6146602733

Committed 11 Sep 2023 12:48PM UTC coverage: 82.252% (+0.005%) from 82.247%

Build # 6146602733

Build Type

push

github

Committed by

mauritsvanrees

Commit Message

getZMIMainFrameTarget: do not accept a 'tainted' came_from parameter.

Do not accept a came_from path-only url starting with '//' either.
Browsers can interpret the rest of the path as a domain.

Run Details

4343 of 6932 branches covered (0.0%)

Branch coverage included in aggregate %.

21 of 21 new or added lines in 2 files covered. (100.0%)

27343 of 31591 relevant lines covered (86.55%)

0.87 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

78.07

/src/OFS/Application.py

##############################################################################
#
# Copyright (c) 2002 Zope Foundation and Contributors.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Application support
"""

import os
import sys
from logging import getLogger
from urllib.parse import urlparse

import Products
import transaction
from AccessControl import ClassSecurityInfo
from AccessControl.class_init import InitializeClass
from AccessControl.Permission import ApplicationDefaultPermissions
from AccessControl.Permissions import view_management_screens
from AccessControl.tainted import TaintedString
from Acquisition import aq_base
from App import FactoryDispatcher
from App.ApplicationManager import ApplicationManager
from App.ProductContext import ProductContext
from App.version_txt import getZopeVersion
from DateTime import DateTime
from OFS.FindSupport import FindSupport
from OFS.metaconfigure import get_packages_to_initialize
from OFS.metaconfigure import package_initialized
from OFS.userfolder import UserFolder
from webdav.NullResource import NullResource
from zExceptions import Forbidden
from zExceptions import Redirect as RedirectException
from zope.interface import implementer

from . import Folder
from . import misc_
from .interfaces import IApplication
from .misc_ import Misc_


LOG = getLogger('Application')

APP_MANAGER = None


@implementer(IApplication)
class Application(ApplicationDefaultPermissions, Folder.Folder, FindSupport):
    """Top-level system object"""

    security = ClassSecurityInfo()

    title = 'Zope'
    __defined_roles__ = ('Manager', 'Anonymous', 'Owner')
    __error_log__ = None
    isTopLevelPrincipiaApplicationObject = 1

    p_ = misc_.p_
    misc_ = misc_.misc_
    _reserved_names = ('Control_Panel', )

    # This class-default __allow_groups__ ensures that the
    # emergency user can still access the system if the top-level
    # UserFolder is deleted. This is necessary to allow people
    # to replace the top-level UserFolder object.
    __allow_groups__ = UserFolder()

    def __init__(self):
        # Initialize users
        uf = UserFolder()
        self.__allow_groups__ = uf
        self._setObject('acl_users', uf)

    def getId(self):
        try:
            return self.REQUEST['SCRIPT_NAME'][1:]
        except (KeyError, TypeError):
            return self.title

    def title_and_id(self):
        return self.title

    def title_or_id(self):
        return self.title

    def __class_init__(self):
        InitializeClass(self)

    @property
    def Control_Panel(self):
        return APP_MANAGER.__of__(self)

    def Redirect(self, destination, URL1):
        # Utility function to allow user-controlled redirects.
        # No docstring please, we do not want an open redirect
        # available as url.
        if destination.find('//') >= 0:
            raise RedirectException(destination)
        raise RedirectException(f"{URL1}/{destination}")

    ZopeRedirect = Redirect

    @security.protected(view_management_screens)
    def getZMIMainFrameTarget(self, REQUEST):
        """Utility method to get the right hand side ZMI frame source URL

        For cases where JavaScript is disabled the ZMI uses a simple REQUEST
        variable ``came_from`` to set the source URL for the right hand side
        ZMI frame. Since this value can be manipulated by the user it must be
        sanity-checked first.
        """
        parent_url = REQUEST['URL1']
        default = f'{parent_url}/manage_workspace'
        came_from = REQUEST.get('came_from', None)

        if not came_from:
            return default

        # When came_from contains suspicious code, it will not be a string,
        # but an instance of AccessControl.tainted.TaintedString.
        # Passing this to urlparse, gives:
        # AttributeError: 'str' object has no attribute 'decode'
        # This is good, but let's check explicitly.
        if isinstance(came_from, TaintedString):
            return default
        try:
            parsed_came_from = urlparse(came_from)
        except AttributeError:
            return default
        parsed_parent_url = urlparse(parent_url)

        # Only allow a passed-in ``came_from`` URL if it is local (just a path)
        # or if the URL scheme and hostname are the same as our own
        if (parsed_parent_url.scheme == parsed_came_from.scheme
                and parsed_parent_url.netloc == parsed_came_from.netloc):
            return came_from
        if (not parsed_came_from.scheme and not parsed_came_from.netloc):
            # This is only a path.  But some paths can be misinterpreted
            # by browsers.
            if parsed_came_from.path.startswith("//"):
                return default
            return came_from

        return default

    def __bobo_traverse__(self, REQUEST, name=None):
        if name is None:
            # Make this more explicit, otherwise getattr(self, name)
            # would raise a TypeError getattr(): attribute name must be string
            return None

        if name == 'Control_Panel':
            return APP_MANAGER.__of__(self)
        try:
            return getattr(self, name)
        except AttributeError:
            pass

        try:
            return self[name]
        except KeyError:
            pass

        method = REQUEST.get('REQUEST_METHOD', 'GET')

        if method not in ('GET', 'POST'):
            return NullResource(self, name, REQUEST).__of__(self)

        # Waaa. unrestrictedTraverse calls us with a fake REQUEST.
        # There is probably a better fix for this.
        try:
            REQUEST.RESPONSE.notFoundError(f"{name}\n{method}")
        except AttributeError:
            raise KeyError(name)

    def ZopeTime(self, *args):
        """Utility function to return current date/time"""
        return DateTime(*args)

    @security.protected(view_management_screens)
    def ZopeVersion(self, major=False):
        """Utility method to return the Zope version

        Restricted to ZMI to prevent information disclosure
        """
        zversion = getZopeVersion()
        if major:
            return zversion.major
        else:
            version = f'{zversion.major}.{zversion.minor}.{zversion.micro}'
            if zversion.status:
                version += f'.{zversion.status}{zversion.release}'

            return version

    def DELETE(self, REQUEST, RESPONSE):
        """Delete a resource object."""
        self.dav__init(REQUEST, RESPONSE)
        raise Forbidden('This resource cannot be deleted.')

    def MOVE(self, REQUEST, RESPONSE):
        """Move a resource to a new location."""
        self.dav__init(REQUEST, RESPONSE)
        raise Forbidden('This resource cannot be moved.')

    def absolute_url(self, relative=0):
        """The absolute URL of the root object is BASE1 or "/".
        """
        if relative:
            return ''
        try:
            # Take advantage of computed URL cache
            return self.REQUEST['BASE1']
        except (AttributeError, KeyError):
            return '/'

    def absolute_url_path(self):
        """The absolute URL path of the root object is BASEPATH1 or "/".
        """
        try:
            return self.REQUEST['BASEPATH1'] or '/'
        except (AttributeError, KeyError):
            return '/'

    def virtual_url_path(self):
        """The virtual URL path of the root object is empty.
        """
        return ''

    def getPhysicalRoot(self):
        return self

    def getPhysicalPath(self):
        # Get the physical path of the object.
        #
        # Returns a path (an immutable sequence of strings) that can be used to
        # access this object again later, for example in a copy/paste
        # operation.  getPhysicalRoot() and getPhysicalPath() are designed to
        # operate together.
        #
        # We're at the base of the path.
        return ('', )


InitializeClass(Application)


def initialize(app):
    initializer = AppInitializer(app)
    initializer.initialize()


class AppInitializer:
    """ Initialize an Application object (called at startup) """

    def __init__(self, app):
        self.app = (app,)

    def getApp(self):
        # this is probably necessary, but avoid acquisition anyway
        return self.app[0]

    def commit(self, note):
        transaction.get().note(note)
        transaction.commit()

    def initialize(self):
        # make sure to preserve relative ordering of calls below.
        self.install_app_manager()
        self.install_required_roles()
        self.install_inituser()
        self.install_products()
        self.install_standards()
        self.install_virtual_hosting()
        self.install_root_view()

    def install_app_manager(self):
        global APP_MANAGER
        APP_MANAGER = ApplicationManager()

        # Remove persistent Control Panel.
        app = self.getApp()
        app._p_activate()

        if 'Control_Panel' in list(app.__dict__.keys()):
            del app.__dict__['Control_Panel']
            app._objects = tuple(i for i in app._objects
                                 if i['id'] != 'Control_Panel')
            self.commit('Removed persistent Control_Panel')

    def install_required_roles(self):
        app = self.getApp()

        # Ensure that Owner role exists.
        if hasattr(app, '__ac_roles__') and not ('Owner' in app.__ac_roles__):
            app.__ac_roles__ = app.__ac_roles__ + ('Owner',)
            self.commit('Added Owner role')

        # ensure the Authenticated role exists.
        if hasattr(app, '__ac_roles__'):
            if 'Authenticated' not in app.__ac_roles__:
                app.__ac_roles__ = app.__ac_roles__ + ('Authenticated',)
                self.commit('Added Authenticated role')

    def install_inituser(self):
        app = self.getApp()
        # Install the initial user.
        if hasattr(app, 'acl_users'):
            users = app.acl_users
            if hasattr(users, '_createInitialUser'):
                app.acl_users._createInitialUser()
                self.commit('Created initial user')
            users = aq_base(users)
            migrated = getattr(users, '_ofs_migrated', False)
            if not migrated:
                klass = users.__class__
                from OFS.userfolder import UserFolder
                if klass is UserFolder:
                    # zope.deferredimport does a thourough job, so the class
                    # looks like it's from the new location already. And we
                    # don't want to migrate any custom user folders here.
                    users.__class__ = UserFolder
                    users._ofs_migrated = True
                    users._p_changed = True
                    app._p_changed = True
                    transaction.get().note('Migrated user folder')
                    transaction.commit()

    def install_virtual_hosting(self):
        app = self.getApp()
        if 'virtual_hosting' not in app:
            from Products.SiteAccess.VirtualHostMonster import \
                VirtualHostMonster
            any_vhm = [obj for obj in app.values()
                       if isinstance(obj, VirtualHostMonster)]
            if not any_vhm:
                vhm = VirtualHostMonster()
                vhm.id = 'virtual_hosting'
                vhm.addToContainer(app)
                self.commit('Added virtual_hosting')

    def install_root_view(self):
        app = self.getApp()
        if 'index_html' not in app:
            from Products.PageTemplates.ZopePageTemplate import \
                ZopePageTemplate
            root_pt = ZopePageTemplate('index_html')
            root_pt.pt_setTitle('Auto-generated default page')
            app._setObject('index_html', root_pt)
            self.commit('Added default view for root object')

    def install_products(self):
        return install_products(self.getApp())

    def install_standards(self):
        app = self.getApp()
        if getattr(app, '_standard_objects_have_been_added', None) is not None:
            delattr(app, '_standard_objects_have_been_added')
        if getattr(app, '_initializer_registry', None) is not None:
            delattr(app, '_initializer_registry')
        transaction.get().note('Removed unused application attributes.')
        transaction.commit()


def install_products(app=None):
    folder_permissions = get_folder_permissions()
    meta_types = []
    done = {}
    for priority, product_name, index, product_dir in get_products():
        # For each product, we will import it and try to call the
        # intialize() method in the product __init__ module. If
        # the method doesnt exist, we put the old-style information
        # together and do a default initialization.
        if product_name in done:
            continue
        done[product_name] = 1
        install_product(app, product_dir, product_name, meta_types,
                        folder_permissions)

    # Delayed install of packages-as-products
    for module, init_func in tuple(get_packages_to_initialize()):
        install_package(app, module, init_func)

    Products.meta_types = Products.meta_types + tuple(meta_types)
    InitializeClass(Folder.Folder)


def _is_package(product_dir, product_name):
    package_dir = os.path.join(product_dir, product_name)
    if not os.path.isdir(package_dir):
        return False

    init_py = os.path.join(package_dir, '__init__.py')
    if not os.path.exists(init_py) and \
       not os.path.exists(init_py + 'c') and \
       not os.path.exists(init_py + 'o'):
        return False
    return True


def get_products():
    """ Return a list of tuples in the form:
    [(priority, dir_name, index, base_dir), ...] for each Product directory
    found, sort before returning """
    products = []
    for index, product_dir in enumerate(Products.__path__):
        product_names = os.listdir(product_dir)
        for product_name in product_names:
            if _is_package(product_dir, product_name):
                # i is used as sort ordering in case a conflict exists
                # between Product names.  Products will be found as
                # per the ordering of Products.__path__
                products.append((0, product_name, index, product_dir))
    products.sort()
    return products


def import_products():
    done = {}
    for priority, product_name, index, product_dir in get_products():
        if product_name in done:
            LOG.warning(
                'Duplicate Product name: '
                'After loading Product %r from %r, '
                'I skipped the one in %r.' % (
                    product_name, done[product_name], product_dir))
            continue
        done[product_name] = product_dir
        import_product(product_dir, product_name)
    return list(done.keys())


def import_product(product_dir, product_name, raise_exc=None):
    if not _is_package(product_dir, product_name):
        return

    global_dict = globals()
    product = __import__("Products.%s" % product_name,
                         global_dict, global_dict, ('__doc__', ))
    if hasattr(product, '__module_aliases__'):
        for k, v in product.__module_aliases__:
            if k not in sys.modules:
                if isinstance(v, str) and v in sys.modules:
                    v = sys.modules[v]
                sys.modules[k] = v


def get_folder_permissions():
    folder_permissions = {}
    for p in Folder.Folder.__ac_permissions__:
        permission, names = p[:2]
        folder_permissions[permission] = names
    return folder_permissions


def install_product(app, product_dir, product_name, meta_types,
                    folder_permissions, raise_exc=None):
    if not _is_package(product_dir, product_name):
        return

    __traceback_info__ = product_name
    global_dict = globals()
    product = __import__("Products.%s" % product_name,
                         global_dict, global_dict, ('__doc__', ))

    # Install items into the misc_ namespace, used by products
    # and the framework itself to store common static resources
    # like icon images.
    misc_ = pgetattr(product, 'misc_', {})
    if misc_:
        if isinstance(misc_, dict):
            misc_ = Misc_(product_name, misc_)
        setattr(Application.misc_, product_name, misc_)

    productObject = FactoryDispatcher.Product(product_name)
    context = ProductContext(productObject, app, product)

    # Look for an 'initialize' method in the product.
    initmethod = pgetattr(product, 'initialize', None)
    if initmethod is not None:
        initmethod(context)


def install_package(app, module, init_func, raise_exc=None):
    """Installs a Python package like a product."""
    name = module.__name__
    product = FactoryDispatcher.Product(name)
    product.package_name = name

    if init_func is not None:
        newContext = ProductContext(product, app, module)
        init_func(newContext)

    package_initialized(module, init_func)


def pgetattr(product, name, default=install_products, __init__=0):
    if not __init__ and hasattr(product, name):
        return getattr(product, name)
    if hasattr(product, '__init__'):
        product = product.__init__
        if hasattr(product, name):
            return getattr(product, name)

    if default is not install_products:
        return default

    raise AttributeError(name)

1	##############################################################################
2	#
3	# Copyright (c) 2002 Zope Foundation and Contributors.
4	#
5	# This software is subject to the provisions of the Zope Public License,
6	# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
7	# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
8	# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
9	# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
10	# FOR A PARTICULAR PURPOSE.
11	#
12	##############################################################################
13	"""Application support	1✔
14	"""
15
16	import os	1✔
17	import sys	1✔
18	from logging import getLogger	1✔
19	from urllib.parse import urlparse	1✔
20
21	import Products	1✔
22	import transaction	1✔
23	from AccessControl import ClassSecurityInfo	1✔
24	from AccessControl.class_init import InitializeClass	1✔
25	from AccessControl.Permission import ApplicationDefaultPermissions	1✔
26	from AccessControl.Permissions import view_management_screens	1✔
27	from AccessControl.tainted import TaintedString	1✔
28	from Acquisition import aq_base	1✔
29	from App import FactoryDispatcher	1✔
30	from App.ApplicationManager import ApplicationManager	1✔
31	from App.ProductContext import ProductContext	1✔
32	from App.version_txt import getZopeVersion	1✔
33	from DateTime import DateTime	1✔
34	from OFS.FindSupport import FindSupport	1✔
35	from OFS.metaconfigure import get_packages_to_initialize	1✔
36	from OFS.metaconfigure import package_initialized	1✔
37	from OFS.userfolder import UserFolder	1✔
38	from webdav.NullResource import NullResource	1✔
39	from zExceptions import Forbidden	1✔
40	from zExceptions import Redirect as RedirectException	1✔
41	from zope.interface import implementer	1✔
42
43	from . import Folder	1✔
44	from . import misc_	1✔
45	from .interfaces import IApplication	1✔
46	from .misc_ import Misc_	1✔
47
48
49	LOG = getLogger('Application')	1✔
50
51	APP_MANAGER = None	1✔
52
53
54	@implementer(IApplication)	1✔
55	class Application(ApplicationDefaultPermissions, Folder.Folder, FindSupport):	1✔
56	"""Top-level system object"""
57
58	security = ClassSecurityInfo()	1✔
59
60	title = 'Zope'	1✔
61	__defined_roles__ = ('Manager', 'Anonymous', 'Owner')	1✔
62	__error_log__ = None	1✔
63	isTopLevelPrincipiaApplicationObject = 1	1✔
64
65	p_ = misc_.p_	1✔
66	misc_ = misc_.misc_	1✔
67	_reserved_names = ('Control_Panel', )	1✔
68
69	# This class-default __allow_groups__ ensures that the
70	# emergency user can still access the system if the top-level
71	# UserFolder is deleted. This is necessary to allow people
72	# to replace the top-level UserFolder object.
73	__allow_groups__ = UserFolder()	1✔
74
75	def __init__(self):	1✔
76	# Initialize users
77	uf = UserFolder()	1✔
78	self.__allow_groups__ = uf	1✔
79	self._setObject('acl_users', uf)	1✔
80
81	def getId(self):	1✔
82	try:	1✔
83	return self.REQUEST['SCRIPT_NAME'][1:]	1✔
84	except (KeyError, TypeError):	1✔
85	return self.title	1✔
86
87	def title_and_id(self):	1✔
88	return self.title	1✔
89
90	def title_or_id(self):	1✔
91	return self.title	1✔
92
93	def __class_init__(self):	1✔
94	InitializeClass(self)	1✔
95
96	@property	1✔
97	def Control_Panel(self):	1✔
98	return APP_MANAGER.__of__(self)	1✔
99
100	def Redirect(self, destination, URL1):	1✔
101	# Utility function to allow user-controlled redirects.
102	# No docstring please, we do not want an open redirect
103	# available as url.
104	if destination.find('//') >= 0:	1!
105	raise RedirectException(destination)	1✔
106	raise RedirectException(f"{URL1}/{destination}")	×
107
108	ZopeRedirect = Redirect	1✔
109
110	@security.protected(view_management_screens)	1✔
111	def getZMIMainFrameTarget(self, REQUEST):	1✔
112	"""Utility method to get the right hand side ZMI frame source URL
113
114	For cases where JavaScript is disabled the ZMI uses a simple REQUEST
115	variable ``came_from`` to set the source URL for the right hand side
116	ZMI frame. Since this value can be manipulated by the user it must be
117	sanity-checked first.
118	"""
119	parent_url = REQUEST['URL1']	1✔
120	default = f'{parent_url}/manage_workspace'	1✔
121	came_from = REQUEST.get('came_from', None)	1✔
122
123	if not came_from:	1✔
124	return default	1✔
125
126	# When came_from contains suspicious code, it will not be a string,
127	# but an instance of AccessControl.tainted.TaintedString.
128	# Passing this to urlparse, gives:
129	# AttributeError: 'str' object has no attribute 'decode'
130	# This is good, but let's check explicitly.
131	if isinstance(came_from, TaintedString):	1✔
132	return default	1✔
133	try:	1✔
134	parsed_came_from = urlparse(came_from)	1✔
135	except AttributeError:	×
136	return default	×
137	parsed_parent_url = urlparse(parent_url)	1✔
138
139	# Only allow a passed-in ``came_from`` URL if it is local (just a path)
140	# or if the URL scheme and hostname are the same as our own
141	if (parsed_parent_url.scheme == parsed_came_from.scheme	1✔
142	and parsed_parent_url.netloc == parsed_came_from.netloc):
143	return came_from	1✔
144	if (not parsed_came_from.scheme and not parsed_came_from.netloc):	1✔
145	# This is only a path. But some paths can be misinterpreted
146	# by browsers.
147	if parsed_came_from.path.startswith("//"):	1✔
148	return default	1✔
149	return came_from	1✔
150
151	return default	1✔
152
153	def __bobo_traverse__(self, REQUEST, name=None):	1✔
154	if name is None:	1✔
155	# Make this more explicit, otherwise getattr(self, name)
156	# would raise a TypeError getattr(): attribute name must be string
157	return None	1✔
158
159	if name == 'Control_Panel':	1!
160	return APP_MANAGER.__of__(self)	×
161	try:	1✔
162	return getattr(self, name)	1✔
163	except AttributeError:	1✔
164	pass	1✔
165
166	try:	1✔
167	return self[name]	1✔
168	except KeyError:	1✔
169	pass	1✔
170
171	method = REQUEST.get('REQUEST_METHOD', 'GET')	1✔
172
173	if method not in ('GET', 'POST'):	1!
174	return NullResource(self, name, REQUEST).__of__(self)	×
175
176	# Waaa. unrestrictedTraverse calls us with a fake REQUEST.
177	# There is probably a better fix for this.
178	try:	1✔
179	REQUEST.RESPONSE.notFoundError(f"{name}\n{method}")	1✔
180	except AttributeError:	1✔
181	raise KeyError(name)	1✔
182
183	def ZopeTime(self, *args):	1✔
184	"""Utility function to return current date/time"""
185	return DateTime(*args)	1✔
186
187	@security.protected(view_management_screens)	1✔
188	def ZopeVersion(self, major=False):	1✔
189	"""Utility method to return the Zope version
190
191	Restricted to ZMI to prevent information disclosure
192	"""
193	zversion = getZopeVersion()	1✔
194	if major:	1!
195	return zversion.major	1✔
196	else:
197	version = f'{zversion.major}.{zversion.minor}.{zversion.micro}'	×
198	if zversion.status:	×
199	version += f'.{zversion.status}{zversion.release}'	×
200
201	return version	×
202
203	def DELETE(self, REQUEST, RESPONSE):	1✔
204	"""Delete a resource object."""
205	self.dav__init(REQUEST, RESPONSE)	×
206	raise Forbidden('This resource cannot be deleted.')	×
207
208	def MOVE(self, REQUEST, RESPONSE):	1✔
209	"""Move a resource to a new location."""
210	self.dav__init(REQUEST, RESPONSE)	×
211	raise Forbidden('This resource cannot be moved.')	×
212
213	def absolute_url(self, relative=0):	1✔
214	"""The absolute URL of the root object is BASE1 or "/".
215	"""
216	if relative:	1✔
217	return ''	1✔
218	try:	1✔
219	# Take advantage of computed URL cache
220	return self.REQUEST['BASE1']	1✔
221	except (AttributeError, KeyError):	×
222	return '/'	×
223
224	def absolute_url_path(self):	1✔
225	"""The absolute URL path of the root object is BASEPATH1 or "/".
226	"""
227	try:	1✔
228	return self.REQUEST['BASEPATH1'] or '/'	1✔
229	except (AttributeError, KeyError):	×
230	return '/'	×
231
232	def virtual_url_path(self):	1✔
233	"""The virtual URL path of the root object is empty.
234	"""
235	return ''	1✔
236
237	def getPhysicalRoot(self):	1✔
238	return self	1✔
239
240	def getPhysicalPath(self):	1✔
241	# Get the physical path of the object.
242	#
243	# Returns a path (an immutable sequence of strings) that can be used to
244	# access this object again later, for example in a copy/paste
245	# operation. getPhysicalRoot() and getPhysicalPath() are designed to
246	# operate together.
247	#
248	# We're at the base of the path.
249	return ('', )	1✔
250
251
252	InitializeClass(Application)	1✔
253
254
255	def initialize(app):	1✔
256	initializer = AppInitializer(app)	1✔
257	initializer.initialize()	1✔
258
259
260	class AppInitializer:	1✔
261	""" Initialize an Application object (called at startup) """
262
263	def __init__(self, app):	1✔
264	self.app = (app,)	1✔
265
266	def getApp(self):	1✔
267	# this is probably necessary, but avoid acquisition anyway
268	return self.app[0]	1✔
269
270	def commit(self, note):	1✔
271	transaction.get().note(note)	1✔
272	transaction.commit()	1✔
273
274	def initialize(self):	1✔
275	# make sure to preserve relative ordering of calls below.
276	self.install_app_manager()	1✔
277	self.install_required_roles()	1✔
278	self.install_inituser()	1✔
279	self.install_products()	1✔
280	self.install_standards()	1✔
281	self.install_virtual_hosting()	1✔
282	self.install_root_view()	1✔
283
284	def install_app_manager(self):	1✔
285	global APP_MANAGER
286	APP_MANAGER = ApplicationManager()	1✔
287
288	# Remove persistent Control Panel.
289	app = self.getApp()	1✔
290	app._p_activate()	1✔
291
292	if 'Control_Panel' in list(app.__dict__.keys()):	1!
293	del app.__dict__['Control_Panel']	×
294	app._objects = tuple(i for i in app._objects	×
295	if i['id'] != 'Control_Panel')
296	self.commit('Removed persistent Control_Panel')	×
297
298	def install_required_roles(self):	1✔
299	app = self.getApp()	1✔
300
301	# Ensure that Owner role exists.
302	if hasattr(app, '__ac_roles__') and not ('Owner' in app.__ac_roles__):	1!
303	app.__ac_roles__ = app.__ac_roles__ + ('Owner',)	×
304	self.commit('Added Owner role')	×
305
306	# ensure the Authenticated role exists.
307	if hasattr(app, '__ac_roles__'):	1!
308	if 'Authenticated' not in app.__ac_roles__:	1!
309	app.__ac_roles__ = app.__ac_roles__ + ('Authenticated',)	×
310	self.commit('Added Authenticated role')	×
311
312	def install_inituser(self):	1✔
313	app = self.getApp()	1✔
314	# Install the initial user.
315	if hasattr(app, 'acl_users'):	1!
316	users = app.acl_users	1✔
317	if hasattr(users, '_createInitialUser'):	1!
318	app.acl_users._createInitialUser()	1✔
319	self.commit('Created initial user')	1✔
320	users = aq_base(users)	1✔
321	migrated = getattr(users, '_ofs_migrated', False)	1✔
322	if not migrated:	1!
323	klass = users.__class__	×
324	from OFS.userfolder import UserFolder	×
325	if klass is UserFolder:	×
326	# zope.deferredimport does a thourough job, so the class
327	# looks like it's from the new location already. And we
328	# don't want to migrate any custom user folders here.
329	users.__class__ = UserFolder	×
330	users._ofs_migrated = True	×
331	users._p_changed = True	×
332	app._p_changed = True	×
333	transaction.get().note('Migrated user folder')	×
334	transaction.commit()	×
335
336	def install_virtual_hosting(self):	1✔
337	app = self.getApp()	1✔
338	if 'virtual_hosting' not in app:	1!
339	from Products.SiteAccess.VirtualHostMonster import \	1✔
340	VirtualHostMonster
341	any_vhm = [obj for obj in app.values()	1✔
342	if isinstance(obj, VirtualHostMonster)]
343	if not any_vhm:	1!
344	vhm = VirtualHostMonster()	1✔
345	vhm.id = 'virtual_hosting'	1✔
346	vhm.addToContainer(app)	1✔
347	self.commit('Added virtual_hosting')	1✔
348
349	def install_root_view(self):	1✔
350	app = self.getApp()	1✔
351	if 'index_html' not in app:	1!
352	from Products.PageTemplates.ZopePageTemplate import \	1✔
353	ZopePageTemplate
354	root_pt = ZopePageTemplate('index_html')	1✔
355	root_pt.pt_setTitle('Auto-generated default page')	1✔
356	app._setObject('index_html', root_pt)	1✔
357	self.commit('Added default view for root object')	1✔
358
359	def install_products(self):	1✔
360	return install_products(self.getApp())	1✔
361
362	def install_standards(self):	1✔
363	app = self.getApp()	1✔
364	if getattr(app, '_standard_objects_have_been_added', None) is not None:	1!
365	delattr(app, '_standard_objects_have_been_added')	×
366	if getattr(app, '_initializer_registry', None) is not None:	1!
367	delattr(app, '_initializer_registry')	×
368	transaction.get().note('Removed unused application attributes.')	1✔
369	transaction.commit()	1✔
370
371
372	def install_products(app=None):	1✔
373	folder_permissions = get_folder_permissions()	1✔
374	meta_types = []	1✔
375	done = {}	1✔
376	for priority, product_name, index, product_dir in get_products():	1✔
377	# For each product, we will import it and try to call the
378	# intialize() method in the product __init__ module. If
379	# the method doesnt exist, we put the old-style information
380	# together and do a default initialization.
381	if product_name in done:	1!
382	continue	×
383	done[product_name] = 1	1✔
384	install_product(app, product_dir, product_name, meta_types,	1✔
385	folder_permissions)
386
387	# Delayed install of packages-as-products
388	for module, init_func in tuple(get_packages_to_initialize()):	1✔
389	install_package(app, module, init_func)	1✔
390
391	Products.meta_types = Products.meta_types + tuple(meta_types)	1✔
392	InitializeClass(Folder.Folder)	1✔
393
394
395	def _is_package(product_dir, product_name):	1✔
396	package_dir = os.path.join(product_dir, product_name)	1✔
397	if not os.path.isdir(package_dir):	1✔
398	return False	1✔
399
400	init_py = os.path.join(package_dir, '__init__.py')	1✔
401	if not os.path.exists(init_py) and \	1✔
402	not os.path.exists(init_py + 'c') and \
403	not os.path.exists(init_py + 'o'):
404	return False	1✔
405	return True	1✔
406
407
408	def get_products():	1✔
409	""" Return a list of tuples in the form:
410	[(priority, dir_name, index, base_dir), ...] for each Product directory
411	found, sort before returning """
412	products = []	1✔
413	for index, product_dir in enumerate(Products.__path__):	1✔
414	product_names = os.listdir(product_dir)	1✔
415	for product_name in product_names:	1✔
416	if _is_package(product_dir, product_name):	1✔
417	# i is used as sort ordering in case a conflict exists
418	# between Product names. Products will be found as
419	# per the ordering of Products.__path__
420	products.append((0, product_name, index, product_dir))	1✔
421	products.sort()	1✔
422	return products	1✔
423
424
425	def import_products():	1✔
426	done = {}	1✔
427	for priority, product_name, index, product_dir in get_products():	1✔
428	if product_name in done:	1!
429	LOG.warning(	×
430	'Duplicate Product name: '
431	'After loading Product %r from %r, '
432	'I skipped the one in %r.' % (
433	product_name, done[product_name], product_dir))
434	continue	×
435	done[product_name] = product_dir	1✔
436	import_product(product_dir, product_name)	1✔
437	return list(done.keys())	1✔
438
439
440	def import_product(product_dir, product_name, raise_exc=None):	1✔
441	if not _is_package(product_dir, product_name):	1!
442	return	×
443
444	global_dict = globals()	1✔
445	product = __import__("Products.%s" % product_name,	1✔
446	global_dict, global_dict, ('__doc__', ))
447	if hasattr(product, '__module_aliases__'):	1!
448	for k, v in product.__module_aliases__:	×
449	if k not in sys.modules:	×
450	if isinstance(v, str) and v in sys.modules:	×
451	v = sys.modules[v]	×
452	sys.modules[k] = v	×
453
454
455	def get_folder_permissions():	1✔
456	folder_permissions = {}	1✔
457	for p in Folder.Folder.__ac_permissions__:	1!
458	permission, names = p[:2]	×
459	folder_permissions[permission] = names	×
460	return folder_permissions	1✔
461
462
463	def install_product(app, product_dir, product_name, meta_types,	1✔
464	folder_permissions, raise_exc=None):
465	if not _is_package(product_dir, product_name):	1!
466	return	×
467
468	__traceback_info__ = product_name	1✔
469	global_dict = globals()	1✔
470	product = __import__("Products.%s" % product_name,	1✔
471	global_dict, global_dict, ('__doc__', ))
472
473	# Install items into the misc_ namespace, used by products
474	# and the framework itself to store common static resources
475	# like icon images.
476	misc_ = pgetattr(product, 'misc_', {})	1✔
477	if misc_:	1!
478	if isinstance(misc_, dict):	×
479	misc_ = Misc_(product_name, misc_)	×
480	setattr(Application.misc_, product_name, misc_)	×
481
482	productObject = FactoryDispatcher.Product(product_name)	1✔
483	context = ProductContext(productObject, app, product)	1✔
484
485	# Look for an 'initialize' method in the product.
486	initmethod = pgetattr(product, 'initialize', None)	1✔
487	if initmethod is not None:	1✔
488	initmethod(context)	1✔
489
490
491	def install_package(app, module, init_func, raise_exc=None):	1✔
492	"""Installs a Python package like a product."""
493	name = module.__name__	1✔
494	product = FactoryDispatcher.Product(name)	1✔
495	product.package_name = name	1✔
496
497	if init_func is not None:	1!
498	newContext = ProductContext(product, app, module)	1✔
499	init_func(newContext)	1✔
500
501	package_initialized(module, init_func)	1✔
502
503
504	def pgetattr(product, name, default=install_products, __init__=0):	1✔
505	if not __init__ and hasattr(product, name):	1✔
506	return getattr(product, name)	1✔
507	if hasattr(product, '__init__'):	1!
508	product = product.__init__	1✔
509	if hasattr(product, name):	1!
510	return getattr(product, name)	×
511
512	if default is not install_products:	1!
513	return default	1✔
514
515	raise AttributeError(name)	×

zopefoundation / Zope / 6146602733

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous