build_box 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +17 -2
- data/lib/build_box.rb +2 -7
- data/lib/build_box/config.rb +19 -20
- data/lib/build_box/perform.rb +7 -5
- data/lib/build_box/response.rb +4 -4
- data/lib/build_box/version.rb +1 -1
- data/spec/build_box_spec.rb +53 -14
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 45a91ebc98d3adf60d87d913bfb0235613997757
|
4
|
+
data.tar.gz: 99ee3754633256d08a367daf36d4bf9a6f5d499c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9433398af99c75bf1bff45cfdd89cd2c984506182e8ba59c3aaf5442f4e42d4d40f2b5b1a6bf620d56f231f7587ed22fc73d5ad7cbe223b7edde6bc54a425156
|
7
|
+
data.tar.gz: 5f56d2e2c8dec64c41f2eec4b5305b122f3d6d308a73aacd3a9ca73a7ebfd625689003a51ddea3317a8f5efd0389b3ffdb1951a0a1d18bad3e05756de4ceef9c
|
data/README.md
CHANGED
@@ -21,10 +21,11 @@ Or install it yourself as:
|
|
21
21
|
Remove all the bad methods and classes I can think of. But maybe you need more:
|
22
22
|
|
23
23
|
```ruby
|
24
|
-
|
24
|
+
BuildBox.configure do |config|
|
25
25
|
config.bad_constants << :Rails
|
26
26
|
config.bad_constants << :ActiveRecord
|
27
|
-
config.timeout = 3 # default
|
27
|
+
config.timeout = 3 # secconds, default: 3
|
28
|
+
config.security_level = 0 # (0..3), default: 0
|
28
29
|
end
|
29
30
|
```
|
30
31
|
|
@@ -37,6 +38,7 @@ require 'build_box'
|
|
37
38
|
result = nil
|
38
39
|
result = BuildBox.perform(' 1 + 2 ');
|
39
40
|
result.output # => 3
|
41
|
+
result.result # => 3
|
40
42
|
result.error? # => false
|
41
43
|
result.error # => nil
|
42
44
|
|
@@ -51,9 +53,22 @@ BuildBox.perform('`rm -rf /`').output # => "NameError: undefined local variable
|
|
51
53
|
BuildBox.perform('exec("rm -rf /")').output # => "NameError: undefined local variable or method `exec' for main:Object"
|
52
54
|
BuildBox.perform('Kernel.exec("rm -rf /")').output # => "NameError: undefined local variable or method `exec' for Kernel:Module"BuildBox.perform(['require "open3"']).output # => ["NameError: undefined local variable or method `require' for main:Object"]
|
53
55
|
|
56
|
+
# Execution params
|
57
|
+
# BuildBox.perform(code, # => code to be performed
|
58
|
+
binding_context=TOPLEVEL_BINDING, # => binding variable context (like ERB)
|
59
|
+
security_level=BuildBox.config.security_level, # => $SAFE directive. permited (0..3)
|
60
|
+
timeout: 3 # => in seconds
|
61
|
+
)
|
62
|
+
|
63
|
+
BuildBox('1+2', self.__binding__, 3).result # => 3
|
64
|
+
|
65
|
+
# Hash Parameters
|
66
|
+
BuildBox(code:'1+2', binding_context: self.__binding__, security_level: 3).result # => 3
|
67
|
+
|
54
68
|
|
55
69
|
```
|
56
70
|
|
71
|
+
|
57
72
|
## Contributing
|
58
73
|
|
59
74
|
1. Fork it ( http://github.com/<my-github-username>/build_box/fork )
|
data/lib/build_box.rb
CHANGED
@@ -11,13 +11,8 @@ module BuildBox
|
|
11
11
|
end
|
12
12
|
alias :config :configure
|
13
13
|
|
14
|
-
def perform(code, binding_context
|
15
|
-
|
16
|
-
binding_context = code.fetch(:binding_context, binding_context)
|
17
|
-
security_level = code.fetch(:security_level, security_level)
|
18
|
-
code = code[:code] || (raise 'Code parameter must be informed.')
|
19
|
-
end
|
20
|
-
BuildBox::Response.new(code, binding_context, security_level)
|
14
|
+
def perform(code, binding_context: TOPLEVEL_BINDING, security_level: BuildBox.config.security_level, timeout: BuildBox.config.timeout)
|
15
|
+
BuildBox::Response.new(code, binding_context, security_level, timeout)
|
21
16
|
end
|
22
17
|
|
23
18
|
end
|
data/lib/build_box/config.rb
CHANGED
@@ -9,24 +9,24 @@ module BuildBox
|
|
9
9
|
option :bad_methods, :default => [
|
10
10
|
[:Object, :abort],
|
11
11
|
[:Kernel, :abort],
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
12
|
+
[:Object, :autoload],
|
13
|
+
[:Kernel, :autoload],
|
14
|
+
[:Object, :autoload?],
|
15
|
+
[:Kernel, :autoload?],
|
16
16
|
[:Object, :callcc],
|
17
17
|
[:Kernel, :callcc],
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
18
|
+
[:Object, :exit],
|
19
|
+
[:Kernel, :exit],
|
20
|
+
[:Object, :exit!],
|
21
|
+
[:Kernel, :exit!],
|
22
|
+
[:Object, :at_exit],
|
23
|
+
[:Kernel, :at_exit],
|
24
24
|
[:Object, :exec],
|
25
25
|
[:Kernel, :exec],
|
26
26
|
[:Object, :fork],
|
27
27
|
[:Kernel, :fork],
|
28
|
-
|
29
|
-
|
28
|
+
[:Object, :load],
|
29
|
+
[:Kernel, :load],
|
30
30
|
[:Object, :open],
|
31
31
|
[:Kernel, :open],
|
32
32
|
[:Object, :set_trace_func],
|
@@ -37,22 +37,21 @@ module BuildBox
|
|
37
37
|
[:Kernel, :syscall],
|
38
38
|
[:Object, :system],
|
39
39
|
[:Kernel, :system],
|
40
|
-
|
41
|
-
|
40
|
+
[:Object, :test],
|
41
|
+
[:Kernel, :test],
|
42
42
|
[:Object, :remove_method],
|
43
43
|
[:Kernel, :remove_method],
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
44
|
+
[:Object, :require],
|
45
|
+
[:Kernel, :require],
|
46
|
+
[:Object, :require_relative],
|
47
|
+
[:Kernel, :require_relative],
|
48
48
|
[:Object, :undef_method],
|
49
49
|
[:Kernel, :undef_method],
|
50
50
|
[:Object, "`".to_sym],
|
51
51
|
[:Kernel, "`".to_sym],
|
52
52
|
[:Class, "`".to_sym]
|
53
53
|
]
|
54
|
-
|
55
|
-
option :bad_constants, :default => [:Continuation, :Open3, :File, :Dir, :IO, :BuildBox, :Process, :Thread, :Fiber, :Gem, :Net, :ThreadGroup]
|
54
|
+
option :bad_constants, :default => [:Continuation, :Open3, :File, :Dir, :IO, :BuildBox, :Process, :Thread, :Fiber, :Gem, :Net, :ThreadGroup, :SystemExit, :SignalException, :Interrupt, :FileTest, :Signal]
|
56
55
|
|
57
56
|
option :timeout, :default => 3
|
58
57
|
option :security_level, :default => 3 # (0..3)
|
data/lib/build_box/perform.rb
CHANGED
@@ -2,12 +2,13 @@ class BuildBox::Perform
|
|
2
2
|
|
3
3
|
attr_accessor :output, :error, :code, :unbound_methods, :unbound_constants
|
4
4
|
|
5
|
-
def initialize(code, binding_context=TOPLEVEL_BINDING, security_level)
|
5
|
+
def initialize(code, binding_context=TOPLEVEL_BINDING, security_level, timeout)
|
6
6
|
self.unbound_methods = []
|
7
7
|
self.unbound_constants = []
|
8
8
|
self.code = code
|
9
9
|
@binding_context = binding_context
|
10
10
|
@security_level = security_level
|
11
|
+
@timeout = timeout
|
11
12
|
evaluate
|
12
13
|
end
|
13
14
|
|
@@ -22,17 +23,18 @@ class BuildBox::Perform
|
|
22
23
|
@output = eval(@code, @binding_context, "build_box")
|
23
24
|
@error = nil
|
24
25
|
rescue Exception => e
|
25
|
-
@
|
26
|
+
@output = nil
|
27
|
+
@error = "#{e.class}: #{e.to_s}"
|
26
28
|
ensure
|
27
29
|
restore_constants
|
28
30
|
restore_methods
|
29
31
|
end
|
30
32
|
end
|
31
33
|
|
32
|
-
timeout = t.join(
|
34
|
+
timeout = t.join(@timeout)
|
33
35
|
if timeout.nil?
|
34
|
-
@
|
35
|
-
@
|
36
|
+
@error = "BuildBoxError: execution expired"
|
37
|
+
@output = nil
|
36
38
|
end
|
37
39
|
end
|
38
40
|
|
data/lib/build_box/response.rb
CHANGED
@@ -4,8 +4,8 @@ class BuildBox::Response
|
|
4
4
|
|
5
5
|
alias :result :output
|
6
6
|
|
7
|
-
def initialize(code, binding_context, security_level)
|
8
|
-
evaluate(code, binding_context, security_level)
|
7
|
+
def initialize(code, binding_context, security_level, timeout)
|
8
|
+
evaluate(code, binding_context, security_level, timeout)
|
9
9
|
end
|
10
10
|
|
11
11
|
def error?
|
@@ -14,9 +14,9 @@ class BuildBox::Response
|
|
14
14
|
|
15
15
|
private
|
16
16
|
|
17
|
-
def evaluate(code, binding_context, security_level)
|
17
|
+
def evaluate(code, binding_context, security_level, timeout)
|
18
18
|
preserve_namespace
|
19
|
-
result = BuildBox::Perform.new(code, binding_context, security_level)
|
19
|
+
result = BuildBox::Perform.new(code, binding_context, security_level, timeout)
|
20
20
|
@output = result.output
|
21
21
|
@error = result.error
|
22
22
|
@code = result.code
|
data/lib/build_box/version.rb
CHANGED
data/spec/build_box_spec.rb
CHANGED
@@ -2,6 +2,49 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe "BuildBox" do
|
4
4
|
|
5
|
+
before(:each) do
|
6
|
+
|
7
|
+
# BuildBox.configure do |config|
|
8
|
+
# # config.security_level = 0
|
9
|
+
# # config.timeout = 3
|
10
|
+
|
11
|
+
# # # Add new bad constants
|
12
|
+
# # config.bad_constants << :Rails
|
13
|
+
# # config.bad_constants << :ActiveRecord
|
14
|
+
# # config.bad_constants << :Activity
|
15
|
+
|
16
|
+
# # Constants used in test and migrations
|
17
|
+
# config.bad_constants.delete(:Thread)
|
18
|
+
# config.bad_constants.delete(:SystemExit)
|
19
|
+
# config.bad_constants.delete(:SignalException)
|
20
|
+
# config.bad_constants.delete(:Interrupt)
|
21
|
+
# config.bad_constants.delete(:FileTest)
|
22
|
+
# config.bad_constants.delete(:Signal)
|
23
|
+
|
24
|
+
# # # Methods used int test and migrations
|
25
|
+
# config.bad_methods.delete([:Object, :autoload])
|
26
|
+
# config.bad_methods.delete([:Kernel, :autoload])
|
27
|
+
# config.bad_methods.delete([:Object, :autoload?])
|
28
|
+
# config.bad_methods.delete([:Kernel, :autoload?])
|
29
|
+
# config.bad_methods.delete([:Object, :exit])
|
30
|
+
# config.bad_methods.delete([:Kernel, :exit])
|
31
|
+
# config.bad_methods.delete([:Object, :exit!])
|
32
|
+
# config.bad_methods.delete([:Kernel, :exit!])
|
33
|
+
# config.bad_methods.delete([:Object, :at_exit])
|
34
|
+
# config.bad_methods.delete([:Kernel, :at_exit])
|
35
|
+
# config.bad_methods.delete([:Object, :load])
|
36
|
+
# config.bad_methods.delete([:Kernel, :load])
|
37
|
+
# config.bad_methods.delete([:Object, :test])
|
38
|
+
# config.bad_methods.delete([:Kernel, :test])
|
39
|
+
# config.bad_methods.delete([:Object, :require])
|
40
|
+
# config.bad_methods.delete([:Kernel, :require])
|
41
|
+
# config.bad_methods.delete([:Object, :require_relative])
|
42
|
+
# config.bad_methods.delete([:Kernel, :require_relative])
|
43
|
+
# end
|
44
|
+
|
45
|
+
|
46
|
+
end
|
47
|
+
|
5
48
|
describe ".perform" do
|
6
49
|
let(:correct_code){ '3+2+1'}
|
7
50
|
let(:wrong_code){ '3+2+nil'}
|
@@ -63,31 +106,27 @@ describe "BuildBox" do
|
|
63
106
|
|
64
107
|
it "permit add context varables" do
|
65
108
|
ctx = OpenStruct.new(:params => {a: 1, b: 2})
|
66
|
-
expect(BuildBox.perform('params[:a] + params[:b]', ctx.__binding__).output).to eql(3)
|
109
|
+
expect(BuildBox.perform('params[:a] + params[:b]', binding_context: ctx.__binding__).output).to eql(3)
|
67
110
|
end
|
68
111
|
|
69
112
|
it "permit add define security level in specific perform" do
|
70
113
|
code = %{ eval('{a: 1, b:2, c:3}')}
|
71
|
-
expect(BuildBox.perform(code,
|
72
|
-
expect(BuildBox.perform(code,
|
114
|
+
expect(BuildBox.perform(code, security_level: 0).result).to eql({a: 1, b:2, c:3})
|
115
|
+
expect(BuildBox.perform(code, security_level: 3).error?).to be_false
|
73
116
|
end
|
74
117
|
|
75
118
|
it "must permit pass hash parameters" do
|
76
119
|
code = %{ eval('{a: 1, b:2, c:3}')}
|
77
|
-
expect(BuildBox.perform(code
|
120
|
+
expect(BuildBox.perform(code, {security_level: 0}).result).to eql({a: 1, b:2, c:3})
|
78
121
|
end
|
79
122
|
|
80
|
-
it "must
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
raise e unless e.message == 'Code parameter must be informed.'
|
86
|
-
end
|
123
|
+
it "must permit inform timeout params" do
|
124
|
+
BuildBox.config.bad_constants.clear
|
125
|
+
BuildBox.config.bad_methods.clear
|
126
|
+
code = %{ sleep 0.3 }
|
127
|
+
expect(BuildBox.perform(code, security_level:0, timeout: 0.1).error).to eql("BuildBoxError: execution expired")
|
87
128
|
end
|
88
129
|
|
89
|
-
|
90
|
-
|
91
130
|
context 'unsafe commands' do
|
92
131
|
it 'does not exit' do
|
93
132
|
expect(BuildBox.config).to receive(:bad_methods).at_least(:once).and_return([])
|
@@ -98,7 +137,7 @@ describe "BuildBox" do
|
|
98
137
|
it 'does not exit for kernel' do
|
99
138
|
expect(BuildBox.config).to receive(:bad_methods).at_least(:once).and_return([])
|
100
139
|
expect(BuildBox.config).to receive(:bad_constants).at_least(:once).and_return([])
|
101
|
-
expect(BuildBox.perform('Kernel.exit').error).to eql("
|
140
|
+
expect(BuildBox.perform('Kernel.exit').error).to eql("SystemExit: exit")
|
102
141
|
end
|
103
142
|
|
104
143
|
it 'does not exec' do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: build_box
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rafael Vettori
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-06-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|