build_box 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/build_box/perform.rb +4 -3
- data/lib/build_box/response.rb +6 -4
- data/lib/build_box/version.rb +1 -1
- data/lib/build_box.rb +7 -2
- data/spec/build_box_spec.rb +22 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ff554d9ee6d2c5de96dc3b451f5f96e291664eed
|
|
4
|
+
data.tar.gz: 6781f63e6a9dfe6ef610c496312cb69d225512c8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e58905f0871ae87e515db45868ced96e89acf27723321c88aeb8238ab27e1ac899b4b2522f9070aa3297c8e22d4aca6c622ce95b8e3ac2f04d66c3dd479ec715
|
|
7
|
+
data.tar.gz: fdf3a5ef898b33da3ddffbc7ab4eff3658c143a26df2a815259131812666f873d9d4d57157570e9224850c35f7cf26affdad655bfd3fffc592cf2572ad125681
|
data/lib/build_box/perform.rb
CHANGED
|
@@ -2,11 +2,12 @@ class BuildBox::Perform
|
|
|
2
2
|
|
|
3
3
|
attr_accessor :output, :error, :code, :unbound_methods, :unbound_constants
|
|
4
4
|
|
|
5
|
-
def initialize(code, binding_context=TOPLEVEL_BINDING)
|
|
5
|
+
def initialize(code, binding_context=TOPLEVEL_BINDING, security_level)
|
|
6
6
|
self.unbound_methods = []
|
|
7
7
|
self.unbound_constants = []
|
|
8
8
|
self.code = code
|
|
9
|
-
@binding_context = binding_context
|
|
9
|
+
@binding_context = binding_context
|
|
10
|
+
@security_level = security_level
|
|
10
11
|
evaluate
|
|
11
12
|
end
|
|
12
13
|
|
|
@@ -14,7 +15,7 @@ class BuildBox::Perform
|
|
|
14
15
|
|
|
15
16
|
def evaluate
|
|
16
17
|
t = Thread.new do
|
|
17
|
-
$SAFE =
|
|
18
|
+
$SAFE = @securit_level || 0
|
|
18
19
|
begin
|
|
19
20
|
BuildBox.config.bad_methods.each {|meth| remove_method(meth.first, meth.last)}
|
|
20
21
|
BuildBox.config.bad_constants.each {|const| remove_constant(const)}
|
data/lib/build_box/response.rb
CHANGED
|
@@ -2,8 +2,10 @@ class BuildBox::Response
|
|
|
2
2
|
|
|
3
3
|
attr_accessor :output, :error, :code # TODO: return de evaluated code
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
alias :result :output
|
|
6
|
+
|
|
7
|
+
def initialize(code, binding_context, security_level)
|
|
8
|
+
evaluate(code, binding_context, security_level)
|
|
7
9
|
end
|
|
8
10
|
|
|
9
11
|
def error?
|
|
@@ -12,9 +14,9 @@ class BuildBox::Response
|
|
|
12
14
|
|
|
13
15
|
private
|
|
14
16
|
|
|
15
|
-
def evaluate(code, binding_context)
|
|
17
|
+
def evaluate(code, binding_context, security_level)
|
|
16
18
|
preserve_namespace
|
|
17
|
-
result = BuildBox::Perform.new(code, binding_context)
|
|
19
|
+
result = BuildBox::Perform.new(code, binding_context, security_level)
|
|
18
20
|
@output = result.output
|
|
19
21
|
@error = result.error
|
|
20
22
|
@code = result.code
|
data/lib/build_box/version.rb
CHANGED
data/lib/build_box.rb
CHANGED
|
@@ -11,8 +11,13 @@ module BuildBox
|
|
|
11
11
|
end
|
|
12
12
|
alias :config :configure
|
|
13
13
|
|
|
14
|
-
def perform(code, binding_context=TOPLEVEL_BINDING)
|
|
15
|
-
|
|
14
|
+
def perform(code, binding_context=TOPLEVEL_BINDING, security_level=BuildBox.config.security_level)
|
|
15
|
+
if code.is_a?(Hash)
|
|
16
|
+
binding_context = code.fetch(:binding_context, binding_context)
|
|
17
|
+
security_level = code.fetch(:security_level, security_level)
|
|
18
|
+
code = code[:code] || (raise 'Code parameter must be informed.')
|
|
19
|
+
end
|
|
20
|
+
BuildBox::Response.new(code, binding_context, security_level)
|
|
16
21
|
end
|
|
17
22
|
|
|
18
23
|
end
|
data/spec/build_box_spec.rb
CHANGED
|
@@ -66,6 +66,28 @@ describe "BuildBox" do
|
|
|
66
66
|
expect(BuildBox.perform('params[:a] + params[:b]', ctx.__binding__).output).to eql(3)
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
+
it "permit add define security level in specific perform" do
|
|
70
|
+
code = %{ eval('{a: 1, b:2, c:3}')}
|
|
71
|
+
expect(BuildBox.perform(code, TOPLEVEL_BINDING, 0).result).to eql({a: 1, b:2, c:3})
|
|
72
|
+
expect(BuildBox.perform(code, TOPLEVEL_BINDING, 3).error?).to be_false
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
it "must permit pass hash parameters" do
|
|
76
|
+
code = %{ eval('{a: 1, b:2, c:3}')}
|
|
77
|
+
expect(BuildBox.perform(code: code, security_level: 0).result).to eql({a: 1, b:2, c:3})
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
it "must raise error when code key is not passed" do
|
|
81
|
+
code = %{ eval('{a: 1, b:2, c:3}')}
|
|
82
|
+
begin
|
|
83
|
+
expect(BuildBox.perform(cod: code, security_level: 0).result).to raise_error(RuntimeError)
|
|
84
|
+
rescue => e
|
|
85
|
+
raise e unless e.message == 'Code parameter must be informed.'
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
|
|
90
|
+
|
|
69
91
|
context 'unsafe commands' do
|
|
70
92
|
it 'does not exit' do
|
|
71
93
|
expect(BuildBox.config).to receive(:bad_methods).at_least(:once).and_return([])
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: build_box
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafael Vettori
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-05-
|
|
11
|
+
date: 2014-05-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|