2 =
+ def2 =
'''<process-definition name="" revision="0">
- <sequence>
- <reval>
- <![CDATA[
- class << self.ac["engine"]
- def is_secure?
- true
- end
- end
- self.ac["engine"].is_secure?
- ]]>
- </reval>
- </sequence>
-</process-definition>'''
+ <sequence>
+ <reval>
+ <![CDATA[
+ class << self.ac["engine"]
+ def is_secure?
+ true
+ end
+ end
+ self.ac["engine"].is_secure?
+ ]]>
+ </reval>
+ </sequence>
+</process-definition>'''
- dotest(engine, def2)
+ dotest(engine, def2)
- def3 =
+ def3 =
'''<process-definition name="" revision="0">
- <sequence>
- <reval>self.ac[:ruby_eval_allowed] = false</reval>
- <reval>puts self.ac[:ruby_eval_allowed]</reval>
- </sequence>
-</process-definition>'''
+ <sequence>
+ <reval>self.ac[:ruby_eval_allowed] = false</reval>
+ <reval>puts self.ac[:ruby_eval_allowed]</reval>
+ </sequence>
+</process-definition>'''
- dotest(engine, def3)
+ dotest(engine, def3)
- assert OpenWFE::grep(
- "evaluation of ruby code is not allowed", "logs/openwferu.log")
+ assert OpenWFE::grep(
+ "evaluation of ruby code is not allowed", "logs/openwferu.log")
- engine.stop
- end
+ engine.stop
+ end
- def test_sec_0b
+ def test_sec_0b
- engine = OpenWFE::Engine.new
+ engine = OpenWFE::Engine.new
- engine.ac[:ruby_eval_allowed] = true
- engine.ac[:definition_in_launchitem_allowed] = true
+ engine.ac[:ruby_eval_allowed] = true
+ engine.ac[:definition_in_launchitem_allowed] = true
- def1 =
+ def1 =
'''<process-definition name="" revision="0">
- <sequence>
- <reval>
- class Object
- def my_name
- "toto"
- end
- end
- "stringobject".my_name
- </reval>
- </sequence>
-</process-definition>'''
+ <sequence>
+ <reval>
+ class Object
+ def my_name
+ "toto"
+ end
+ end
+ "stringobject".my_name
+ </reval>
+ </sequence>
+</process-definition>'''
- dotest engine, def1
+ dotest engine, def1
- assert_equal(
- 1,
- OpenWFE::grep(
- "undefined method `my_name' for \"stringobject\":String",
- "logs/openwferu.log").size)
- #assert_equal(
- # 1,
- # OpenWFE::grep(
- # "Insecure: can't set constant",
- # "logs/openwferu.log").size)
- #
- # level 4 is too much (can't modify hashes)...
- end
+ assert_equal(
+ 2, # now and previously
+ OpenWFE::grep(
+ 'is forbidden',
+ "logs/openwferu.log").size)
+ #assert_equal(
+ # 1,
+ # OpenWFE::grep(
+ # "Insecure: can't set constant",
+ # "logs/openwferu.log").size)
+ #
+ # level 4 is too much (can't modify hashes)...
+ end
- XMLDEF =
+ XMLDEF =
'''<process-definition name="" revision="0">
- <sequence>
- <set field="f" value="${ruby:5*7}" />
- <toto/>
- </sequence>
-</process-definition>'''
+ <sequence>
+ <set field="f" value="${ruby:5*7}" />
+ <toto/>
+ </sequence>
+</process-definition>'''
- def test_sec_1
+ def test_sec_1
- value = nil
+ value = nil
- engine = OpenWFE::Engine.new :definition_in_launchitem_allowed => true
+ engine = OpenWFE::Engine.new :definition_in_launchitem_allowed => true
- engine.register_participant(:toto) do |workitem|
+ engine.register_participant(:toto) do |workitem|
- workitem.attributes.delete("___map_type")
- #
- # if the xmlencoder was used in previous, this field
- # might be set, removing it.
+ workitem.attributes.delete("___map_type")
+ #
+ # if the xmlencoder was used in previous, this field
+ # might be set, removing it.
- value = "#{workitem.attributes.size}_#{workitem.f}"
- end
+ value = "#{workitem.attributes.size}_#{workitem.f}"
+ end
- engine.launch XMLDEF
+ engine.launch XMLDEF
- sleep 0.350
+ sleep 0.350
- assert_equal "3_", value
+ assert_equal "3_", value
- engine.stop
- end
-
- def test_sec_1b
+ engine.stop
+ end
- value = nil
+ def test_sec_1b
- engine = OpenWFE::Engine.new
+ value = nil
- engine.register_participant(:toto) do |workitem|
+ engine = OpenWFE::Engine.new
- workitem.attributes.delete("___map_type")
- #
- # if the xmlencoder was used in previous, this field
- # might be set, removing it.
+ engine.register_participant(:toto) do |workitem|
- value = "#{workitem.attributes.size}_#{workitem.f}"
- end
+ workitem.attributes.delete("___map_type")
+ #
+ # if the xmlencoder was used in previous, this field
+ # might be set, removing it.
- engine.ac[:ruby_eval_allowed] = true
- engine.ac[:definition_in_launchitem_allowed] = true
+ value = "#{workitem.attributes.size}_#{workitem.f}"
+ end
- engine.launch XMLDEF
+ engine.ac[:ruby_eval_allowed] = true
+ engine.ac[:definition_in_launchitem_allowed] = true
- sleep 0.350
+ engine.launch XMLDEF
- assert_equal "3_35", value
+ sleep 0.350
- engine.stop
- end
+ assert_equal "3_35", value
- def test_sec_2
+ engine.stop
+ end
- assert_equal 35, Rufus::eval_safely("5*7", 4)
- assert_equal 35, Rufus::eval_safely("5*7", 4, binding())
- end
+ def test_sec_2
- protected
+ assert_not_nil OpenWFE::TreeChecker.new(nil, {}).check("5*7")
+ end
- def dotest (engine, def_or_li)
+ protected
- li = if def_or_li.is_a?(OpenWFE::LaunchItem)
- def_or_li
- else
- OpenWFE::LaunchItem.new(def_or_li)
- end
-
- engine.launch(li)
+ def dotest (engine, def_or_li)
- sleep 0.350
- end
+ li = if def_or_li.is_a?(OpenWFE::LaunchItem)
+ def_or_li
+ else
+ OpenWFE::LaunchItem.new(def_or_li)
+ end
+
+ engine.launch(li)
+
+ sleep 0.350
+ end
end