Skip to content

Commit a3c6472

Browse files
committed
Python: Improve django tests (and prepare for v2 + v3 support)
1 parent 990d1c1 commit a3c6472

File tree

4 files changed

+45
-33
lines changed

4 files changed

+45
-33
lines changed
Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,10 @@
1-
| views.py:7:25:7:63 | django.Response(...) | externally controlled string |
2-
| views.py:11:25:11:52 | django.Response(...) | externally controlled string |
3-
| views.py:15:25:15:53 | django.Response(...) | externally controlled string |
4-
| views.py:23:29:23:60 | django.Response(...) | externally controlled string |
5-
| views.py:29:29:29:65 | django.Response(...) | externally controlled string |
6-
| views.py:34:25:34:63 | django.Response(...) | externally controlled string |
7-
| views.py:38:25:38:70 | django.Response(...) | externally controlled string |
1+
| views_1x.py:8:25:8:63 | django.Response(...) | externally controlled string |
2+
| views_1x.py:12:25:12:52 | django.Response(...) | externally controlled string |
3+
| views_1x.py:16:25:16:53 | django.Response(...) | externally controlled string |
4+
| views_1x.py:21:15:21:42 | django.Response.write(...) | externally controlled string |
5+
| views_1x.py:30:29:30:60 | django.Response(...) | externally controlled string |
6+
| views_1x.py:36:29:36:65 | django.Response(...) | externally controlled string |
7+
| views_1x.py:41:25:41:63 | django.Response(...) | externally controlled string |
8+
| views_1x.py:45:25:45:70 | django.Response(...) | externally controlled string |
9+
| views_1x.py:66:25:66:55 | django.Response(...) | externally controlled string |
10+
| views_1x.py:75:25:75:33 | django.Response(...) | externally controlled string |
Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,20 @@
1-
| test.py:5:19:5:25 | request | django.request.HttpRequest |
2-
| test.py:5:28:5:31 | path | externally controlled string |
3-
| test.py:11:19:11:25 | request | django.request.HttpRequest |
4-
| test.py:11:28:11:31 | path | externally controlled string |
5-
| views.py:6:19:6:25 | request | django.request.HttpRequest |
6-
| views.py:6:28:6:30 | foo | externally controlled string |
7-
| views.py:6:33:6:35 | bar | externally controlled string |
8-
| views.py:10:20:10:26 | request | django.request.HttpRequest |
9-
| views.py:14:21:14:27 | request | django.request.HttpRequest |
10-
| views.py:22:20:22:26 | request | django.request.HttpRequest |
11-
| views.py:28:19:28:25 | request | django.request.HttpRequest |
12-
| views.py:32:19:32:25 | request | django.request.HttpRequest |
13-
| views.py:32:28:32:38 | page_number | externally controlled string |
14-
| views.py:37:24:37:30 | request | django.request.HttpRequest |
15-
| views.py:37:33:37:36 | arg0 | externally controlled string |
16-
| views.py:37:39:37:42 | arg1 | externally controlled string |
17-
| views.py:57:15:57:21 | request | django.request.HttpRequest |
18-
| views.py:57:24:57:31 | username | externally controlled string |
19-
| views.py:66:30:66:36 | request | django.request.HttpRequest |
1+
| test_1x.py:6:19:6:25 | request | django.request.HttpRequest |
2+
| test_1x.py:6:28:6:31 | path | externally controlled string |
3+
| test_1x.py:12:19:12:25 | request | django.request.HttpRequest |
4+
| test_1x.py:12:28:12:31 | path | externally controlled string |
5+
| views_1x.py:7:19:7:25 | request | django.request.HttpRequest |
6+
| views_1x.py:7:28:7:30 | foo | externally controlled string |
7+
| views_1x.py:7:33:7:35 | bar | externally controlled string |
8+
| views_1x.py:11:20:11:26 | request | django.request.HttpRequest |
9+
| views_1x.py:15:21:15:27 | request | django.request.HttpRequest |
10+
| views_1x.py:19:21:19:27 | request | django.request.HttpRequest |
11+
| views_1x.py:29:20:29:26 | request | django.request.HttpRequest |
12+
| views_1x.py:35:19:35:25 | request | django.request.HttpRequest |
13+
| views_1x.py:39:19:39:25 | request | django.request.HttpRequest |
14+
| views_1x.py:39:28:39:38 | page_number | externally controlled string |
15+
| views_1x.py:44:24:44:30 | request | django.request.HttpRequest |
16+
| views_1x.py:44:33:44:36 | arg0 | externally controlled string |
17+
| views_1x.py:44:39:44:42 | arg1 | externally controlled string |
18+
| views_1x.py:65:15:65:21 | request | django.request.HttpRequest |
19+
| views_1x.py:65:24:65:31 | username | externally controlled string |
20+
| views_1x.py:74:13:74:19 | request | django.request.HttpRequest |

python/ql/test/library-tests/web/django/test.py renamed to python/ql/test/library-tests/web/django/test_1x.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
"""tests for Django 1.x"""
12
from django.conf.urls import url
23
from django.shortcuts import redirect, render
34

python/ql/test/library-tests/web/django/views.py renamed to python/ql/test/library-tests/web/django/views_1x.py

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
"""test of views for Django 1.x"""
12
from django.conf.urls import patterns, url
23
from django.http.response import HttpResponse
34
from django.views.generic import View
@@ -15,6 +16,12 @@ def post_params_xss(request):
1516
return HttpResponse(request.POST.get("untrusted"))
1617

1718

19+
def http_resp_write(request):
20+
rsp = HttpResponse()
21+
rsp.write(request.GET.get("untrusted"))
22+
return rsp
23+
24+
1825
class Foo(object):
1926
# Note: since Foo is used as the super type in a class view, it will be able to handle requests.
2027

@@ -42,6 +49,7 @@ def xxs_positional_arg(request, arg0, arg1, no_taint=None):
4249
url(r'^url_match/(?P<foo>[^/]+)/(?P<bar>[^/]+)$', url_match_xss),
4350
url(r'^get_params$', get_params_xss),
4451
url(r'^post_params$', post_params_xss),
52+
url(r'^http_resp_write$', http_resp_write),
4553
url(r'^class_view/(?P<untrusted>.+)$', ClassView.as_view()),
4654

4755
# one pattern to support `articles/page-<n>` and ensuring that articles/ goes to page-1
@@ -51,22 +59,21 @@ def xxs_positional_arg(request, arg0, arg1, no_taint=None):
5159
url(r'^([^/]+)/(?:foo|bar)/([^/]+)$', xxs_positional_arg, name='xxs_positional_arg'),
5260
]
5361

54-
62+
################################################################################
5563
# Using patterns() for routing
5664

5765
def show_user(request, username):
58-
pass
66+
return HttpResponse('show_user {}'.format(username))
5967

6068

6169
urlpatterns = patterns(url(r'^users/(?P<username>[^/]+)$', show_user))
6270

63-
71+
################################################################################
6472
# Show we understand the keyword arguments to django.conf.urls.url
6573

66-
def we_understand_url_kwargs(request):
67-
pass
68-
74+
def kw_args(request):
75+
return HttpResponse('kw_args')
6976

7077
urlpatterns = [
71-
url(view=we_understand_url_kwargs, regex=r'^specifying-as-kwargs-is-not-a-problem$')
78+
url(view=kw_args, regex=r'^kw_args$')
7279
]

0 commit comments

Comments
 (0)