couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [4/4] couchdb commit: updated refs/heads/master to d6abc18
Date Fri, 09 Sep 2016 13:28:37 GMT
option to disable runtime code evaluation


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/d6abc18f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/d6abc18f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/d6abc18f

Branch: refs/heads/master
Commit: d6abc18f27b7b0d0d6cf3e88d25c8066900958a1
Parents: 33a7141
Author: Randall Leeds <randall@apache.org>
Authored: Sat Apr 23 17:49:34 2016 -0700
Committer: Robert Newson <rnewson@apache.org>
Committed: Fri Sep 9 14:27:56 2016 +0100

----------------------------------------------------------------------
 rebar.config.script                      |  2 +-
 test/javascript/tests/view_sandboxing.js | 41 +++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/d6abc18f/rebar.config.script
----------------------------------------------------------------------
diff --git a/rebar.config.script b/rebar.config.script
index cece0f9..104006e 100644
--- a/rebar.config.script
+++ b/rebar.config.script
@@ -29,7 +29,7 @@ DepDescs = [
 {b64url,           "b64url",           "6895652d80f95cdf04efb14625abed868998f174"},
 {couch_log,        "couch-log",        "ad803f66dbd1900b67543259142875a6d03503ce"},
 {chttpd,           "chttpd",           "c6b044006fcb58386099105fb6d9e0a036a62ed9"},
-{couch,            "couch",            "72869b8bf139ffc2542d02a2bd3b862042a668c3"},
+{couch,            "couch",            "092dec86bbf068e0ab99f6586668260515fc86a9"},
 {couch_index,      "couch-index",      "53555fd909d5dd3d4a610c3fd6795950a8f7d022"},
 {couch_mrview,     "couch-mrview",     "a0b0392afe66ece9ef3bb4fdd5a4f159c97c47eb"},
 {couch_replicator, "couch-replicator", "b9232c8d410d529d65030896e075c4b4327631b0"},

http://git-wip-us.apache.org/repos/asf/couchdb/blob/d6abc18f/test/javascript/tests/view_sandboxing.js
----------------------------------------------------------------------
diff --git a/test/javascript/tests/view_sandboxing.js b/test/javascript/tests/view_sandboxing.js
index c70eecc..171777b 100644
--- a/test/javascript/tests/view_sandboxing.js
+++ b/test/javascript/tests/view_sandboxing.js
@@ -145,6 +145,47 @@ couchTests.view_sandboxing = function(debug) {
   }
 */
 
+  // test that runtime code evaluation can be prevented
+  console.log('TODO: config port not available on cluster');
+  /*var couchjs_command_xhr = CouchDB.request(
+    "GET", "/_config/query_servers/javascript");
+
+  var couchjs_command = JSON.parse(couchjs_command_xhr.responseText);
+  var couchjs_command_args = couchjs_command.match(/\S+|"(?:\\"|[^"])+"/g);
+
+  couchjs_command_args.splice(1, 0, "--no-eval");
+  var new_couchjs_command = couchjs_command_args.join(" ");
+
+  run_on_modified_server(
+    [{section: "query_servers",
+      key: "javascript",
+      value: new_couchjs_command}],
+    function () {
+      var ddoc = {
+        _id: "_design/foobar",
+        language: "javascript",
+        views: {
+          view: {
+            map:
+            (function(doc) {
+              var glob = emit.constructor('return this')();
+              emit(doc._id, null);
+            }).toString()
+          }
+        }
+      };
+
+      db.deleteDb();
+      db.createDb();
+      T(db.save(ddoc).ok);
+
+      T(db.save(doc).ok);
+      var results = db.view(
+        "foobar/view", {bypass_cache: Math.round(Math.random() * 1000)});
+
+      TEquals(0, results.rows.length);
+    });*/
+
   // cleanup
   db.deleteDb();
 };


Mime
View raw message