Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:chajain
python-xmlschema
0002-Raise-error-for-allow-sandbox-when-no-base...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0002-Raise-error-for-allow-sandbox-when-no-base_url-is-pr.patch of Package python-xmlschema
From 3b4e2631b6fb690b145f288d715ce0720ce76b93 Mon Sep 17 00:00:00 2001 From: Daniel Hillier <daniel.hillier@gmail.com> Date: Wed, 3 Jun 2020 13:49:07 +1000 Subject: [PATCH 2/4] Raise error for allow="sandbox" when no base_url is provided. Previously when base_url is None it had the behaviour of "local". This will help people not to forget to supply base_url when using "sandbox". (cherry picked from commit e0aa7f92482a2732ff0e63239bfb5f8c941d8af7) --- xmlschema/resources.py | 6 +++++- xmlschema/tests/test_resources.py | 11 ++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/xmlschema/resources.py b/xmlschema/resources.py index 52dff6f..d4f07ac 100644 --- a/xmlschema/resources.py +++ b/xmlschema/resources.py @@ -348,9 +348,13 @@ class XMLResource(object): raise XMLSchemaResourceError("block access to local resource {}".format(url)) elif is_remote_url(url): raise XMLSchemaResourceError("block access to remote resource {}".format(url)) - elif self.allow == 'local' or self._base_url is None: + elif self.allow == 'local': return else: + if self._base_url is None: + raise XMLSchemaResourceError( + "block access to files out of sandbox requires 'base_url' to be set" + ) path = os.path.normpath(os.path.normcase(urlsplit(url).path)) base_path = os.path.normpath(os.path.normcase(urlsplit(self._base_url).path)) if not path.startswith(base_path): diff --git a/xmlschema/tests/test_resources.py b/xmlschema/tests/test_resources.py index 28fde20..c8264c5 100644 --- a/xmlschema/tests/test_resources.py +++ b/xmlschema/tests/test_resources.py @@ -383,7 +383,9 @@ class TestResources(unittest.TestCase): base_url = resource.base_url XMLResource(self.vh_xml_file, allow='local') - XMLResource(self.vh_xml_file, allow='sandbox') + XMLResource( + self.vh_xml_file, base_url=os.path.dirname(self.vh_xml_file), allow='sandbox' + ) with self.assertRaises(XMLSchemaResourceError) as ctx: XMLResource(self.vh_xml_file, allow='remote') @@ -399,6 +401,13 @@ class TestResources(unittest.TestCase): self.assertEqual(str(ctx.exception), "block access to remote resource https://xmlschema.test/vehicles.xsd") + with self.assertRaises(XMLSchemaResourceError) as ctx: + XMLResource("/tmp/vehicles.xsd", allow='sandbox') + self.assertEqual( + str(ctx.exception), + "block access to files out of sandbox requires 'base_url' to be set", + ) + with self.assertRaises(XMLSchemaResourceError) as ctx: XMLResource("/tmp/vehicles.xsd", base_url=base_url, allow='sandbox') self.assertEqual(str(ctx.exception), -- 2.29.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor