moo.core.tests.test_security_imports
Security tests: import blocking and allowed-module return-value surfaces.
Covers: ContextManager, _publish_to_player, string module, moo.core submodules, SDK internal names, module attribute traversal, django_celery_beat import block, and re/hashlib/datetime/time return objects.
Functions
from moo.sdk import auth must raise ImportError. |
|
from moo.sdk import code must raise ImportError. |
|
ContextManager is in BLOCKED_IMPORTS for moo.sdk. |
|
datetime.datetime.now() returns a datetime instance. |
|
datetime.timedelta arithmetic returns timedelta instances — safe. |
|
Non-wizards cannot import django_celery_beat either. |
|
django_celery_beat is not in WIZARD_ALLOWED_MODULES or ALLOWED_MODULES. |
|
hashlib.md5(b'data') returns a HASH object. |
|
from moo.sdk import models must raise ImportError. |
|
_publish_to_player must not be accessible from verb code. |
|
re.compile(pattern).match(s) returns a Match object. |
|
re.compile() returns a Pattern whose public attributes are strings/integers. |
|
ContextManager is imported as _ContextManager (underscore alias) in moo/sdk.py. |
|
contextmanager is imported at module level in moo/sdk.py from contextlib. |
|
log is the module-level logging.Logger in moo/sdk.py. |
|
import moo.sdk (bare, no 'as') binds the top-level moo package. |
|
Now that moo.sdk is a package, verb code must not be able to reach its submodules directly. |
|
'string' was removed from ALLOWED_MODULES because string.Formatter.get_field calls CPython's real getattr internally, bypassing safe_getattr and allowing dunder attribute access (e.g. __class__) to reach the Django ORM. |
|
from moo.sdk import tasks must raise ImportError. |
|
time.gmtime() returns a struct_time — a named-tuple-like object. |