Safebox 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/AUTHORS +1 -0
- data/README.md +99 -0
- data/VERSION +1 -1
- data/bin/box.rb +5 -4
- data/bin/box2.rb +19 -0
- data/bin/box2.rbc +553 -0
- data/lib/safebox/box.rb +6 -2
- data/lib/safebox/safebox.rb +18 -1
- metadata +7 -4
data/AUTHORS
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
Denis Knauf <denis dot knauf at gmail dot com>
|
data/README.md
CHANGED
@@ -0,0 +1,99 @@
|
|
1
|
+
Requires
|
2
|
+
========
|
3
|
+
|
4
|
+
Ruby MRI or Ruby 1.9.
|
5
|
+
|
6
|
+
Will not work with Rubinius! It does not support $SAFE.
|
7
|
+
|
8
|
+
I do not know JRuby.
|
9
|
+
|
10
|
+
Install
|
11
|
+
=======
|
12
|
+
|
13
|
+
gem install Safebox
|
14
|
+
|
15
|
+
Usage
|
16
|
+
=====
|
17
|
+
|
18
|
+
First load the safebox:
|
19
|
+
|
20
|
+
require 'safebox'
|
21
|
+
|
22
|
+
The most things in your Safebox are possible:
|
23
|
+
|
24
|
+
value = Safebox.eval "1+2**9" # => 513
|
25
|
+
value = Safebox.eval {|| 1+2**8 } # => 257
|
26
|
+
|
27
|
+
You can use a String or a Proc, also as argument:
|
28
|
+
|
29
|
+
value = Safebox.eval lambda {|| 1+2**7 }
|
30
|
+
|
31
|
+
More complex code with classes and everything else...
|
32
|
+
|
33
|
+
value = Safebox.eval do
|
34
|
+
class Mail
|
35
|
+
attr_accessor :subject, :body, :to, :from
|
36
|
+
def generate
|
37
|
+
[ "To: #{@to}", "From: #{@from}",
|
38
|
+
"Subject: #{@subject}", '', @body ].join "\n"
|
39
|
+
end
|
40
|
+
end
|
41
|
+
mail = Mail.new
|
42
|
+
mail.from, mail.to, mail.subject = "me", "root", "Plz install Ruby :)"
|
43
|
+
mail.subject = "..."
|
44
|
+
mail.generate
|
45
|
+
end
|
46
|
+
|
47
|
+
Only some good things are not possible:
|
48
|
+
|
49
|
+
Safebox.eval "$stdout.puts 'I am OK!'" # not possible :(
|
50
|
+
|
51
|
+
But, very bad code will not damage your system.
|
52
|
+
|
53
|
+
Safebox.eval "class Unsecure;def self.code() system 'rm *' ; end end; Unsecure.code" # will fail :)
|
54
|
+
|
55
|
+
This will raise a SecurityError.
|
56
|
+
|
57
|
+
What is with raised exceptions, like SecurityError or others?
|
58
|
+
|
59
|
+
Safebox.eval "raise Exception"
|
60
|
+
|
61
|
+
This will print the Exception to Console.
|
62
|
+
|
63
|
+
You want to get the Exception?
|
64
|
+
|
65
|
+
ret = Safebox.run "raise Exception"
|
66
|
+
ret # => [:exception, #<Exception>]
|
67
|
+
|
68
|
+
What is *Safebox.run*?
|
69
|
+
|
70
|
+
ret = Safebox.run "1+2**9"
|
71
|
+
ret # => [:value, 513]
|
72
|
+
|
73
|
+
It returns the value or the raised exception. -- Nothing else.
|
74
|
+
|
75
|
+
You should know, Ruby is not stupid. I am very surprised,
|
76
|
+
because this is not possible:
|
77
|
+
|
78
|
+
aA = Safebox.eval do
|
79
|
+
class A
|
80
|
+
def to_s
|
81
|
+
'Owned!'
|
82
|
+
end
|
83
|
+
end
|
84
|
+
A.new
|
85
|
+
end
|
86
|
+
aA.to_s # => SecurityError: calling insecure method: to_s
|
87
|
+
|
88
|
+
*A#to_s* is defined in our *Safebox*, so every call outside can be a security hole.
|
89
|
+
|
90
|
+
But you can use #to_s in an other Safebox, withour any risk:
|
91
|
+
|
92
|
+
Safebox.eval aA.method( :to_s) # => "Owned!" # Not really :)
|
93
|
+
|
94
|
+
Behind Safebox
|
95
|
+
==============
|
96
|
+
|
97
|
+
It uses only a Thread, $SAFE=4 and some code for automatism.
|
98
|
+
|
99
|
+
The real magic is Ruby itself.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.2
|
data/bin/box.rb
CHANGED
@@ -8,19 +8,20 @@ rescue LoadError
|
|
8
8
|
end
|
9
9
|
require 'safebox'
|
10
10
|
|
11
|
-
_ = nil
|
11
|
+
_ = _e = nil
|
12
12
|
Dir.mkdir 'logs' rescue Errno::EEXIST
|
13
13
|
SBDB::Env.new 'logs', SBDB::CREATE | SBDB::Env::INIT_TRANSACTION do |logs|
|
14
|
-
db = logs['test', :type => SBDB::Btree, :flags => SBDB::CREATE]
|
14
|
+
db = logs[ 'test', :type => SBDB::Btree, :flags => SBDB::CREATE]
|
15
15
|
db = Safebox::Persistent.new db, db.cursor
|
16
16
|
$stdout.print "(0)$ "
|
17
17
|
STDIN.each_with_index do |line, i|
|
18
|
-
ret = Safebox.run line, Safebox::Box, db, _
|
18
|
+
ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
|
19
19
|
if :value == ret.first
|
20
20
|
_ = ret.last
|
21
21
|
$stdout.puts "=> #{ret.last.inspect}"
|
22
22
|
else
|
23
|
-
|
23
|
+
_e = ret.last
|
24
|
+
$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
|
24
25
|
end
|
25
26
|
$stdout.print "(#{i+1})$ "
|
26
27
|
end
|
data/bin/box2.rb
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
require 'safebox'
|
4
|
+
|
5
|
+
_ = _e = nil
|
6
|
+
$stdout.print "(0)$ "
|
7
|
+
db = {}
|
8
|
+
db.taint
|
9
|
+
STDIN.each.each_with_index do |line, i|
|
10
|
+
ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
|
11
|
+
if :value == ret.first
|
12
|
+
_ = ret.last
|
13
|
+
$stdout.puts "=> #{ret.last.inspect}"
|
14
|
+
else
|
15
|
+
_e = ret.last
|
16
|
+
$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
|
17
|
+
end
|
18
|
+
$stdout.print "(#{i+1})$ "
|
19
|
+
end
|
data/bin/box2.rbc
ADDED
@@ -0,0 +1,553 @@
|
|
1
|
+
!RBIX
|
2
|
+
0
|
3
|
+
x
|
4
|
+
M
|
5
|
+
1
|
6
|
+
n
|
7
|
+
n
|
8
|
+
x
|
9
|
+
10
|
10
|
+
__script__
|
11
|
+
i
|
12
|
+
60
|
13
|
+
5
|
14
|
+
7
|
15
|
+
0
|
16
|
+
61
|
17
|
+
44
|
18
|
+
46
|
19
|
+
1
|
20
|
+
1
|
21
|
+
14
|
22
|
+
1
|
23
|
+
17
|
24
|
+
1
|
25
|
+
17
|
26
|
+
0
|
27
|
+
14
|
28
|
+
42
|
29
|
+
2
|
30
|
+
3
|
31
|
+
40
|
32
|
+
4
|
33
|
+
7
|
34
|
+
5
|
35
|
+
46
|
36
|
+
6
|
37
|
+
1
|
38
|
+
7
|
39
|
+
7
|
40
|
+
61
|
41
|
+
46
|
42
|
+
8
|
43
|
+
1
|
44
|
+
14
|
45
|
+
41
|
46
|
+
40
|
47
|
+
9
|
48
|
+
75
|
49
|
+
46
|
50
|
+
10
|
51
|
+
1
|
52
|
+
17
|
53
|
+
2
|
54
|
+
14
|
55
|
+
18
|
56
|
+
2
|
57
|
+
45
|
58
|
+
11
|
59
|
+
14
|
60
|
+
42
|
61
|
+
12
|
62
|
+
13
|
63
|
+
45
|
64
|
+
14
|
65
|
+
53
|
66
|
+
15
|
67
|
+
47
|
68
|
+
16
|
69
|
+
0
|
70
|
+
14
|
71
|
+
2
|
72
|
+
11
|
73
|
+
I
|
74
|
+
5
|
75
|
+
I
|
76
|
+
3
|
77
|
+
I
|
78
|
+
0
|
79
|
+
I
|
80
|
+
0
|
81
|
+
n
|
82
|
+
p
|
83
|
+
17
|
84
|
+
s
|
85
|
+
7
|
86
|
+
safebox
|
87
|
+
x
|
88
|
+
7
|
89
|
+
require
|
90
|
+
x
|
91
|
+
8
|
92
|
+
Rubinius
|
93
|
+
n
|
94
|
+
x
|
95
|
+
7
|
96
|
+
Globals
|
97
|
+
x
|
98
|
+
7
|
99
|
+
$stdout
|
100
|
+
x
|
101
|
+
2
|
102
|
+
[]
|
103
|
+
s
|
104
|
+
5
|
105
|
+
(0)$
|
106
|
+
x
|
107
|
+
5
|
108
|
+
print
|
109
|
+
x
|
110
|
+
4
|
111
|
+
Hash
|
112
|
+
x
|
113
|
+
16
|
114
|
+
new_from_literal
|
115
|
+
x
|
116
|
+
5
|
117
|
+
taint
|
118
|
+
x
|
119
|
+
5
|
120
|
+
STDIN
|
121
|
+
n
|
122
|
+
x
|
123
|
+
4
|
124
|
+
each
|
125
|
+
M
|
126
|
+
1
|
127
|
+
n
|
128
|
+
n
|
129
|
+
x
|
130
|
+
9
|
131
|
+
__block__
|
132
|
+
i
|
133
|
+
209
|
134
|
+
55
|
135
|
+
33
|
136
|
+
34
|
137
|
+
17
|
138
|
+
0
|
139
|
+
14
|
140
|
+
34
|
141
|
+
17
|
142
|
+
1
|
143
|
+
14
|
144
|
+
14
|
145
|
+
42
|
146
|
+
0
|
147
|
+
1
|
148
|
+
18
|
149
|
+
0
|
150
|
+
42
|
151
|
+
2
|
152
|
+
3
|
153
|
+
13
|
154
|
+
68
|
155
|
+
4
|
156
|
+
47
|
157
|
+
9
|
158
|
+
41
|
159
|
+
44
|
160
|
+
45
|
161
|
+
5
|
162
|
+
13
|
163
|
+
42
|
164
|
+
0
|
165
|
+
6
|
166
|
+
40
|
167
|
+
7
|
168
|
+
44
|
169
|
+
46
|
170
|
+
8
|
171
|
+
1
|
172
|
+
14
|
173
|
+
8
|
174
|
+
49
|
175
|
+
42
|
176
|
+
0
|
177
|
+
9
|
178
|
+
40
|
179
|
+
7
|
180
|
+
46
|
181
|
+
4
|
182
|
+
1
|
183
|
+
19
|
184
|
+
1
|
185
|
+
2
|
186
|
+
19
|
187
|
+
1
|
188
|
+
0
|
189
|
+
19
|
190
|
+
1
|
191
|
+
1
|
192
|
+
46
|
193
|
+
10
|
194
|
+
5
|
195
|
+
17
|
196
|
+
2
|
197
|
+
14
|
198
|
+
7
|
199
|
+
11
|
200
|
+
18
|
201
|
+
2
|
202
|
+
45
|
203
|
+
12
|
204
|
+
80
|
205
|
+
13
|
206
|
+
9
|
207
|
+
110
|
208
|
+
18
|
209
|
+
2
|
210
|
+
45
|
211
|
+
14
|
212
|
+
20
|
213
|
+
1
|
214
|
+
0
|
215
|
+
14
|
216
|
+
42
|
217
|
+
15
|
218
|
+
16
|
219
|
+
40
|
220
|
+
17
|
221
|
+
7
|
222
|
+
18
|
223
|
+
46
|
224
|
+
19
|
225
|
+
1
|
226
|
+
7
|
227
|
+
20
|
228
|
+
18
|
229
|
+
2
|
230
|
+
45
|
231
|
+
14
|
232
|
+
45
|
233
|
+
21
|
234
|
+
44
|
235
|
+
45
|
236
|
+
22
|
237
|
+
60
|
238
|
+
2
|
239
|
+
46
|
240
|
+
23
|
241
|
+
1
|
242
|
+
8
|
243
|
+
180
|
244
|
+
18
|
245
|
+
2
|
246
|
+
45
|
247
|
+
14
|
248
|
+
20
|
249
|
+
1
|
250
|
+
1
|
251
|
+
14
|
252
|
+
42
|
253
|
+
15
|
254
|
+
24
|
255
|
+
40
|
256
|
+
17
|
257
|
+
7
|
258
|
+
18
|
259
|
+
46
|
260
|
+
19
|
261
|
+
1
|
262
|
+
18
|
263
|
+
2
|
264
|
+
45
|
265
|
+
14
|
266
|
+
45
|
267
|
+
21
|
268
|
+
18
|
269
|
+
2
|
270
|
+
45
|
271
|
+
14
|
272
|
+
45
|
273
|
+
25
|
274
|
+
41
|
275
|
+
40
|
276
|
+
26
|
277
|
+
75
|
278
|
+
7
|
279
|
+
27
|
280
|
+
46
|
281
|
+
4
|
282
|
+
2
|
283
|
+
46
|
284
|
+
19
|
285
|
+
1
|
286
|
+
7
|
287
|
+
28
|
288
|
+
61
|
289
|
+
7
|
290
|
+
29
|
291
|
+
46
|
292
|
+
30
|
293
|
+
1
|
294
|
+
13
|
295
|
+
67
|
296
|
+
10
|
297
|
+
171
|
298
|
+
41
|
299
|
+
40
|
300
|
+
31
|
301
|
+
12
|
302
|
+
46
|
303
|
+
32
|
304
|
+
1
|
305
|
+
47
|
306
|
+
33
|
307
|
+
0
|
308
|
+
7
|
309
|
+
34
|
310
|
+
61
|
311
|
+
46
|
312
|
+
23
|
313
|
+
3
|
314
|
+
14
|
315
|
+
42
|
316
|
+
15
|
317
|
+
35
|
318
|
+
40
|
319
|
+
17
|
320
|
+
7
|
321
|
+
18
|
322
|
+
46
|
323
|
+
19
|
324
|
+
1
|
325
|
+
7
|
326
|
+
36
|
327
|
+
18
|
328
|
+
1
|
329
|
+
76
|
330
|
+
78
|
331
|
+
37
|
332
|
+
44
|
333
|
+
45
|
334
|
+
22
|
335
|
+
7
|
336
|
+
38
|
337
|
+
60
|
338
|
+
3
|
339
|
+
46
|
340
|
+
39
|
341
|
+
1
|
342
|
+
11
|
343
|
+
I
|
344
|
+
a
|
345
|
+
I
|
346
|
+
3
|
347
|
+
I
|
348
|
+
2
|
349
|
+
I
|
350
|
+
2
|
351
|
+
n
|
352
|
+
p
|
353
|
+
40
|
354
|
+
x
|
355
|
+
7
|
356
|
+
Safebox
|
357
|
+
n
|
358
|
+
x
|
359
|
+
5
|
360
|
+
Class
|
361
|
+
n
|
362
|
+
x
|
363
|
+
3
|
364
|
+
new
|
365
|
+
x
|
366
|
+
8
|
367
|
+
allocate
|
368
|
+
n
|
369
|
+
x
|
370
|
+
3
|
371
|
+
Box
|
372
|
+
x
|
373
|
+
10
|
374
|
+
initialize
|
375
|
+
n
|
376
|
+
x
|
377
|
+
3
|
378
|
+
run
|
379
|
+
x
|
380
|
+
5
|
381
|
+
value
|
382
|
+
x
|
383
|
+
5
|
384
|
+
first
|
385
|
+
x
|
386
|
+
2
|
387
|
+
==
|
388
|
+
x
|
389
|
+
4
|
390
|
+
last
|
391
|
+
x
|
392
|
+
8
|
393
|
+
Rubinius
|
394
|
+
n
|
395
|
+
x
|
396
|
+
7
|
397
|
+
Globals
|
398
|
+
x
|
399
|
+
7
|
400
|
+
$stdout
|
401
|
+
x
|
402
|
+
2
|
403
|
+
[]
|
404
|
+
s
|
405
|
+
3
|
406
|
+
=>
|
407
|
+
x
|
408
|
+
7
|
409
|
+
inspect
|
410
|
+
x
|
411
|
+
4
|
412
|
+
to_s
|
413
|
+
x
|
414
|
+
4
|
415
|
+
puts
|
416
|
+
n
|
417
|
+
x
|
418
|
+
9
|
419
|
+
backtrace
|
420
|
+
x
|
421
|
+
5
|
422
|
+
Range
|
423
|
+
I
|
424
|
+
-4
|
425
|
+
s
|
426
|
+
3
|
427
|
+
%s
|
428
|
+
x
|
429
|
+
1
|
430
|
+
%
|
431
|
+
x
|
432
|
+
6
|
433
|
+
method
|
434
|
+
x
|
435
|
+
4
|
436
|
+
Proc
|
437
|
+
x
|
438
|
+
14
|
439
|
+
__from_block__
|
440
|
+
x
|
441
|
+
3
|
442
|
+
map
|
443
|
+
s
|
444
|
+
19
|
445
|
+
Safebox:1:in `run'
|
446
|
+
n
|
447
|
+
s
|
448
|
+
1
|
449
|
+
(
|
450
|
+
x
|
451
|
+
1
|
452
|
+
+
|
453
|
+
s
|
454
|
+
3
|
455
|
+
)$
|
456
|
+
x
|
457
|
+
5
|
458
|
+
print
|
459
|
+
p
|
460
|
+
17
|
461
|
+
I
|
462
|
+
0
|
463
|
+
I
|
464
|
+
9
|
465
|
+
I
|
466
|
+
b
|
467
|
+
I
|
468
|
+
a
|
469
|
+
I
|
470
|
+
40
|
471
|
+
I
|
472
|
+
b
|
473
|
+
I
|
474
|
+
4a
|
475
|
+
I
|
476
|
+
c
|
477
|
+
I
|
478
|
+
52
|
479
|
+
I
|
480
|
+
d
|
481
|
+
I
|
482
|
+
6e
|
483
|
+
I
|
484
|
+
f
|
485
|
+
I
|
486
|
+
76
|
487
|
+
I
|
488
|
+
10
|
489
|
+
I
|
490
|
+
b5
|
491
|
+
I
|
492
|
+
12
|
493
|
+
I
|
494
|
+
d1
|
495
|
+
x
|
496
|
+
11
|
497
|
+
bin/box2.rb
|
498
|
+
p
|
499
|
+
3
|
500
|
+
x
|
501
|
+
4
|
502
|
+
line
|
503
|
+
x
|
504
|
+
1
|
505
|
+
i
|
506
|
+
x
|
507
|
+
3
|
508
|
+
ret
|
509
|
+
x
|
510
|
+
15
|
511
|
+
each_with_index
|
512
|
+
p
|
513
|
+
13
|
514
|
+
I
|
515
|
+
0
|
516
|
+
I
|
517
|
+
3
|
518
|
+
I
|
519
|
+
9
|
520
|
+
I
|
521
|
+
5
|
522
|
+
I
|
523
|
+
f
|
524
|
+
I
|
525
|
+
6
|
526
|
+
I
|
527
|
+
20
|
528
|
+
I
|
529
|
+
7
|
530
|
+
I
|
531
|
+
2a
|
532
|
+
I
|
533
|
+
8
|
534
|
+
I
|
535
|
+
2f
|
536
|
+
I
|
537
|
+
9
|
538
|
+
I
|
539
|
+
3c
|
540
|
+
x
|
541
|
+
11
|
542
|
+
bin/box2.rb
|
543
|
+
p
|
544
|
+
3
|
545
|
+
x
|
546
|
+
1
|
547
|
+
_
|
548
|
+
x
|
549
|
+
2
|
550
|
+
_e
|
551
|
+
x
|
552
|
+
2
|
553
|
+
db
|
data/lib/safebox/box.rb
CHANGED
data/lib/safebox/safebox.rb
CHANGED
@@ -8,7 +8,7 @@ module Safebox
|
|
8
8
|
$SAFE = 4
|
9
9
|
this = box.new *paras
|
10
10
|
begin
|
11
|
-
[:value, this.instance_eval( exe, "Safebox")]
|
11
|
+
[:value, String === exe ? this.instance_eval( exe, "Safebox") : this.instance_eval( &exe)]
|
12
12
|
rescue Object
|
13
13
|
[:exception, $!]
|
14
14
|
end
|
@@ -23,5 +23,22 @@ module Safebox
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
alias new_class create_class
|
26
|
+
|
27
|
+
def on_exception exc
|
28
|
+
$stdout.puts "#{exc} (#{exc.class})\n\t#{exc.backtrace.join"\n\t"}"
|
29
|
+
rescue Object
|
30
|
+
on_exception $!
|
31
|
+
end
|
32
|
+
|
33
|
+
def eval *paras, &exe
|
34
|
+
ret = self.run( *paras, &exe)
|
35
|
+
case ret.first
|
36
|
+
when :exception # Really unsecure. Somebody can create an own exception with own #to_s, #class or #backtrace.
|
37
|
+
on_exception ret.last
|
38
|
+
nil
|
39
|
+
when :value then ret.last
|
40
|
+
end
|
41
|
+
end
|
42
|
+
public :eval
|
26
43
|
end
|
27
44
|
end
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
version: 0.0.
|
8
|
+
- 2
|
9
|
+
version: 0.0.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Denis Knauf
|
@@ -14,20 +14,23 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-03-
|
18
|
-
default_executable:
|
17
|
+
date: 2010-03-31 00:00:00 +02:00
|
18
|
+
default_executable:
|
19
19
|
dependencies: []
|
20
20
|
|
21
21
|
description: Put code to Safebox
|
22
22
|
email: Denis.Knauf@gmail.com
|
23
23
|
executables:
|
24
24
|
- box.rb
|
25
|
+
- box2.rbc
|
26
|
+
- box2.rb
|
25
27
|
extensions: []
|
26
28
|
|
27
29
|
extra_rdoc_files:
|
28
30
|
- LICENSE
|
29
31
|
- README.md
|
30
32
|
files:
|
33
|
+
- AUTHORS
|
31
34
|
- README.md
|
32
35
|
- VERSION
|
33
36
|
- lib/safebox.rb
|