[Zope3-checkins] CVS: Zope3/src/zope/security/tests - __init__.py:1.2 test_checker.py:1.2 test_proxy.py:1.2 test_restrictedbuiltins.py:1.2 test_restrictedinterpreter.py:1.2 test_securitymanagement.py:1.2 test_securitymanager.py:1.2

Jim Fulton jim@zope.com
Wed, 25 Dec 2002 09:15:53 -0500


Update of /cvs-repository/Zope3/src/zope/security/tests
In directory cvs.zope.org:/tmp/cvs-serv20790/src/zope/security/tests

Added Files:
	__init__.py test_checker.py test_proxy.py 
	test_restrictedbuiltins.py test_restrictedinterpreter.py 
	test_securitymanagement.py test_securitymanager.py 
Log Message:
Grand renaming:

- Renamed most files (especially python modules) to lower case.

- Moved views and interfaces into separate hierarchies within each
  project, where each top-level directory under the zope package
  is a separate project.

- Moved everything to src from lib/python.

  lib/python will eventually go away. I need access to the cvs
  repository to make this happen, however.

There are probably some bits that are broken. All tests pass
and zope runs, but I haven't tried everything. There are a number
of cleanups I'll work on tomorrow.



=== Zope3/src/zope/security/tests/__init__.py 1.1 => 1.2 ===
--- /dev/null	Wed Dec 25 09:15:53 2002
+++ Zope3/src/zope/security/tests/__init__.py	Wed Dec 25 09:15:22 2002
@@ -0,0 +1,2 @@
+#
+# This file is necessary to make this directory a package.


=== Zope3/src/zope/security/tests/test_checker.py 1.1 => 1.2 ===
--- /dev/null	Wed Dec 25 09:15:53 2002
+++ Zope3/src/zope/security/tests/test_checker.py	Wed Dec 25 09:15:22 2002
@@ -0,0 +1,297 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+Revision information:
+$Id$
+"""
+
+from unittest import TestCase, TestSuite, main, makeSuite
+from zope.security.checker import Checker, NamesChecker, CheckerPublic
+from zope.testing.cleanup import CleanUp
+from zope.security.interfaces import ISecurityPolicy
+from zope.exceptions import Forbidden, Unauthorized
+from zope.security.securitymanagement import setSecurityPolicy
+from zope.security.proxy import getChecker, getObject
+from zope.security.checker import defineChecker
+import types
+
+class SecurityPolicy:
+
+    __implements__ =  ISecurityPolicy
+
+    def checkPermission(self, permission, object, context):
+        'See ISecurityPolicy'
+
+        return permission == 'test_allowed'
+
+
+class TransparentProxy(object):
+    def __init__(self, ob):
+        self._ob = ob
+
+    def __getattribute__(self, name):
+        ob = object.__getattribute__(self, '_ob')
+        return getattr(ob, name)
+
+class OldInst:
+    a=1
+
+    def b(self):
+        pass
+
+    c=2
+
+    def gete(self): return 3
+    e = property(gete)
+
+    def __getitem__(self, x): return 5, x
+
+    def __setitem__(self, x, v): pass
+
+class NewInst(object, OldInst):
+
+    def gete(self): return 3
+    def sete(self, v): pass
+    e = property(gete, sete)
+
+class Test(TestCase, CleanUp):
+
+    def setUp(self):
+        CleanUp.setUp(self)
+        self.__oldpolicy = setSecurityPolicy(SecurityPolicy())
+
+    def tearDown(self):
+        setSecurityPolicy(self.__oldpolicy)
+        CleanUp.tearDown(self)
+
+    def test_typesAcceptedByDefineChecker(self):
+        class ClassicClass:
+            __metaclass__ = types.ClassType
+        class NewStyleClass:
+            __metaclass__ = type
+        import zope.security
+        not_a_type = object()
+        defineChecker(ClassicClass, NamesChecker())
+        defineChecker(NewStyleClass, NamesChecker())
+        defineChecker(zope.security, NamesChecker())
+        self.assertRaises(TypeError,
+                defineChecker, not_a_type, NamesChecker())
+
+    # check_getattr cases:
+    #
+    # - no attribute there
+    # - method
+    # - allow and disallow by permission
+    def test_check_getattr(self):
+
+        oldinst = OldInst()
+        oldinst.d = OldInst()
+
+        newinst = NewInst()
+        newinst.d = NewInst()
+
+        for inst in oldinst, newinst:
+            checker = NamesChecker(['a', 'b', 'c', '__getitem__'],
+                                   'perm')
+
+            self.assertRaises(Unauthorized, checker.check_getattr, inst, 'a')
+            self.assertRaises(Unauthorized, checker.check_getattr, inst, 'b')
+            self.assertRaises(Unauthorized, checker.check_getattr, inst, 'c')
+            self.assertRaises(Unauthorized, checker.check, inst, '__getitem__')
+            self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
+            self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
+            self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
+            self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
+
+            checker = NamesChecker(['a', 'b', 'c', '__getitem__'],
+                                   'test_allowed')
+
+            checker.check_getattr(inst, 'a')
+            checker.check_getattr(inst, 'b')
+            checker.check_getattr(inst, 'c')
+            checker.check(inst, '__getitem__')
+            self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
+            self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
+            self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
+            self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
+
+            checker = NamesChecker(['a', 'b', 'c', '__getitem__'],
+                                   CheckerPublic)
+
+            checker.check_getattr(inst, 'a')
+            checker.check_getattr(inst, 'b')
+            checker.check_getattr(inst, 'c')
+            checker.check(inst, '__getitem__')
+            self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
+            self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
+            self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
+            self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
+
+    def test_check_setattr(self):
+
+        oldinst = OldInst()
+        oldinst.d = OldInst()
+
+        newinst = NewInst()
+        newinst.d = NewInst()
+
+        for inst in oldinst, newinst:
+            checker = Checker({}, {'a': 'perm', 'z': 'perm'})
+
+            self.assertRaises(Unauthorized, checker.check_setattr, inst, 'a')
+            self.assertRaises(Unauthorized, checker.check_setattr, inst, 'z')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'c')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'd')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'e')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'f')
+
+            checker = Checker({}, {'a': 'test_allowed', 'z': 'test_allowed'})
+
+            checker.check_setattr(inst, 'a')
+            checker.check_setattr(inst, 'z')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'd')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'e')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'f')
+
+            checker = Checker({}, {'a': CheckerPublic, 'z': CheckerPublic})
+
+            checker.check_setattr(inst, 'a')
+            checker.check_setattr(inst, 'z')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'd')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'e')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'f')
+
+    def test_proxy(self):
+        checker = NamesChecker(())
+
+
+        for rock in (1, 1.0, 1l, 1j,
+                     '1', u'1', None,
+                     AttributeError, AttributeError(),
+                     ):
+            proxy = checker.proxy(rock)
+
+            self.failUnless(proxy is rock, (rock, type(proxy)))
+
+        for class_ in OldInst, NewInst:
+            inst = class_()
+
+            for ob in inst, class_:
+                proxy = checker.proxy(ob)
+                self.failUnless(getObject(proxy) is ob)
+                checker = getChecker(proxy)
+                if ob is inst:
+                    self.assertEqual(checker.permission_id('__str__'),
+                                     None)
+                else:
+                    self.assertEqual(checker.permission_id('__str__'),
+                                     CheckerPublic)
+
+            special = NamesChecker(['a', 'b'], 'test_allowed')
+            defineChecker(class_, special)
+
+            for ob in inst, TransparentProxy(inst):
+                proxy = checker.proxy(ob)
+                self.failUnless(getObject(proxy) is ob)
+
+                checker = getChecker(proxy)
+                self.failUnless(checker is special,
+                                checker.getPermission_func().__self__)
+
+                proxy2 = checker.proxy(proxy)
+                self.failUnless(proxy2 is proxy, [proxy, proxy2])
+
+    def testMultiChecker(self):
+        from zope.interface import Interface
+
+        class I1(Interface):
+            def f1(): ''
+            def f2(): ''
+
+        class I2(I1):
+            def f3(): ''
+            def f4(): ''
+
+        class I3(Interface):
+            def g(): ''
+
+        from zope.exceptions import DuplicationError
+
+        from zope.security.checker import MultiChecker
+
+        self.assertRaises(DuplicationError,
+                          MultiChecker,
+                          [(I1, 'p1'), (I2, 'p2')])
+
+        self.assertRaises(DuplicationError,
+                          MultiChecker,
+                          [(I1, 'p1'), {'f2': 'p2'}])
+
+        MultiChecker([(I1, 'p1'), (I2, 'p1')])
+
+        checker = MultiChecker([
+            (I2, 'p1'),
+            {'a': 'p3'},
+            (I3, 'p2'),
+            (('x','y','z'), 'p4'),
+            ])
+
+        self.assertEqual(checker.permission_id('f1'), 'p1')
+        self.assertEqual(checker.permission_id('f2'), 'p1')
+        self.assertEqual(checker.permission_id('f3'), 'p1')
+        self.assertEqual(checker.permission_id('f4'), 'p1')
+        self.assertEqual(checker.permission_id('g'), 'p2')
+        self.assertEqual(checker.permission_id('a'), 'p3')
+        self.assertEqual(checker.permission_id('x'), 'p4')
+        self.assertEqual(checker.permission_id('y'), 'p4')
+        self.assertEqual(checker.permission_id('z'), 'p4')
+        self.assertEqual(checker.permission_id('zzz'), None)
+
+    def testNonPrivateChecker(self):
+        from zope.security.checker import NonPrivateChecker
+        checker = NonPrivateChecker('p')
+        self.assertEqual(checker.permission_id('z'), 'p')
+        self.assertEqual(checker.permission_id('_z'), None)
+
+    def testAlwaysAvailable(self):
+        from zope.security.checker import NamesChecker
+        checker = NamesChecker(())
+        class C: pass
+        self.assertEqual(checker.check(C, '__hash__'), None)
+        self.assertEqual(checker.check(C, '__nonzero__'), None)
+        self.assertEqual(checker.check(C, '__class__'), None)
+        self.assertEqual(checker.check(C, '__implements__'), None)
+        self.assertEqual(checker.check(C, '__lt__'), None)
+        self.assertEqual(checker.check(C, '__le__'), None)
+        self.assertEqual(checker.check(C, '__gt__'), None)
+        self.assertEqual(checker.check(C, '__ge__'), None)
+        self.assertEqual(checker.check(C, '__eq__'), None)
+        self.assertEqual(checker.check(C, '__ne__'), None)
+
+    def test_setattr(self):
+        checker = NamesChecker(['a', 'b', 'c', '__getitem__'],
+                               'test_allowed')
+
+        for inst in NewInst(), OldInst():
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'a')
+            self.assertRaises(Forbidden, checker.check_setattr, inst, 'z')
+
+
+
+def test_suite():
+    return makeSuite(Test)
+
+if __name__=='__main__':
+    main(defaultTest='test_suite')


=== Zope3/src/zope/security/tests/test_proxy.py 1.1 => 1.2 ===
--- /dev/null	Wed Dec 25 09:15:53 2002
+++ Zope3/src/zope/security/tests/test_proxy.py	Wed Dec 25 09:15:22 2002
@@ -0,0 +1,357 @@
+import unittest
+from zope.exceptions import Forbidden
+from zope.security.proxy import getObject, getChecker, ProxyFactory
+from zope.proxy.proxy import proxy
+
+class Checker:
+
+    ok = 1
+
+    def check_getattr(self, object, name):
+        if name not in ("foo", "next", "__class__", "__name__", "__module__"):
+            raise RuntimeError
+
+    def check_setattr(self, object, name):
+        if name != "foo":
+            raise RuntimeError
+
+    def check(self, object, opname):
+        if not self.ok:
+            raise RuntimeError
+
+    def proxy(self, value):
+        if type(value) is str:
+            return value
+        return ProxyFactory(value, self)
+
+
+class Something:
+    def __init__(self):
+        self.foo = [1,2,3]
+    def __getitem__(self, key):
+        return self.foo[key]
+    def __setitem__(self, key, value):
+        self.foo[key] = value
+    def __delitem__(self, key):
+        del self.foo[key]
+    def __call__(self, arg):
+        return 42
+    def __eq__(self, other):
+        return self is other
+    def __hash__(self):
+        return 42
+    def __iter__(self):
+        return self
+    def next(self):
+        return 42 # Infinite sequence
+    def __len__(self):
+        return 42
+    def __nonzero__(self):
+        return 1
+    def __getslice__(self, i, j):
+        return [42]
+    def __setslice__(self, i, j, value):
+        if value != [42]:
+            raise ValueError
+    def __contains__(self, x):
+        return x == 42
+
+
+class ProxyTests(unittest.TestCase):
+
+    def setUp(self):
+        self.x = Something()
+        self.c = Checker()
+        self.p = ProxyFactory(self.x, self.c)
+
+    def shouldFail(self, *args):
+        self.c.ok = 0
+        self.assertRaises(RuntimeError, *args)
+        self.c.ok = 1
+
+    def testDerivation(self):
+        self.assert_(isinstance(self.p, proxy))
+
+    def testStr(self):
+        self.assertEqual(str(self.p), str(self.x))
+
+        x = Something()
+        c = Checker()
+        c.ok = 0
+        p = ProxyFactory(x, c)
+        s = str(p)
+        self.failUnless(s.startswith(
+            "<security proxied %s.%s instance at"
+            % (x.__class__.__module__, x.__class__.__name__)),
+                        s)
+
+
+    def testRepr(self):
+        self.assertEqual(repr(self.p), repr(self.x))
+
+        x = Something()
+        c = Checker()
+        c.ok = 0
+        p = ProxyFactory(x, c)
+        s = repr(p)
+        self.failUnless(s.startswith(
+            "<security proxied %s.%s instance at"
+            % (x.__class__.__module__, x.__class__.__name__)),
+                        s)
+
+    def testGetAttrOK(self):
+        self.assertEqual(getObject(self.p.foo), [1,2,3])
+
+    def testGetAttrFail(self):
+        self.assertRaises(RuntimeError, lambda: self.p.bar)
+
+    def testSetAttrOK(self):
+        self.p.foo = 42
+        self.assertEqual(self.p.foo, 42)
+
+    def testSetAttrFail(self):
+        def doit(): self.p.bar = 42
+        self.assertRaises(RuntimeError, doit)
+
+    def testGetItemOK(self):
+        self.assertEqual(self.p[0], 1)
+
+    def testGetItemFail(self):
+        self.shouldFail(lambda: self.p[10])
+
+    def testSetItemOK(self):
+        self.p[0] = 42
+        self.assertEqual(self.p[0], 42)
+
+    def testSetItemFail(self):
+        def doit(): del self.p[0]
+        self.shouldFail(doit)
+
+    def testDelItemOK(self):
+        self.p[0] = 42
+        self.assertEqual(self.p[0], 42)
+        del self.p[0]
+        self.shouldFail(lambda: self.p[0])
+
+    def testDelItemFail(self):
+        def doit(): self.p[10] = 42
+        self.shouldFail(doit)
+
+    def testCallOK(self):
+        self.assertEqual(self.p(None), 42)
+
+    def testCallFail(self):
+        self.shouldFail(self.p, None)
+
+    def testRichCompareOK(self):
+        self.failUnless(self.p == self.x)
+
+    def testRichCompareFail(self):
+        self.shouldFail(lambda: self.p == self.x)
+
+    def testIterOK(self):
+        self.assertEqual(getObject(iter(self.p)), self.x)
+
+    def testIterFail(self):
+        self.shouldFail(iter, self.p)
+
+    def testNextOK(self):
+        self.assertEqual(self.p.next(), 42)
+
+    def testNextFail(self):
+        self.shouldFail(self.p.next)
+
+    def testCompareOK(self):
+        self.assertEqual(cmp(self.p, self.x), 0)
+
+    def testCompareFail(self):
+        self.shouldFail(cmp, self.p, self.x)
+
+    def testHashOK(self):
+        self.assertEqual(hash(self.p), hash(self.x))
+
+    def testHashFail(self):
+        self.shouldFail(hash, self.p)
+
+    def testNonzeroOK(self):
+        self.assertEqual(not self.p, 0)
+
+    def testNonzeroFail(self):
+        self.shouldFail(lambda: not self.p)
+
+    def testLenOK(self):
+        self.assertEqual(len(self.p), 42)
+
+    def testLenFail(self):
+        self.shouldFail(len, self.p)
+
+    def testSliceOK(self):
+        self.assertEqual(getObject(self.p[:]), [42])
+
+    def testSliceFail(self):
+        self.shouldFail(lambda: self.p[:])
+
+    def testSetSliceOK(self):
+        self.p[:] = [42]
+
+    def testSetSliceFail(self):
+        def doit(): self.p[:] = [42]
+        self.shouldFail(doit)
+
+    def testContainsOK(self):
+        self.failUnless(42 in self.p)
+
+    def testContainsFail(self):
+        self.shouldFail(lambda: 42 in self.p)
+
+    def testGetObject(self):
+        self.assertEqual(self.x, getObject(self.p))
+
+    def testGetChecker(self):
+        self.assertEqual(self.c, getChecker(self.p))
+
+    def testProxiedClassicClassAsDictKey(self):
+        class C:
+            pass
+        d = {C: C()}
+        pC = ProxyFactory(C, self.c)
+        self.assertEqual(d[pC], d[C])
+
+    def testProxiedNewClassAsDictKey(self):
+        class C(object):
+            pass
+        d = {C: C()}
+        pC = ProxyFactory(C, self.c)
+        self.assertEqual(d[pC], d[C])
+
+    unops = [
+        "-x", "+x", "abs(x)", "~x",
+        "int(x)", "long(x)", "float(x)",
+        ]
+
+    def test_unops(self):
+        P = self.c.proxy
+        for expr in self.unops:
+            x = 1
+            y = eval(expr)
+            x = P(1)
+            z = eval(expr)
+            self.assertEqual(getObject(z), y, "x=%r; expr=%r" % (x, expr))
+            self.shouldFail(lambda x: eval(expr), x)
+
+    def test_odd_unops(self):
+        # unops that don't return a proxy
+        P = self.c.proxy
+        for func in hex, oct, lambda x: not x:
+            self.assertEqual(func(P(100)), func(100))
+            self.shouldFail(func, P(100))
+
+    binops = [
+        "x+y", "x-y", "x*y", "x/y", "divmod(x, y)", "x**y", "x//y",
+        "x<<y", "x>>y", "x&y", "x|y", "x^y",
+        ]
+
+    def test_binops(self):
+        P = self.c.proxy
+        for expr in self.binops:
+            first = 1
+            for x in [1, P(1)]:
+                for y in [2, P(2)]:
+                    if first:
+                        z = eval(expr)
+                        first = 0
+                    else:
+                        self.assertEqual(getObject(eval(expr)), z,
+                                         "x=%r; y=%r; expr=%r" % (x, y, expr))
+                        self.shouldFail(lambda x, y: eval(expr), x, y)
+
+    def test_inplace(self):
+        # XXX should test all inplace operators...
+        P = self.c.proxy
+
+        pa = P(1)
+        pa += 2
+        self.assertEqual(getObject(pa), 3)
+
+        a = [1, 2, 3]
+        pa = qa = P(a)
+        pa += [4, 5, 6]
+        self.failUnless(pa is qa)
+        self.assertEqual(a, [1, 2, 3, 4, 5, 6])
+
+        def doit():
+            pa = P(1)
+            pa += 2
+        self.shouldFail(doit)
+
+        pa = P(2)
+        pa **= 2
+        self.assertEqual(getObject(pa), 4)
+
+        def doit():
+            pa = P(2)
+            pa **= 2
+        self.shouldFail(doit)
+
+    def test_coerce(self):
+        P = self.c.proxy
+
+        # Before 2.3, coerce() of two proxies returns them unchanged
+        import sys
+        fixed_coerce = sys.version_info >= (2, 3, 0)
+
+        x = P(1)
+        y = P(2)
+        a, b = coerce(x, y)
+        self.failUnless(a is x and b is y)
+
+        x = P(1)
+        y = P(2.1)
+        a, b = coerce(x, y)
+        self.failUnless(getObject(a) == 1.0 and b is y)
+        if fixed_coerce:
+            self.failUnless(type(getObject(a)) is float and b is y)
+
+        x = P(1.1)
+        y = P(2)
+        a, b = coerce(x, y)
+        self.failUnless(a is x and getObject(b) == 2.0)
+        if fixed_coerce:
+            self.failUnless(a is x and type(getObject(b)) is float)
+
+        x = P(1)
+        y = 2
+        a, b = coerce(x, y)
+        self.failUnless(a is x and b is y)
+
+        x = P(1)
+        y = 2.1
+        a, b = coerce(x, y)
+        self.failUnless(type(getObject(a)) is float and b is y)
+
+        x = P(1.1)
+        y = 2
+        a, b = coerce(x, y)
+        self.failUnless(a is x and type(getObject(b)) is float)
+
+        x = 1
+        y = P(2)
+        a, b = coerce(x, y)
+        self.failUnless(a is x and b is y)
+
+        x = 1.1
+        y = P(2)
+        a, b = coerce(x, y)
+        self.failUnless(a is x and type(getObject(b)) is float)
+
+        x = 1
+        y = P(2.1)
+        a, b = coerce(x, y)
+        self.failUnless(type(getObject(a)) is float and b is y)
+
+def test_suite():
+    return unittest.makeSuite(ProxyTests)
+
+if __name__=='__main__':
+    from unittest import main
+    main(defaultTest='test_suite')


=== Zope3/src/zope/security/tests/test_restrictedbuiltins.py 1.1 => 1.2 ===
--- /dev/null	Wed Dec 25 09:15:53 2002
+++ Zope3/src/zope/security/tests/test_restrictedbuiltins.py	Wed Dec 25 09:15:22 2002
@@ -0,0 +1,46 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""
+
+Revision information:
+$Id$
+"""
+
+from unittest import TestCase, TestSuite, main, makeSuite
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+class Test(CleanUp, TestCase):
+
+    def test(self):
+        from zope.security.restrictedbuiltins import RestrictedBuiltins
+        from zope.security.proxy import Proxy
+        from zope.exceptions import Forbidden
+
+        def e(expr):
+            return eval(expr, {'__builtins__': RestrictedBuiltins})
+
+        self.assertEqual(e('__import__("sys").__name__'), "sys")
+        self.assertEqual(e('__import__("zope.security").__name__'), "zope")
+        self.assertEqual(e(
+            '__import__("zope.security", {}, None, ["__doc__"]).__name__'),
+                         "zope.security")
+        self.assertRaises(Forbidden, e, '__import__("sys").exit')
+
+
+
+def test_suite():
+    return makeSuite(Test)
+
+if __name__=='__main__':
+    main(defaultTest='test_suite')


=== Zope3/src/zope/security/tests/test_restrictedinterpreter.py 1.1 => 1.2 ===
--- /dev/null	Wed Dec 25 09:15:53 2002
+++ Zope3/src/zope/security/tests/test_restrictedinterpreter.py	Wed Dec 25 09:15:22 2002
@@ -0,0 +1,49 @@
+import unittest
+
+from zope.security.restrictedinterpreter import RestrictedInterpreter
+from zope.security.proxy import ProxyFactory
+from zope.security.checker import defineChecker
+
+from zope.testing.cleanup import CleanUp
+
+class RITests(unittest.TestCase, CleanUp):
+
+    def setUp(self):
+        CleanUp.setUp(self)
+        self.rinterp = RestrictedInterpreter()
+
+    def tearDown(self):
+        CleanUp.tearDown(self)
+
+    def testExec(self):
+        self.rinterp.ri_exec("str(type(1))\n")
+
+    def testImport(self):
+        self.rinterp.ri_exec("import zope.security.proxy")
+
+    def testWrapping(self):
+        # make sure we've really got proxies
+        import types
+        from zope.security.checker import NamesChecker
+
+        checker = NamesChecker(['Proxy'])
+
+        import zope.security.proxy
+        defineChecker(zope.security.proxy, checker)
+
+        checker = NamesChecker(['BuiltinFunctionType'])
+        defineChecker(types, checker)
+
+        code = ("from zope.security.proxy import Proxy\n"
+                "import types\n"
+                "assert type(id) is not types.BuiltinFunctionType\n"
+                )
+        self.rinterp.ri_exec(code)
+
+def test_suite():
+    return unittest.makeSuite(RITests)
+
+
+if __name__=='__main__':
+    from unittest import main
+    main(defaultTest='test_suite')


=== Zope3/src/zope/security/tests/test_securitymanagement.py 1.1 => 1.2 ===
--- /dev/null	Wed Dec 25 09:15:53 2002
+++ Zope3/src/zope/security/tests/test_securitymanagement.py	Wed Dec 25 09:15:22 2002
@@ -0,0 +1,121 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Unit tests for SecurityManagement
+
+$Id$
+"""
+
+import unittest
+
+from zope.interface.verify import verifyObject
+from zope.testing.cleanup import CleanUp
+
+import zope.security.securitymanagement
+from zope.security.securitymanagement import \
+     noSecurityManager, setSecurityPolicy, newSecurityManager
+
+
+class Test(CleanUp, unittest.TestCase):
+
+    def test_import( self ):
+        from zope.security import securitymanagement
+        from zope.security.interfaces import ISecurityManagement
+        from zope.security.interfaces \
+            import ISecurityManagementSetup
+
+        verifyObject( ISecurityManagementSetup, securitymanagement )
+        verifyObject( ISecurityManagement, securitymanagement )
+
+    def test_ISecurityManagementSetup( self ):
+
+        from zope.security.securitymanagement import noSecurityManager
+        from zope.security.securitymanagement import newSecurityManager
+        from zope.security.securitymanagement import replaceSecurityManager
+
+        some_user = []
+        other_user = []
+        old = newSecurityManager( some_user )
+        self.assertEqual( old, None )
+
+        old = newSecurityManager( other_user )
+        self.failUnless( old is not None )
+        self.failUnless( old.getPrincipal() is some_user )
+
+        old2 = replaceSecurityManager( old )
+        self.failUnless( old2 is not None )
+        self.failUnless( old2.getPrincipal() is other_user )
+
+        noSecurityManager()
+
+    def test_getSecurityManager( self ):
+        # This is a test for the case when there is no principal
+
+        from zope.security.securitymanagement import noSecurityManager
+        from zope.security.securitymanagement import replaceSecurityManager
+        from zope.security.securitymanagement import getSecurityManager
+
+        noSecurityManager()
+        self.failUnless( replaceSecurityManager( None ) is None )
+
+        mgr = getSecurityManager()
+        self.assertEqual( mgr.getPrincipal(), None)
+        # XXX maybe add test for default principal case
+        self.failIf( mgr.calledByExecutable() )
+        self.assertEqual( replaceSecurityManager( None ), mgr )
+
+        noSecurityManager()
+
+    def _setPermissive( self ):
+        from zope.security.securitymanagement import setSecurityPolicy
+        from zope.security.simplesecuritypolicies \
+                                import PermissiveSecurityPolicy
+        setSecurityPolicy( PermissiveSecurityPolicy() )
+
+    def _setParanoid( self ):
+        from zope.security.securitymanagement import setSecurityPolicy
+        from zope.security.simplesecuritypolicies \
+                                import ParanoidSecurityPolicy
+        setSecurityPolicy( ParanoidSecurityPolicy() )
+
+    def test_setSecurityPolicy( self ):
+
+        from zope.security.securitymanagement import noSecurityManager
+        from zope.security.securitymanagement import getSecurityManager
+        from zope.exceptions import Unauthorized
+
+        # test against default policy (paranoid)
+        self._setParanoid()
+        newSecurityManager('some user')
+        mgr = getSecurityManager()
+        self.failIf( mgr.checkPermission( None, None ) )
+
+        # test against explicit permissive policy
+        self._setPermissive()
+        newSecurityManager('some user')
+        mgr = getSecurityManager()
+        self.failUnless( mgr.checkPermission( None, None ) )
+
+        # test against explicit paranoid policy
+        self._setParanoid()
+        newSecurityManager('some user')
+        mgr = getSecurityManager()
+        self.failIf( mgr.checkPermission( None, None ) )
+
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())


=== Zope3/src/zope/security/tests/test_securitymanager.py 1.1 => 1.2 ===
--- /dev/null	Wed Dec 25 09:15:53 2002
+++ Zope3/src/zope/security/tests/test_securitymanager.py	Wed Dec 25 09:15:22 2002
@@ -0,0 +1,177 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Unit tests for SecurityManager """
+
+import unittest
+
+from zope.interface.verify import verifyClass
+
+from zope.security import securitymanager
+from zope.security.simplesecuritypolicies import \
+     ParanoidSecurityPolicy, PermissiveSecurityPolicy
+from zope.security.securitycontext import SecurityContext
+from zope.exceptions import Unauthorized
+
+class DummyExecutable:
+
+    """__implements__ = (pseudo) IExecutableObject"""
+
+class DummyExecutableWithCustomPolicy:
+
+    """__implements__ = (pseudo) IExecutableObjectWithCustomSecurityPolicy"""
+
+    def _customSecurityPolicy( self ):
+        return PermissiveSecurityPolicy()
+
+class Test( unittest.TestCase ):
+
+    def setUp( self ):
+
+        self._oldPolicy = securitymanager._defaultPolicy
+        securitymanager.setSecurityPolicy( ParanoidSecurityPolicy() )
+        self._context = SecurityContext( 'xyzzy' )
+
+    def tearDown( self ):
+
+        from zope.security.securitymanager import setSecurityPolicy
+        setSecurityPolicy( self._oldPolicy )
+
+    def _makeMgr( self ):
+
+        from zope.security.securitymanager import SecurityManager
+
+        return SecurityManager( self._context )
+
+    def _setPermissive( self ):
+
+        from zope.security.securitymanager import setSecurityPolicy
+        setSecurityPolicy( PermissiveSecurityPolicy() )
+
+    def test_import( self ):
+
+        from zope.security.securitymanager import SecurityManager
+        from zope.security.interfaces import ISecurityManager
+
+        verifyClass( ISecurityManager, SecurityManager )
+
+    def test_empty( self ):
+
+        mgr = self._makeMgr()
+
+        self.assertEqual( mgr.getPrincipal(), self._context.user )
+        self.failIf( mgr.calledByExecutable() )
+
+    def test_w_default_policy( self ):
+
+        mgr = self._makeMgr()
+
+        self.failIf( mgr.checkPermission( None, None ) )
+
+    def test_w_permissive_policy( self ):
+
+        mgr = self._makeMgr()
+        self._setPermissive()
+
+        self.failUnless( mgr.checkPermission( None, None ) )
+
+    def test_exec_stack_overflow( self ):
+
+        from zope.security.securitymanager import MAX_STACK_SIZE
+        mgr = self._makeMgr()
+
+        for i in range( MAX_STACK_SIZE ):
+            mgr.pushExecutable( None )
+
+        self.assertRaises( SystemError, mgr.pushExecutable, None )
+
+    def test_pushExecutable_simple( self ):
+
+        mgr = self._makeMgr()
+        self.failIf( mgr.calledByExecutable() )
+
+        mgr.pushExecutable( DummyExecutable() )
+        self.failUnless( mgr.calledByExecutable() )
+
+    def test_popExecutable_simple( self ):
+
+        mgr = self._makeMgr()
+        exe = DummyExecutable()
+        exe2 = DummyExecutable()
+
+        mgr.pushExecutable( exe )
+        mgr.pushExecutable( exe2 )
+        mgr.popExecutable( exe2 )
+        self.failUnless( mgr.calledByExecutable() )
+
+        mgr.popExecutable( exe )
+        self.failIf( mgr.calledByExecutable() )
+
+    def test_popExecutable_nomatch( self ):
+
+        mgr = self._makeMgr()
+        exe = DummyExecutable()
+        exe2 = DummyExecutable()
+        other = DummyExecutable()
+
+        mgr.pushExecutable( exe )
+        mgr.pushExecutable( exe2 )
+        mgr.popExecutable( other ) # not on stack => no change
+        self.failUnless( mgr.calledByExecutable() )
+
+        mgr.popExecutable( exe ) # bottom of stack => empty it
+        self.failIf( mgr.calledByExecutable() )
+
+    def test_pushExecutable_customPolicy( self ):
+
+        mgr = self._makeMgr()
+        exe = DummyExecutableWithCustomPolicy()
+        self.failIf( mgr.checkPermission( None, None ) )
+        mgr.pushExecutable( exe )
+        self.failUnless( mgr.checkPermission( None, None ) )
+        mgr.popExecutable( exe )
+        self.failIf( mgr.checkPermission( None, None ) )
+
+    def test_pushPop_complexPolicies( self ):
+
+        mgr = self._makeMgr()
+
+        exe1 = DummyExecutableWithCustomPolicy()
+        exe2 = DummyExecutable()
+        exe3 = DummyExecutableWithCustomPolicy()
+
+        mgr.pushExecutable( exe1 ) # now has custom permissive policy
+        self.failUnless( mgr.checkPermission( None, None ) )
+
+        mgr.pushExecutable( exe2 ) # now has default policy
+        self.failIf( mgr.checkPermission( None, None ) )
+
+        mgr.pushExecutable( exe3 ) # now has custom permissive policy
+        self.failUnless( mgr.checkPermission( None, None ) )
+
+        mgr.popExecutable( exe3 ) # back to default policy
+        self.failIf( mgr.checkPermission( None, None ) )
+
+        mgr.popExecutable( exe2 ) # back to has custom permissive policy
+        self.failUnless( mgr.checkPermission( None, None ) )
+
+        mgr.popExecutable( exe1 ) # back to default policy
+        self.failIf( mgr.checkPermission( None, None ) )
+
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())