Safebox 0.0.1 → 0.0.2

data/AUTHORS

@@ -0,0 +1 @@
+Denis Knauf <denis dot knauf at gmail dot com>

data/README.md

@@ -0,0 +1,99 @@
+Requires
+========
+
+Ruby MRI or Ruby 1.9.
+
+Will not work with Rubinius! It does not support $SAFE.
+
+I do not know JRuby.
+
+Install
+=======
+
+	gem install Safebox
+
+Usage
+=====
+
+First load the safebox:
+
+	require 'safebox'
+
+The most things in your Safebox are possible:
+
+	value = Safebox.eval "1+2**9"  # => 513
+	value = Safebox.eval {|| 1+2**8 }  # => 257
+
+You can use a String or a Proc,  also as argument:
+
+	value = Safebox.eval lambda {|| 1+2**7 }
+
+More complex code with classes and everything else...
+
+	value = Safebox.eval do
+		class Mail
+			attr_accessor :subject, :body, :to, :from
+			def generate
+				[ "To: #{@to}", "From: #{@from}",
+					"Subject: #{@subject}", '', @body ].join "\n"
+			end
+		end
+		mail = Mail.new
+		mail.from, mail.to, mail.subject = "me", "root", "Plz install Ruby :)"
+		mail.subject = "..."
+		mail.generate
+	end
+
+Only some good things are not possible:
+
+	Safebox.eval "$stdout.puts 'I am OK!'"  # not possible :(
+
+But, very bad code will not damage your system.
+
+	Safebox.eval "class Unsecure;def self.code() system 'rm *' ; end end; Unsecure.code"  # will fail :)
+
+This will raise a SecurityError.
+
+What is with raised exceptions,  like SecurityError or others?
+
+	Safebox.eval "raise Exception"
+
+This will print the Exception to Console.
+
+You want to get the Exception?
+
+	ret = Safebox.run "raise Exception"
+	ret # => [:exception, #<Exception>]
+
+What is *Safebox.run*?
+
+	ret = Safebox.run "1+2**9"
+	ret # => [:value, 513]
+
+It returns the value or the raised exception.  --  Nothing else.
+
+You should know,  Ruby is not stupid.  I am very surprised,
+because this is not possible:
+
+	aA = Safebox.eval do
+		class A
+			def to_s
+				'Owned!'
+			end
+		end
+		A.new
+	end
+	aA.to_s  # => SecurityError: calling insecure method: to_s
+
+*A#to_s* is defined in our *Safebox*,  so every call outside can be a security hole.
+
+But you can use #to_s in an other Safebox, withour any risk:
+
+	Safebox.eval aA.method( :to_s)  # => "Owned!"  # Not really :)
+
+Behind Safebox
+==============
+
+It uses only a Thread,  $SAFE=4 and  some code for automatism.
+
+The real magic is Ruby itself.

data/VERSION

@@ -1 +1 @@
-0.0.1
+0.0.2

data/bin/box.rb

@@ -8,19 +8,20 @@ rescue LoadError
 end
 require 'safebox'
 
-_ = nil
+_ = _e = nil
 Dir.mkdir 'logs' rescue Errno::EEXIST
 SBDB::Env.new 'logs', SBDB::CREATE | SBDB::Env::INIT_TRANSACTION do |logs|
-	db = logs['test', :type => SBDB::Btree, :flags => SBDB::CREATE]
+	db = logs[ 'test', :type => SBDB::Btree, :flags => SBDB::CREATE]
 	db = Safebox::Persistent.new db, db.cursor
 	$stdout.print "(0)$ "
 	STDIN.each_with_index do |line, i|
-		ret = Safebox.run line, Safebox::Box, db, _
+		ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
 		if :value == ret.first
 			_ = ret.last
 			$stdout.puts "=> #{ret.last.inspect}"
 		else
-			$stdout.puts ret.last.inspect, ret.last.backtrace.map( &"    %s".method( :%))
+			_e = ret.last
+			$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
 		end
 		$stdout.print "(#{i+1})$ "
 	end

data/bin/box2.rb

@@ -0,0 +1,19 @@
+#!/usr/bin/ruby
+
+require 'safebox'
+
+_ = _e = nil
+$stdout.print "(0)$ "
+db = {}
+db.taint
+STDIN.each.each_with_index do |line, i|
+	ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
+	if :value == ret.first
+		_ = ret.last
+		$stdout.puts "=> #{ret.last.inspect}"
+	else
+		_e = ret.last
+		$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
+	end
+	$stdout.print "(#{i+1})$ "
+end

data/bin/box2.rbc

@@ -0,0 +1,553 @@
+!RBIX
+0
+x
+M
+1
+n
+n
+x
+10
+__script__
+i
+60
+5
+7
+0
+61
+44
+46
+1
+1
+14
+1
+17
+1
+17
+0
+14
+42
+2
+3
+40
+4
+7
+5
+46
+6
+1
+7
+7
+61
+46
+8
+1
+14
+41
+40
+9
+75
+46
+10
+1
+17
+2
+14
+18
+2
+45
+11
+14
+42
+12
+13
+45
+14
+53
+15
+47
+16
+0
+14
+2
+11
+I
+5
+I
+3
+I
+0
+I
+0
+n
+p
+17
+s
+7
+safebox
+x
+7
+require
+x
+8
+Rubinius
+n
+x
+7
+Globals
+x
+7
+$stdout
+x
+2
+[]
+s
+5
+(0)$ 
+x
+5
+print
+x
+4
+Hash
+x
+16
+new_from_literal
+x
+5
+taint
+x
+5
+STDIN
+n
+x
+4
+each
+M
+1
+n
+n
+x
+9
+__block__
+i
+209
+55
+33
+34
+17
+0
+14
+34
+17
+1
+14
+14
+42
+0
+1
+18
+0
+42
+2
+3
+13
+68
+4
+47
+9
+41
+44
+45
+5
+13
+42
+0
+6
+40
+7
+44
+46
+8
+1
+14
+8
+49
+42
+0
+9
+40
+7
+46
+4
+1
+19
+1
+2
+19
+1
+0
+19
+1
+1
+46
+10
+5
+17
+2
+14
+7
+11
+18
+2
+45
+12
+80
+13
+9
+110
+18
+2
+45
+14
+20
+1
+0
+14
+42
+15
+16
+40
+17
+7
+18
+46
+19
+1
+7
+20
+18
+2
+45
+14
+45
+21
+44
+45
+22
+60
+2
+46
+23
+1
+8
+180
+18
+2
+45
+14
+20
+1
+1
+14
+42
+15
+24
+40
+17
+7
+18
+46
+19
+1
+18
+2
+45
+14
+45
+21
+18
+2
+45
+14
+45
+25
+41
+40
+26
+75
+7
+27
+46
+4
+2
+46
+19
+1
+7
+28
+61
+7
+29
+46
+30
+1
+13
+67
+10
+171
+41
+40
+31
+12
+46
+32
+1
+47
+33
+0
+7
+34
+61
+46
+23
+3
+14
+42
+15
+35
+40
+17
+7
+18
+46
+19
+1
+7
+36
+18
+1
+76
+78
+37
+44
+45
+22
+7
+38
+60
+3
+46
+39
+1
+11
+I
+a
+I
+3
+I
+2
+I
+2
+n
+p
+40
+x
+7
+Safebox
+n
+x
+5
+Class
+n
+x
+3
+new
+x
+8
+allocate
+n
+x
+3
+Box
+x
+10
+initialize
+n
+x
+3
+run
+x
+5
+value
+x
+5
+first
+x
+2
+==
+x
+4
+last
+x
+8
+Rubinius
+n
+x
+7
+Globals
+x
+7
+$stdout
+x
+2
+[]
+s
+3
+=> 
+x
+7
+inspect
+x
+4
+to_s
+x
+4
+puts
+n
+x
+9
+backtrace
+x
+5
+Range
+I
+-4
+s
+3
+	%s
+x
+1
+%
+x
+6
+method
+x
+4
+Proc
+x
+14
+__from_block__
+x
+3
+map
+s
+19
+	Safebox:1:in `run'
+n
+s
+1
+(
+x
+1
++
+s
+3
+)$ 
+x
+5
+print
+p
+17
+I
+0
+I
+9
+I
+b
+I
+a
+I
+40
+I
+b
+I
+4a
+I
+c
+I
+52
+I
+d
+I
+6e
+I
+f
+I
+76
+I
+10
+I
+b5
+I
+12
+I
+d1
+x
+11
+bin/box2.rb
+p
+3
+x
+4
+line
+x
+1
+i
+x
+3
+ret
+x
+15
+each_with_index
+p
+13
+I
+0
+I
+3
+I
+9
+I
+5
+I
+f
+I
+6
+I
+20
+I
+7
+I
+2a
+I
+8
+I
+2f
+I
+9
+I
+3c
+x
+11
+bin/box2.rb
+p
+3
+x
+1
+_
+x
+2
+_e
+x
+2
+db

data/lib/safebox/box.rb

@@ -3,8 +3,12 @@ require 'safebox/safebox'
 class Safebox::Box
 	attr_reader :_, :db
 
-	def initialize db, _ = nil
-		@_, @db = _, db
+	def initialize db, _ = nil, _e = nil
+		@_, @db, @_e = _, db, _e
+	end
+
+	def _!
+		@_e
 	end
 
 	def put key, val

data/lib/safebox/safebox.rb

@@ -8,7 +8,7 @@ module Safebox
 				$SAFE = 4
 				this = box.new *paras
 				begin
-					[:value, this.instance_eval( exe, "Safebox")]
+					[:value, String === exe ? this.instance_eval( exe, "Safebox") : this.instance_eval( &exe)]
 				rescue Object
 					[:exception, $!]
 				end
@@ -23,5 +23,22 @@ module Safebox
 			end
 		end
 		alias new_class create_class
+
+		def on_exception exc
+			$stdout.puts "#{exc} (#{exc.class})\n\t#{exc.backtrace.join"\n\t"}"
+		rescue Object
+			on_exception $!
+		end
+
+		def eval *paras, &exe
+			ret = self.run( *paras, &exe)
+			case ret.first
+			when :exception  # Really unsecure. Somebody can create an own exception with own #to_s, #class or #backtrace.
+				on_exception ret.last
+				nil
+			when :value  then ret.last
+			end
+		end
+		public :eval
 	end
 end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors: 
 - Denis Knauf
@@ -14,20 +14,23 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-03-21 00:00:00 +01:00
-default_executable: box.rb
+date: 2010-03-31 00:00:00 +02:00
+default_executable: 
 dependencies: []
 
 description: Put code to Safebox
 email: Denis.Knauf@gmail.com
 executables: 
 - box.rb
+- box2.rbc
+- box2.rb
 extensions: []
 
 extra_rdoc_files: 
 - LICENSE
 - README.md
 files: 
+- AUTHORS
 - README.md
 - VERSION
 - lib/safebox.rb