本文整理汇总了Python中django.core.exceptions.SuspiciousFileOperation方法的典型用法代码示例。如果您正苦于以下问题:Python exceptions.SuspiciousFileOperation方法的具体用法?Python exceptions.SuspiciousFileOperation怎么用?Python exceptions.SuspiciousFileOperation使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类django.core.exceptions
的用法示例。
在下文中一共展示了exceptions.SuspiciousFileOperation方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_template_sources
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def get_template_sources(self, template_name):
"""
Return an Origin object pointing to an absolute path in each directory
in template_dirs. For security reasons, if a path doesn't lie inside
one of the template_dirs it is excluded from the result set.
"""
for template_dir in self.get_dirs():
try:
name = safe_join(template_dir, template_name)
except SuspiciousFileOperation:
# The joined path was located outside of this template_dir
# (it might be inside another one, so this isn't fatal).
continue
yield Origin(
name=name,
template_name=template_name,
loader=self,
)
示例2: get_available_name
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def get_available_name(self, bucket, key, max_length=32, force_name_change=False):
file_root, file_ext = os.path.splitext(key)
while (
force_name_change
or self.key_exists(bucket, key)
or (max_length and len(key) > max_length)
):
force_name_change = False
# file_ext includes the dot.
key = "%s_%s%s" % (file_root, get_random_string(7), file_ext)
if max_length is None:
continue
# Truncate file_root if max_length exceeded.
truncation = len(key) - max_length
if truncation > 0:
file_root = file_root[:-truncation]
# Entire file_root was truncated in attempt to find an available filename.
if not file_root:
raise SuspiciousFileOperation(
'Storage can not find an available filename for "%s". '
"Please make sure that the corresponding file field "
'allows sufficient "max_length".' % key
)
key = "%s_%s%s" % (file_root, get_random_string(7), file_ext)
return key
示例3: get_template_sources
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def get_template_sources(self, template_name, template_dirs=None):
"""
Return an Origin object pointing to an absolute path in each directory
in template_dirs. For security reasons, if a path doesn't lie inside
one of the template_dirs it is excluded from the result set.
"""
if not template_dirs:
template_dirs = self.get_dirs()
for template_dir in template_dirs:
try:
name = safe_join(template_dir, template_name)
except SuspiciousFileOperation:
# The joined path was located outside of this template_dir
# (it might be inside another one, so this isn't fatal).
continue
yield Origin(
name=name,
template_name=template_name,
loader=self,
)
示例4: safe_join
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def safe_join(base, path):
base = force_text(base).replace("\\", "/").lstrip("/").rstrip("/") + "/"
path = force_text(path).replace("\\", "/").lstrip("/")
# Ugh... there must be a better way that I can't think of right now
if base == "/":
base = ""
resolved_url = urlparse.urljoin(base, path)
resolved_url = re.sub("//+", "/", resolved_url)
if not resolved_url.startswith(base):
raise SuspiciousFileOperation(
'The joined path ({}) is located outside of the base path '
'component ({})'.format(resolved_url, base))
return resolved_url
示例5: test_file_truncation
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def test_file_truncation(self):
# Given the max_length is limited, when multiple files get uploaded
# under the same name, then the filename get truncated in order to fit
# in _(7 random chars). When most of the max_length is taken by
# dirname + extension and there are not enough characters in the
# filename to truncate, an exception should be raised.
objs = [Storage() for i in range(2)]
filename = 'filename.ext'
for o in objs:
o.limited_length.save(filename, ContentFile('Same Content'))
try:
# Testing truncation.
names = [o.limited_length.name for o in objs]
self.assertEqual(names[0], 'tests/%s' % filename)
self.assertRegex(names[1], 'tests/fi_%s.ext' % FILE_SUFFIX_REGEX)
# Testing exception is raised when filename is too short to truncate.
filename = 'short.longext'
objs[0].limited_length.save(filename, ContentFile('Same Content'))
with self.assertRaisesMessage(SuspiciousFileOperation, 'Storage can not find an available filename'):
objs[1].limited_length.save(*(filename, ContentFile('Same Content')))
finally:
for o in objs:
o.delete()
示例6: get_upload_to
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def get_upload_to(self, filename):
folder_name = 'original_videos'
filename = self.file.field.storage.get_valid_name(filename)
max_length = self._meta.get_field('file').max_length
# Truncate filename so it fits in the 100 character limit
# https://code.djangoproject.com/ticket/9893
file_path = os.path.join(folder_name, filename)
too_long = len(file_path) - max_length
if too_long > 0:
head, ext = os.path.splitext(filename)
if too_long > len(head) + 1:
raise SuspiciousFileOperation('File name can not be shortened to a safe length')
filename = head[:-too_long] + ext
file_path = os.path.join(folder_name, filename)
return os.path.join(folder_name, filename)
示例7: get_template_sources
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def get_template_sources(self, template_name, template_dirs=None):
"""
Return an Origin object pointing to an absolute path in each directory
in template_dirs. For security reasons, if a path doesn't lie inside
one of the template_dirs it is excluded from the result set.
"""
if not template_dirs:
template_dirs = get_directories_in_tethys(('templates',))
for template_dir in template_dirs:
try:
name = safe_join(template_dir, template_name)
except SuspiciousFileOperation:
# The joined path was located outside of this template_dir
# (it might be inside another one, so this isn't fatal).
continue
yield Origin(
name=name,
template_name=template_name,
loader=self,
)
示例8: safe_join
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def safe_join(base, *paths):
"""
Joins one or more path components to the base path component intelligently.
Returns a normalized, absolute version of the final path.
The final path must be located inside of the base path component (otherwise
a ValueError is raised).
"""
base = force_text(base)
paths = [force_text(p) for p in paths]
final_path = abspathu(join(base, *paths))
base_path = abspathu(base)
# Ensure final_path starts with base_path (using normcase to ensure we
# don't false-negative on case insensitive operating systems like Windows),
# further, one of the following conditions must be true:
# a) The next character is the path separator (to prevent conditions like
# safe_join("/dir", "/../d"))
# b) The final path must be the same as the base path.
# c) The base path must be the most root path (meaning either "/" or "C:\\")
if (not normcase(final_path).startswith(normcase(base_path + sep)) and
normcase(final_path) != normcase(base_path) and
dirname(normcase(base_path)) != normcase(base_path)):
raise SuspiciousFileOperation(
'The joined path ({}) is located outside of the base path '
'component ({})'.format(final_path, base_path))
return final_path
示例9: get_template_sources
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def get_template_sources(self, template_name, template_dirs=None):
"""
Returns the absolute paths to "template_name", when appended to each
directory in "template_dirs". Any paths that don't lie inside one of the
template dirs are excluded from the result set, for security reasons.
"""
if not template_dirs:
template_dirs = get_app_template_dirs('templates')
for template_dir in template_dirs:
try:
yield safe_join(template_dir, template_name)
except SuspiciousFileOperation:
# The joined path was located outside of this template_dir
# (it might be inside another one, so this isn't fatal).
pass
示例10: get_template_sources
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def get_template_sources(self, template_name, template_dirs=None):
"""
Returns the absolute paths to "template_name", when appended to each
directory in "template_dirs". Any paths that don't lie inside one of the
template dirs are excluded from the result set, for security reasons.
"""
if not template_dirs:
template_dirs = self.engine.dirs
for template_dir in template_dirs:
try:
yield safe_join(template_dir, template_name)
except SuspiciousFileOperation:
# The joined path was located outside of this template_dir
# (it might be inside another one, so this isn't fatal).
pass
示例11: get_available_name
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def get_available_name(self, name, max_length=None):
"""
Returns a filename that's free on the target storage system, and
available for new content to be written to.
"""
dir_name, file_name = os.path.split(name)
file_root, file_ext = os.path.splitext(file_name)
# If the filename already exists, add an underscore and a random 7
# character alphanumeric string (before the file extension, if one
# exists) to the filename until the generated filename doesn't exist.
# Truncate original name if required, so the new filename does not
# exceed the max_length.
while self.exists(name) or (max_length and len(name) > max_length):
# file_ext includes the dot.
name = os.path.join(dir_name, "%s_%s%s" % (file_root, get_random_string(7), file_ext))
if max_length is None:
continue
# Truncate file_root if max_length exceeded.
truncation = len(name) - max_length
if truncation > 0:
file_root = file_root[:-truncation]
# Entire file_root was truncated in attempt to find an available filename.
if not file_root:
raise SuspiciousFileOperation(
'Storage can not find an available filename for "%s". '
'Please make sure that the corresponding file field '
'allows sufficient "max_length".' % name
)
name = os.path.join(dir_name, "%s_%s%s" % (file_root, get_random_string(7), file_ext))
return name
示例12: safe_join
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def safe_join(base, *paths):
"""
Join one or more path components to the base path component intelligently.
Return a normalized, absolute version of the final path.
Raise ValueError if the final path isn't located inside of the base path
component.
"""
base = force_text(base)
paths = [force_text(p) for p in paths]
final_path = abspath(join(base, *paths))
base_path = abspath(base)
# Ensure final_path starts with base_path (using normcase to ensure we
# don't false-negative on case insensitive operating systems like Windows),
# further, one of the following conditions must be true:
# a) The next character is the path separator (to prevent conditions like
# safe_join("/dir", "/../d"))
# b) The final path must be the same as the base path.
# c) The base path must be the most root path (meaning either "/" or "C:\\")
if (not normcase(final_path).startswith(normcase(base_path + sep)) and
normcase(final_path) != normcase(base_path) and
dirname(normcase(base_path)) != normcase(base_path)):
raise SuspiciousFileOperation(
'The joined path ({}) is located outside of the base path '
'component ({})'.format(final_path, base_path))
return final_path
示例13: test_should_not_allow_escaping_base_path
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def test_should_not_allow_escaping_base_path(self):
with pytest.raises(SuspiciousFileOperation):
safe_join("test", "../index.html")
with pytest.raises(SuspiciousFileOperation):
safe_join("test", "/../index.html")
示例14: get_template_source
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def get_template_source(name, dirs=None):
"""Retrieves the template's source contents.
:param name: Template's filename, as passed to the template loader.
:param dirs: list of directories to optionally override the defaults.
:return: tuple including file contents and file path.
"""
loaders = []
for loader in Engine.get_default().template_loaders:
# The cached loader includes the actual loaders underneath
if hasattr(loader, "loaders"):
loaders.extend(loader.loaders)
else:
loaders.append(loader)
for loader in loaders:
for template_dir in loader.get_dirs():
try:
filename = safe_join(template_dir, name)
except SuspiciousFileOperation:
# The joined path was located outside of this template_dir
# (it might be inside another one, so this isn't fatal).
continue
try:
with open(filename, encoding=loader.engine.file_charset) as fp:
return fp.read()
except FileNotFoundError:
continue
raise TemplateDoesNotExist(name)
示例15: test_truncates_away_filename_raises
# 需要导入模块: from django.core import exceptions [as 别名]
# 或者: from django.core.exceptions import SuspiciousFileOperation [as 别名]
def test_truncates_away_filename_raises(self):
name = 'parent/child.txt'
with self.assertRaises(SuspiciousFileOperation):
gaon(name, len(name) - 5)