An SSRF-preventing wrapper around Python's requests library. Advocate is no longer maintained, please fork and rename if you would like to continue work on it.
Other
92
stars
17
forks
source link
Refactor requests compatibility tests to work with new requests versions #6
Currently we have a pretty heinous way of checking that our wrappers don't break existing functionality across multiple versions of requests. We pull the source for requests, read in its test_requests.py file and make modifications so that any calls to requests.<foo>() will instead use the advocate wrapper. We also use regexes to replace code in older requests versions' test code that is broken under Python 3.
We then take all that regex-mangled code, exec() it, and shove the resulting test functions' globals into the test_advocate module so they get run with the rest of our tests. Gross.
This sort of worked up until recently, when requests did the sensible thing and migrated from a single test script to a directory of test scripts. Rather than have separate code-paths for searching / replacing source in the different requests versions we should make these tests less brittle.
My current plan is:
Throw out the regex-replacement junk.
Stop running tests against versions of requests where the upstream test suite fails without modification (such as 2.4 which broke due to httpbin changes.)
Stop running Python 3 tests against versions of requests where the upstream test suite failed under Python 3 without modification
Instead of replacing requests.<method>() with advocate_wrapper.<method>() in the source, figure out a better way of intercepting uses of the requests module directly by requests' test suite (something like the _WrappedSocket we already use.)
Currently we have a pretty heinous way of checking that our wrappers don't break existing functionality across multiple versions of requests. We pull the source for requests, read in its
test_requests.py
file and make modifications so that any calls torequests.<foo>()
will instead use the advocate wrapper. We also use regexes to replace code in older requests versions' test code that is broken under Python 3.We then take all that regex-mangled code,
exec()
it, and shove the resulting test functions' globals into thetest_advocate
module so they get run with the rest of our tests. Gross.This sort of worked up until recently, when requests did the sensible thing and migrated from a single test script to a directory of test scripts. Rather than have separate code-paths for searching / replacing source in the different requests versions we should make these tests less brittle.
My current plan is:
2.4
which broke due to httpbin changes.)requests.<method>()
withadvocate_wrapper.<method>()
in the source, figure out a better way of intercepting uses of therequests
module directly by requests' test suite (something like the_WrappedSocket
we already use.)