boxcars 0.2.4 → 0.2.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -2
- data/Gemfile.lock +27 -27
- data/lib/boxcars/boxcar/active_record.rb +18 -7
- data/lib/boxcars/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a3593a9df2d9d8a867729e0b6081b300125933566923ca905e2eefb16a933394
|
4
|
+
data.tar.gz: 90c03ea9b328b8cff10f828f8b9bf4375cce0fd574dd8a26c690776e58a58c1b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5de41be1f154b2c21fcd6602159a6428d8702dc318904e6e03db9de1b0ed1788b03aa10365203557b39fe268f04b4594cf6915faa941b2c64e475cd6cbb55d09
|
7
|
+
data.tar.gz: 2ad84e5f416b19759807d658d739d1abb8405ba6ded3b38bdf5ce9406efeadccbc2102b7b477a90df67beaa287a9810b09e59b5843090fbe4619b03500d0a4f4
|
data/CHANGELOG.md
CHANGED
@@ -1,8 +1,20 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
-
## [
|
3
|
+
## [v0.2.4](https://github.com/BoxcarsAI/boxcars/tree/v0.2.4) (2023-03-28)
|
4
4
|
|
5
|
-
[Full Changelog](https://github.com/BoxcarsAI/boxcars/compare/v0.2.2
|
5
|
+
[Full Changelog](https://github.com/BoxcarsAI/boxcars/compare/v0.2.3...v0.2.4)
|
6
|
+
|
7
|
+
**Closed issues:**
|
8
|
+
|
9
|
+
- security [\#40](https://github.com/BoxcarsAI/boxcars/issues/40)
|
10
|
+
|
11
|
+
**Merged pull requests:**
|
12
|
+
|
13
|
+
- Fix regex action input [\#41](https://github.com/BoxcarsAI/boxcars/pull/41) ([makevoid](https://github.com/makevoid))
|
14
|
+
|
15
|
+
## [v0.2.3](https://github.com/BoxcarsAI/boxcars/tree/v0.2.3) (2023-03-20)
|
16
|
+
|
17
|
+
[Full Changelog](https://github.com/BoxcarsAI/boxcars/compare/v0.2.2...v0.2.3)
|
6
18
|
|
7
19
|
**Merged pull requests:**
|
8
20
|
|
data/Gemfile.lock
CHANGED
@@ -1,19 +1,19 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
boxcars (0.2.
|
4
|
+
boxcars (0.2.5)
|
5
5
|
google_search_results (~> 2.2)
|
6
6
|
ruby-openai (~> 3.0)
|
7
7
|
|
8
8
|
GEM
|
9
9
|
remote: https://rubygems.org/
|
10
10
|
specs:
|
11
|
-
activemodel (7.0.4.
|
12
|
-
activesupport (= 7.0.4.
|
13
|
-
activerecord (7.0.4.
|
14
|
-
activemodel (= 7.0.4.
|
15
|
-
activesupport (= 7.0.4.
|
16
|
-
activesupport (7.0.4.
|
11
|
+
activemodel (7.0.4.3)
|
12
|
+
activesupport (= 7.0.4.3)
|
13
|
+
activerecord (7.0.4.3)
|
14
|
+
activemodel (= 7.0.4.3)
|
15
|
+
activesupport (= 7.0.4.3)
|
16
|
+
activesupport (7.0.4.3)
|
17
17
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
18
18
|
i18n (>= 1.6, < 2)
|
19
19
|
minitest (>= 5.1)
|
@@ -21,7 +21,7 @@ GEM
|
|
21
21
|
addressable (2.8.1)
|
22
22
|
public_suffix (>= 2.0.2, < 6.0)
|
23
23
|
ast (2.4.2)
|
24
|
-
async (1.
|
24
|
+
async (1.31.0)
|
25
25
|
console (~> 1.10)
|
26
26
|
nio4r (~> 2.3)
|
27
27
|
timers (~> 4.1)
|
@@ -38,14 +38,14 @@ GEM
|
|
38
38
|
faraday
|
39
39
|
async-io (1.34.3)
|
40
40
|
async
|
41
|
-
async-pool (0.
|
41
|
+
async-pool (0.4.0)
|
42
42
|
async (>= 1.25)
|
43
|
-
concurrent-ruby (1.2.
|
43
|
+
concurrent-ruby (1.2.2)
|
44
44
|
console (1.16.2)
|
45
45
|
fiber-local
|
46
46
|
crack (0.4.5)
|
47
47
|
rexml
|
48
|
-
debug (1.7.
|
48
|
+
debug (1.7.2)
|
49
49
|
irb (>= 1.5.0)
|
50
50
|
reline (>= 0.3.1)
|
51
51
|
diff-lcs (1.5.0)
|
@@ -56,7 +56,7 @@ GEM
|
|
56
56
|
faraday-http-cache (2.4.1)
|
57
57
|
faraday (>= 0.8)
|
58
58
|
faraday-net_http (3.0.2)
|
59
|
-
faraday-retry (2.
|
59
|
+
faraday-retry (2.1.0)
|
60
60
|
faraday (~> 2.0)
|
61
61
|
fiber-local (1.0.0)
|
62
62
|
github_changelog_generator (1.16.4)
|
@@ -77,13 +77,13 @@ GEM
|
|
77
77
|
concurrent-ruby (~> 1.0)
|
78
78
|
io-console (0.6.0)
|
79
79
|
io-console (0.6.0-java)
|
80
|
-
irb (1.6.
|
80
|
+
irb (1.6.3)
|
81
81
|
reline (>= 0.3.0)
|
82
82
|
json (2.6.3)
|
83
83
|
json (2.6.3-java)
|
84
84
|
mini_mime (1.1.2)
|
85
85
|
mini_portile2 (2.8.1)
|
86
|
-
minitest (5.
|
86
|
+
minitest (5.18.0)
|
87
87
|
multi_json (1.15.0)
|
88
88
|
multi_xml (0.6.0)
|
89
89
|
nio4r (2.5.8)
|
@@ -92,7 +92,7 @@ GEM
|
|
92
92
|
faraday (>= 1, < 3)
|
93
93
|
sawyer (~> 0.9)
|
94
94
|
parallel (1.22.1)
|
95
|
-
parser (3.2.1.
|
95
|
+
parser (3.2.1.1)
|
96
96
|
ast (~> 2.4.1)
|
97
97
|
protocol-hpack (1.4.2)
|
98
98
|
protocol-http (0.24.1)
|
@@ -105,7 +105,7 @@ GEM
|
|
105
105
|
rainbow (3.1.1)
|
106
106
|
rake (13.0.6)
|
107
107
|
regexp_parser (2.7.0)
|
108
|
-
reline (0.3.
|
108
|
+
reline (0.3.3)
|
109
109
|
io-console (~> 0.5)
|
110
110
|
rexml (3.2.5)
|
111
111
|
rspec (3.12.0)
|
@@ -117,42 +117,42 @@ GEM
|
|
117
117
|
rspec-expectations (3.12.2)
|
118
118
|
diff-lcs (>= 1.2.0, < 2.0)
|
119
119
|
rspec-support (~> 3.12.0)
|
120
|
-
rspec-mocks (3.12.
|
120
|
+
rspec-mocks (3.12.5)
|
121
121
|
diff-lcs (>= 1.2.0, < 2.0)
|
122
122
|
rspec-support (~> 3.12.0)
|
123
123
|
rspec-support (3.12.0)
|
124
|
-
rubocop (1.
|
124
|
+
rubocop (1.48.1)
|
125
125
|
json (~> 2.3)
|
126
126
|
parallel (~> 1.10)
|
127
127
|
parser (>= 3.2.0.0)
|
128
128
|
rainbow (>= 2.2.2, < 4.0)
|
129
129
|
regexp_parser (>= 1.8, < 3.0)
|
130
130
|
rexml (>= 3.2.5, < 4.0)
|
131
|
-
rubocop-ast (>= 1.
|
131
|
+
rubocop-ast (>= 1.26.0, < 2.0)
|
132
132
|
ruby-progressbar (~> 1.7)
|
133
133
|
unicode-display_width (>= 2.4.0, < 3.0)
|
134
|
-
rubocop-ast (1.
|
134
|
+
rubocop-ast (1.28.0)
|
135
135
|
parser (>= 3.2.1.0)
|
136
136
|
rubocop-capybara (2.17.1)
|
137
137
|
rubocop (~> 1.41)
|
138
138
|
rubocop-rake (0.6.0)
|
139
139
|
rubocop (~> 1.0)
|
140
|
-
rubocop-rspec (2.
|
140
|
+
rubocop-rspec (2.19.0)
|
141
141
|
rubocop (~> 1.33)
|
142
142
|
rubocop-capybara (~> 2.17)
|
143
|
-
ruby-openai (3.
|
143
|
+
ruby-openai (3.7.0)
|
144
144
|
httparty (>= 0.18.1)
|
145
|
-
ruby-progressbar (1.
|
145
|
+
ruby-progressbar (1.13.0)
|
146
146
|
ruby2_keywords (0.0.5)
|
147
147
|
sawyer (0.9.2)
|
148
148
|
addressable (>= 2.3.5)
|
149
149
|
faraday (>= 0.17.3, < 3)
|
150
|
-
sqlite3 (1.6.
|
150
|
+
sqlite3 (1.6.2)
|
151
151
|
mini_portile2 (~> 2.8.0)
|
152
|
-
sqlite3 (1.6.
|
153
|
-
sqlite3 (1.6.
|
152
|
+
sqlite3 (1.6.2-x86_64-darwin)
|
153
|
+
sqlite3 (1.6.2-x86_64-linux)
|
154
154
|
timers (4.3.5)
|
155
|
-
traces (0.
|
155
|
+
traces (0.9.1)
|
156
156
|
tzinfo (2.0.6)
|
157
157
|
concurrent-ruby (~> 1.0)
|
158
158
|
unicode-display_width (2.4.2)
|
@@ -102,9 +102,7 @@ module Boxcars
|
|
102
102
|
return false
|
103
103
|
end
|
104
104
|
|
105
|
-
word_list = without_strings.split(/[.,()
|
106
|
-
|
107
|
-
puts word_list.inspect
|
105
|
+
word_list = without_strings.split(/[.,() :\[\]]/)
|
108
106
|
|
109
107
|
bad_words.each do |w|
|
110
108
|
if word_list.include?(w)
|
@@ -116,12 +114,24 @@ module Boxcars
|
|
116
114
|
true
|
117
115
|
end
|
118
116
|
|
117
|
+
# run the code in a safe environment
|
118
|
+
# @param code [String] The code to run
|
119
|
+
# @return [Object] The result of the code
|
120
|
+
def eval_safe_wrapper(code)
|
121
|
+
# if the code used ActiveRecord, we need to add :: in front of it to escape the module
|
122
|
+
new_code = code.gsub(/(\W)ActiveRecord::/, '\1::ActiveRecord::')
|
123
|
+
proc do
|
124
|
+
$SAFE = 4
|
125
|
+
# rubocop:disable Security/Eval
|
126
|
+
eval new_code
|
127
|
+
# rubocop:enable Security/Eval
|
128
|
+
end.call
|
129
|
+
end
|
130
|
+
|
119
131
|
def evaluate_input(code)
|
120
132
|
raise SecurityError, "Found unsafe code while evaluating: #{code}" unless safe_to_run?(code)
|
121
133
|
|
122
|
-
|
123
|
-
eval code
|
124
|
-
# rubocop:enable Security/Eval
|
134
|
+
eval_safe_wrapper code
|
125
135
|
end
|
126
136
|
|
127
137
|
def change_count(changes_code)
|
@@ -231,7 +241,8 @@ module Boxcars
|
|
231
241
|
"Only use the following Active Record models: %<model_info>s\n",
|
232
242
|
"Pay attention to use only the attribute names that you can see in the model description.\n",
|
233
243
|
"Do not make up variable or attribute names, and do not share variables between the code in ARChanges and ARCode\n",
|
234
|
-
"Be careful to not query for attributes that do not exist, and to use the format specified above.\n"
|
244
|
+
"Be careful to not query for attributes that do not exist, and to use the format specified above.\n",
|
245
|
+
"Finally, do not use print or puts in your code."
|
235
246
|
),
|
236
247
|
user("Question: %<question>s")
|
237
248
|
].freeze
|
data/lib/boxcars/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: boxcars
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Francis Sullivan
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2023-03-
|
12
|
+
date: 2023-03-30 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: debug
|