moo.core.tests.test_security_context
Security tests: ContextManager state and invoke() guards.
Covers: caller_stack copy, context read-only descriptor, set_task_perms wizard check, invoke() periodic/cron/execute permission checks (passes 2, 3, 7).
Functions
Known gap (information disclosure): context.caller_stack returns a copy of the live stack (preventing mutation), but each frame dict contains 'previous_caller' — a live Object reference. |
|
ContextManager.get('caller_stack') must return a copy of the stack list. |
|
Directly assigning context.caller must raise AttributeError. |
|
Verb code must not be able to shadow context.caller via _write_ assignment. |
|
context.parser returns the Parser instance for the current command. |
|
context.task_id returns the Celery task ID string (or None outside a task). |
|
context.writer is the same callable that the sandbox's print() uses internally (_print_._call_print calls writer(s)). |
|
invoke() must call can_caller("execute", verb) before dispatching. |
|
invoke(..., cron=...) raises UserError when called by a non-wizard. |
|
invoke() unconditionally overwrites caller_id, player_id, this_id, and verb_name with values derived from the authenticated context after merging any verb-supplied kwargs. |
|
invoke() without periodic/cron must not raise for non-wizards. |
|
invoke(..., periodic=True) raises UserError when called by a non-wizard. |
|
|
invoke(verb, delay=60, periodic=True) is wizard-gated and returns a live PeriodicTask model instance. |
|
set_task_perms() raises UserError when called by a non-wizard. |