[CMF-checkins] CVS: CMF/CMFDefault/tests - test_RegistrationTool.py:1.5

Tres Seaver tseaver at zope.com
Fri May 14 18:16:31 EDT 2004


Update of /cvs-repository/CMF/CMFDefault/tests
In directory cvs.zope.org:/tmp/cvs-serv19879/CMFDefault/tests

Modified Files:
	test_RegistrationTool.py 
Log Message:


  - slurp_release.py:
  
    o Repair breakage due to old python

  - Collector #243:  unchecked member property, 'email', could permit
    injection of mail headers.


=== CMF/CMFDefault/tests/test_RegistrationTool.py 1.4 => 1.5 ===
--- CMF/CMFDefault/tests/test_RegistrationTool.py:1.4	Mon Apr 26 08:14:18 2004
+++ CMF/CMFDefault/tests/test_RegistrationTool.py	Fri May 14 18:16:30 2004
@@ -1,28 +1,77 @@
-from unittest import TestCase, TestSuite, makeSuite, main
+import unittest
+from Products.CMFCore.tests.base.testcase import RequestTest
+
 import Testing
 import Zope
 Zope.startup()
-from Interface.Verify import verifyClass
 
-from Products.CMFDefault.RegistrationTool import RegistrationTool
+class FauxMembershipTool:
+
+    def getMemberById( self, username ):
+        return None
+
+class RegistrationToolTests(RequestTest):
+
+    def _getTargetClass(self):
+
+        from Products.CMFDefault.RegistrationTool import RegistrationTool
+        return RegistrationTool
 
+    def _makeOne(self, *args, **kw):
 
-class RegistrationToolTests(TestCase):
+        return self._getTargetClass()(*args, **kw)
 
     def test_interface(self):
         from Products.CMFCore.interfaces.portal_registration \
                 import portal_registration as IRegistrationTool
         from Products.CMFCore.interfaces.portal_actions \
                 import ActionProvider as IActionProvider
+        from Interface.Verify import verifyClass
+
+        verifyClass(IRegistrationTool, self._getTargetClass())
+        verifyClass(IActionProvider, self._getTargetClass())
+
+
+    def test_testPropertiesValidity_new_invalid_email( self ):
+
+        tool = self._makeOne().__of__( self.root )
+        self.root.portal_membership = FauxMembershipTool()
+
+        props = { 'email' : 'this is not an e-mail address'
+                , 'username' : 'username'
+                }
+
+        result = tool.testPropertiesValidity( props, None )
+
+        self.failIf( result is None, 'Invalid e-mail passed inspection' )
+
+    def test_spamcannon_collector_243( self ):
+
+        INJECTED_HEADERS = """
+To:someone at example.com
+cc:another_victim at elsewhere.example.com
+From:someone at example.com
+Subject:Hosed by Spam Cannon!
+
+Spam, spam, spam
+"""
+
+        tool = self._makeOne().__of__( self.root )
+        self.root.portal_membership = FauxMembershipTool()
+
+        props = { 'email' : INJECTED_HEADERS
+                , 'username' : 'username'
+                }
+
+        result = tool.testPropertiesValidity( props, None )
 
-        verifyClass(IRegistrationTool, RegistrationTool)
-        verifyClass(IActionProvider, RegistrationTool)
+        self.failIf( result is None, 'Invalid e-mail passed inspection' )
 
 
 def test_suite():
-    return TestSuite((
-        makeSuite( RegistrationToolTests ),
+    return unittest.TestSuite((
+        unittest.makeSuite( RegistrationToolTests ),
         ))
 
 if __name__ == '__main__':
-    main(defaultTest='test_suite')
+    unittest.main(defaultTest='test_suite')




More information about the CMF-checkins mailing list