From b39edd821cd0907af61889120cf81bd696a83cbe Mon Sep 17 00:00:00 2001 From: Chris Dodge Date: Thu, 11 Jul 2013 12:05:07 -0400 Subject: [PATCH 1/3] seems like we need to define COURSES_WITH_UNSAFE_CODE in cms.envs.common.py, although cms.envs.common.py imports lms.envs.common (where this is defined). --- cms/envs/common.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cms/envs/common.py b/cms/envs/common.py index 1207b8fe05..260aa30cd2 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -368,3 +368,5 @@ MKTG_URL_LINK_MAP = { 'HONOR': 'honor', 'PRIVACY': 'privacy_edx', } + +COURSES_WITH_UNSAFE_CODE = [] From c3ad168b10ebb47af1ca531b3b7fd005af9d34cc Mon Sep 17 00:00:00 2001 From: Chris Dodge Date: Thu, 11 Jul 2013 12:12:42 -0400 Subject: [PATCH 2/3] also add some defaulting to the querying of the settings where it defaults to an empty set --- common/djangoapps/util/sandboxing.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common/djangoapps/util/sandboxing.py b/common/djangoapps/util/sandboxing.py index 7d1c1da06f..2024f8fa27 100644 --- a/common/djangoapps/util/sandboxing.py +++ b/common/djangoapps/util/sandboxing.py @@ -14,7 +14,9 @@ def can_execute_unsafe_code(course_id): """ # To decide if we can run unsafe code, we check the course id against # a list of regexes configured on the server. - for regex in settings.COURSES_WITH_UNSAFE_CODE: + # If this is not defined in the environment variables then default to the most restrictive, which + # is 'no unsafe courses' + for regex in getattr(settings, 'COURSES_WITH_UNSAFE_CODE', []): if re.match(regex, course_id): return True return False From fbe2cde6e53bfa773bcdfde08b393ee53a8d8164 Mon Sep 17 00:00:00 2001 From: Chris Dodge Date: Thu, 11 Jul 2013 14:31:53 -0400 Subject: [PATCH 3/3] add simple unit test on the defaulting of the settings --- common/djangoapps/util/tests/test_sandboxing.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/common/djangoapps/util/tests/test_sandboxing.py b/common/djangoapps/util/tests/test_sandboxing.py index 4bccac707f..c76132696a 100644 --- a/common/djangoapps/util/tests/test_sandboxing.py +++ b/common/djangoapps/util/tests/test_sandboxing.py @@ -25,3 +25,10 @@ class SandboxingTest(TestCase): """ self.assertTrue(can_execute_unsafe_code('edX/full/2012_Fall')) self.assertTrue(can_execute_unsafe_code('edX/full/2013_Spring')) + + def test_courses_with_unsafe_code_default(self): + """ + Test that the default setting for COURSES_WITH_UNSAFE_CODE is an empty setting, e.g. we don't use @override_settings in these tests + """ + self.assertFalse(can_execute_unsafe_code('edX/full/2012_Fall')) + self.assertFalse(can_execute_unsafe_code('edX/full/2013_Spring'))