Linux server.edchosting.com 4.18.0-553.79.1.lve.el7h.x86_64 #1 SMP Wed Oct 15 16:34:46 UTC 2025 x86_64
LiteSpeed
Server IP : 75.98.162.185 & Your IP : 216.73.216.163
Domains :
Cant Read [ /etc/named.conf ]
User : goons4good
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
lib /
python2.7 /
site-packages /
jinja2 /
testsuite /
Delete
Unzip
Name
Size
Permission
Date
Action
res
[ DIR ]
drwxr-xr-x
2021-09-16 14:49
__init__.py
4.53
KB
-rw-r--r--
2013-08-07 07:31
__init__.pyc
6.32
KB
-rw-r--r--
2019-06-10 15:14
__init__.pyo
6.32
KB
-rw-r--r--
2019-06-10 15:14
api.py
10.14
KB
-rw-r--r--
2014-01-10 05:14
api.pyc
12.96
KB
-rw-r--r--
2019-06-10 15:14
api.pyo
11.26
KB
-rw-r--r--
2019-06-10 15:14
bytecode_cache.py
928
B
-rw-r--r--
2013-08-07 07:31
bytecode_cache.pyc
1.6
KB
-rw-r--r--
2019-06-10 15:14
bytecode_cache.pyo
1.52
KB
-rw-r--r--
2019-06-10 15:14
core_tags.py
11.58
KB
-rw-r--r--
2013-07-26 12:00
core_tags.pyc
17.46
KB
-rw-r--r--
2019-06-10 15:14
core_tags.pyo
14.64
KB
-rw-r--r--
2019-06-10 15:14
debug.py
1.89
KB
-rw-r--r--
2013-07-26 12:00
debug.pyc
3.05
KB
-rw-r--r--
2019-06-10 15:14
debug.pyo
3.05
KB
-rw-r--r--
2019-06-10 15:14
doctests.py
905
B
-rw-r--r--
2013-07-26 12:00
doctests.pyc
1.16
KB
-rw-r--r--
2019-06-10 15:14
doctests.pyo
1.16
KB
-rw-r--r--
2019-06-10 15:14
ext.py
17.66
KB
-rw-r--r--
2014-01-10 05:14
ext.pyc
22.57
KB
-rw-r--r--
2019-06-10 15:14
ext.pyo
18.96
KB
-rw-r--r--
2019-06-10 15:14
filters.py
18.72
KB
-rw-r--r--
2014-01-10 05:14
filters.pyc
28.54
KB
-rw-r--r--
2019-06-10 15:14
filters.pyo
24.28
KB
-rw-r--r--
2019-06-10 15:14
imports.py
5.21
KB
-rw-r--r--
2013-08-07 09:28
imports.pyc
6.66
KB
-rw-r--r--
2019-06-10 15:14
imports.pyo
5.69
KB
-rw-r--r--
2019-06-10 15:14
inheritance.py
8.05
KB
-rw-r--r--
2013-07-26 12:00
inheritance.pyc
10.33
KB
-rw-r--r--
2019-06-10 15:14
inheritance.pyo
8.32
KB
-rw-r--r--
2019-06-10 15:14
lexnparse.py
21.79
KB
-rw-r--r--
2014-01-10 05:14
lexnparse.pyc
32.97
KB
-rw-r--r--
2019-06-10 15:14
lexnparse.pyo
27.24
KB
-rw-r--r--
2019-06-10 15:14
loader.py
7.97
KB
-rw-r--r--
2013-07-26 12:00
loader.pyc
10.38
KB
-rw-r--r--
2019-06-10 15:14
loader.pyo
9
KB
-rw-r--r--
2019-06-10 15:14
regression.py
8.19
KB
-rw-r--r--
2013-07-26 12:00
regression.pyc
11.46
KB
-rw-r--r--
2019-06-10 15:14
regression.pyo
9.96
KB
-rw-r--r--
2019-06-10 15:14
security.py
6.06
KB
-rw-r--r--
2013-07-26 12:00
security.pyc
8.37
KB
-rw-r--r--
2019-06-10 15:14
security.pyo
7.4
KB
-rw-r--r--
2019-06-10 15:14
tests.py
2.8
KB
-rw-r--r--
2014-01-10 05:14
tests.pyc
4.7
KB
-rw-r--r--
2019-06-10 15:14
tests.pyo
4.05
KB
-rw-r--r--
2019-06-10 15:14
utils.py
2.18
KB
-rw-r--r--
2013-07-26 12:00
utils.pyc
3.49
KB
-rw-r--r--
2019-06-10 15:14
utils.pyo
3.19
KB
-rw-r--r--
2019-06-10 15:14
Save
Rename
# -*- coding: utf-8 -*- """ jinja2.testsuite.security ~~~~~~~~~~~~~~~~~~~~~~~~~ Checks the sandbox and other security features. :copyright: (c) 2010 by the Jinja Team. :license: BSD, see LICENSE for more details. """ import unittest from jinja2.testsuite import JinjaTestCase from jinja2 import Environment from jinja2.sandbox import SandboxedEnvironment, \ ImmutableSandboxedEnvironment, unsafe from jinja2 import Markup, escape from jinja2.exceptions import SecurityError, TemplateSyntaxError, \ TemplateRuntimeError from jinja2._compat import text_type class PrivateStuff(object): def bar(self): return 23 @unsafe def foo(self): return 42 def __repr__(self): return 'PrivateStuff' class PublicStuff(object): bar = lambda self: 23 _foo = lambda self: 42 def __repr__(self): return 'PublicStuff' class SandboxTestCase(JinjaTestCase): def test_unsafe(self): env = SandboxedEnvironment() self.assert_raises(SecurityError, env.from_string("{{ foo.foo() }}").render, foo=PrivateStuff()) self.assert_equal(env.from_string("{{ foo.bar() }}").render(foo=PrivateStuff()), '23') self.assert_raises(SecurityError, env.from_string("{{ foo._foo() }}").render, foo=PublicStuff()) self.assert_equal(env.from_string("{{ foo.bar() }}").render(foo=PublicStuff()), '23') self.assert_equal(env.from_string("{{ foo.__class__ }}").render(foo=42), '') self.assert_equal(env.from_string("{{ foo.func_code }}").render(foo=lambda:None), '') # security error comes from __class__ already. self.assert_raises(SecurityError, env.from_string( "{{ foo.__class__.__subclasses__() }}").render, foo=42) def test_immutable_environment(self): env = ImmutableSandboxedEnvironment() self.assert_raises(SecurityError, env.from_string( '{{ [].append(23) }}').render) self.assert_raises(SecurityError, env.from_string( '{{ {1:2}.clear() }}').render) def test_restricted(self): env = SandboxedEnvironment() self.assert_raises(TemplateSyntaxError, env.from_string, "{% for item.attribute in seq %}...{% endfor %}") self.assert_raises(TemplateSyntaxError, env.from_string, "{% for foo, bar.baz in seq %}...{% endfor %}") def test_markup_operations(self): # adding two strings should escape the unsafe one unsafe = '<script type="application/x-some-script">alert("foo");</script>' safe = Markup('<em>username</em>') assert unsafe + safe == text_type(escape(unsafe)) + text_type(safe) # string interpolations are safe to use too assert Markup('<em>%s</em>') % '<bad user>' == \ '<em><bad user></em>' assert Markup('<em>%(username)s</em>') % { 'username': '<bad user>' } == '<em><bad user></em>' # an escaped object is markup too assert type(Markup('foo') + 'bar') is Markup # and it implements __html__ by returning itself x = Markup("foo") assert x.__html__() is x # it also knows how to treat __html__ objects class Foo(object): def __html__(self): return '<em>awesome</em>' def __unicode__(self): return 'awesome' assert Markup(Foo()) == '<em>awesome</em>' assert Markup('<strong>%s</strong>') % Foo() == \ '<strong><em>awesome</em></strong>' # escaping and unescaping assert escape('"<>&\'') == '"<>&'' assert Markup("<em>Foo & Bar</em>").striptags() == "Foo & Bar" assert Markup("<test>").unescape() == "<test>" def test_template_data(self): env = Environment(autoescape=True) t = env.from_string('{% macro say_hello(name) %}' '<p>Hello {{ name }}!</p>{% endmacro %}' '{{ say_hello("<blink>foo</blink>") }}') escaped_out = '<p>Hello <blink>foo</blink>!</p>' assert t.render() == escaped_out assert text_type(t.module) == escaped_out assert escape(t.module) == escaped_out assert t.module.say_hello('<blink>foo</blink>') == escaped_out assert escape(t.module.say_hello('<blink>foo</blink>')) == escaped_out def test_attr_filter(self): env = SandboxedEnvironment() tmpl = env.from_string('{{ cls|attr("__subclasses__")() }}') self.assert_raises(SecurityError, tmpl.render, cls=int) def test_binary_operator_intercepting(self): def disable_op(left, right): raise TemplateRuntimeError('that operator so does not work') for expr, ctx, rv in ('1 + 2', {}, '3'), ('a + 2', {'a': 2}, '4'): env = SandboxedEnvironment() env.binop_table['+'] = disable_op t = env.from_string('{{ %s }}' % expr) assert t.render(ctx) == rv env.intercepted_binops = frozenset(['+']) t = env.from_string('{{ %s }}' % expr) try: t.render(ctx) except TemplateRuntimeError as e: pass else: self.fail('expected runtime error') def test_unary_operator_intercepting(self): def disable_op(arg): raise TemplateRuntimeError('that operator so does not work') for expr, ctx, rv in ('-1', {}, '-1'), ('-a', {'a': 2}, '-2'): env = SandboxedEnvironment() env.unop_table['-'] = disable_op t = env.from_string('{{ %s }}' % expr) assert t.render(ctx) == rv env.intercepted_unops = frozenset(['-']) t = env.from_string('{{ %s }}' % expr) try: t.render(ctx) except TemplateRuntimeError as e: pass else: self.fail('expected runtime error') def suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(SandboxTestCase)) return suite