tests - testTransientObject.py:1.8.68.2

Jens Vagelpohl Sat, 01 Oct 2005 06:06:14 -0700

Update of /cvs-repository/Products/Transience/tests
In directory 
cvs.zope.org:/tmp/cvs-serv19060/lib/python/Products/Transience/tests


Modified Files:
      Tag: Zope-2_7-branch
        testTransientObject.py 
Log Message:
- Collector #1863: Prevent possibly sensitive information to leak via
  the TransientObject's __repr__ method.


=== Products/Transience/tests/testTransientObject.py 1.8.68.1 => 1.8.68.2 ===
--- Products/Transience/tests/testTransientObject.py:1.8.68.1   Fri May 14 
18:52:13 2004
+++ Products/Transience/tests/testTransientObject.py    Sat Oct  1 09:18:19 2005
@@ -115,6 +115,15 @@
         t.delete('foobie')
         self.assertEqual(t.get('foobie'), None)
 
+    def test_repr_leaking_information(self):
+        # __repr__ used to show all contents, which could lead to sensitive
+        # information being visible in e.g. the ErrorLog object.
+        t = self.t.new('password-storing-session')
+        t.set('__ac_password__', 'secret')
+        self.failIf( repr(t).find('secret') != -1
+                   , '__repr__ leaks: %s' % repr(t)
+                   )
+
 
 def test_suite():
     testsuite = makeSuite(TestTransientObject, 'test')

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

[Zope-Checkins] CVS: Products/Transience/tests - testTransientObject.py:1.8.68.2

Reply via email to