build_box 0.0.4 → 0.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ff554d9ee6d2c5de96dc3b451f5f96e291664eed
-  data.tar.gz: 6781f63e6a9dfe6ef610c496312cb69d225512c8
+  metadata.gz: 45a91ebc98d3adf60d87d913bfb0235613997757
+  data.tar.gz: 99ee3754633256d08a367daf36d4bf9a6f5d499c
 SHA512:
-  metadata.gz: e58905f0871ae87e515db45868ced96e89acf27723321c88aeb8238ab27e1ac899b4b2522f9070aa3297c8e22d4aca6c622ce95b8e3ac2f04d66c3dd479ec715
-  data.tar.gz: fdf3a5ef898b33da3ddffbc7ab4eff3658c143a26df2a815259131812666f873d9d4d57157570e9224850c35f7cf26affdad655bfd3fffc592cf2572ad125681
+  metadata.gz: 9433398af99c75bf1bff45cfdd89cd2c984506182e8ba59c3aaf5442f4e42d4d40f2b5b1a6bf620d56f231f7587ed22fc73d5ad7cbe223b7edde6bc54a425156
+  data.tar.gz: 5f56d2e2c8dec64c41f2eec4b5305b122f3d6d308a73aacd3a9ca73a7ebfd625689003a51ddea3317a8f5efd0389b3ffdb1951a0a1d18bad3e05756de4ceef9c

data/README.md

@@ -21,10 +21,11 @@ Or install it yourself as:
 Remove all the bad methods and classes I can think of. But maybe you need more:
 
 ```ruby
-Sandrbox.configure do |config|
+BuildBox.configure do |config|
   config.bad_constants << :Rails
   config.bad_constants << :ActiveRecord
-  config.timeout = 3 # default seconds by execution
+  config.timeout = 3 # secconds, default: 3
+  config.security_level = 0 # (0..3), default: 0
 end
 ```
 
@@ -37,6 +38,7 @@ require 'build_box'
 result = nil
 result = BuildBox.perform(' 1 + 2 ');
 result.output # => 3
+result.result # => 3
 result.error? # => false
 result.error # => nil
 
@@ -51,9 +53,22 @@ BuildBox.perform('`rm -rf /`').output # => "NameError: undefined local variable
 BuildBox.perform('exec("rm -rf /")').output # => "NameError: undefined local variable or method `exec' for main:Object" 
 BuildBox.perform('Kernel.exec("rm -rf /")').output # => "NameError: undefined local variable or method `exec' for Kernel:Module"BuildBox.perform(['require "open3"']).output # => ["NameError: undefined local variable or method `require' for main:Object"]
 
+# Execution params
+# BuildBox.perform(code, # => code to be performed
+                   binding_context=TOPLEVEL_BINDING, # => binding variable context (like ERB)
+                   security_level=BuildBox.config.security_level, # => $SAFE directive. permited (0..3)
+                   timeout: 3 # => in seconds
+                   )
+  
+BuildBox('1+2', self.__binding__, 3).result # => 3
+
+# Hash Parameters
+BuildBox(code:'1+2', binding_context: self.__binding__, security_level: 3).result # => 3
+
 
 ```
 
+
 ## Contributing
 
 1. Fork it ( http://github.com/<my-github-username>/build_box/fork )

data/lib/build_box.rb

@@ -11,13 +11,8 @@ module BuildBox
   end
   alias :config :configure
 
-  def perform(code, binding_context=TOPLEVEL_BINDING, security_level=BuildBox.config.security_level)
-    if code.is_a?(Hash)
-      binding_context = code.fetch(:binding_context, binding_context)
-      security_level  = code.fetch(:security_level, security_level)
-      code            = code[:code] || (raise 'Code parameter must be informed.')
-    end
-    BuildBox::Response.new(code, binding_context, security_level)
+  def perform(code, binding_context: TOPLEVEL_BINDING, security_level: BuildBox.config.security_level, timeout: BuildBox.config.timeout)
+      BuildBox::Response.new(code, binding_context, security_level, timeout)
   end
 
 end

data/lib/build_box/config.rb

@@ -9,24 +9,24 @@ module BuildBox
     option :bad_methods, :default => [
       [:Object, :abort],
       [:Kernel, :abort],
-      # [:Object, :autoload],
-      # [:Kernel, :autoload],
-      # [:Object, :autoload?],
-      # [:Kernel, :autoload?],
+      [:Object, :autoload],
+      [:Kernel, :autoload],
+      [:Object, :autoload?],
+      [:Kernel, :autoload?],
       [:Object, :callcc],
       [:Kernel, :callcc],
-      # [:Object, :exit],
-      # [:Kernel, :exit],
-      # [:Object, :exit!],
-      # [:Kernel, :exit!],
-      # [:Object, :at_exit],
-      # [:Kernel, :at_exit],
+      [:Object, :exit],
+      [:Kernel, :exit],
+      [:Object, :exit!],
+      [:Kernel, :exit!],
+      [:Object, :at_exit],
+      [:Kernel, :at_exit],
       [:Object, :exec],
       [:Kernel, :exec],
       [:Object, :fork],
       [:Kernel, :fork],
-      # [:Object, :load],
-      # [:Kernel, :load],
+      [:Object, :load],
+      [:Kernel, :load],
       [:Object, :open],
       [:Kernel, :open],
       [:Object, :set_trace_func],
@@ -37,22 +37,21 @@ module BuildBox
       [:Kernel, :syscall],
       [:Object, :system],
       [:Kernel, :system],
-      # [:Object, :test],
-      # [:Kernel, :test],
+      [:Object, :test],
+      [:Kernel, :test],
       [:Object, :remove_method],
       [:Kernel, :remove_method],
-      # [:Object, :require],
-      # [:Kernel, :require],
-      # [:Object, :require_relative],
-      # [:Kernel, :require_relative],
+      [:Object, :require],
+      [:Kernel, :require],
+      [:Object, :require_relative],
+      [:Kernel, :require_relative],
       [:Object, :undef_method],
       [:Kernel, :undef_method],
       [:Object, "`".to_sym],
       [:Kernel, "`".to_sym],
       [:Class, "`".to_sym]
     ]
-
-    option :bad_constants, :default =>   [:Continuation, :Open3, :File, :Dir, :IO, :BuildBox, :Process, :Thread, :Fiber, :Gem, :Net, :ThreadGroup]
+    option :bad_constants, :default => [:Continuation, :Open3, :File, :Dir, :IO, :BuildBox, :Process, :Thread, :Fiber, :Gem, :Net, :ThreadGroup, :SystemExit, :SignalException, :Interrupt, :FileTest, :Signal]
    
     option :timeout, :default => 3 
     option :security_level, :default => 3 # (0..3)

data/lib/build_box/perform.rb

@@ -2,12 +2,13 @@ class BuildBox::Perform
 
   attr_accessor :output, :error, :code, :unbound_methods, :unbound_constants
 
-  def initialize(code, binding_context=TOPLEVEL_BINDING, security_level)
+  def initialize(code, binding_context=TOPLEVEL_BINDING, security_level, timeout)
     self.unbound_methods   = []
     self.unbound_constants = []
     self.code              = code
     @binding_context       = binding_context
     @security_level        = security_level
+    @timeout               = timeout
     evaluate
   end
 
@@ -22,17 +23,18 @@ class BuildBox::Perform
         @output = eval(@code, @binding_context, "build_box")
         @error  = nil
       rescue Exception => e
-        @error = "#{e.class}: #{e.to_s}"
+        @output = nil
+        @error  = "#{e.class}: #{e.to_s}"
       ensure
         restore_constants
         restore_methods
       end
     end
 
-    timeout = t.join(BuildBox.config.timeout)
+    timeout = t.join(@timeout)
     if timeout.nil?
-      @output = "BuildBoxError: execution expired"
-      @error = true
+      @error  = "BuildBoxError: execution expired"
+      @output = nil
     end
   end
 

data/lib/build_box/response.rb

@@ -4,8 +4,8 @@ class BuildBox::Response
 
   alias :result :output
 
-  def initialize(code, binding_context, security_level)
-    evaluate(code, binding_context, security_level)
+  def initialize(code, binding_context, security_level, timeout)
+    evaluate(code, binding_context, security_level, timeout)
   end
 
   def error?
@@ -14,9 +14,9 @@ class BuildBox::Response
 
   private
 
-  def evaluate(code, binding_context, security_level)
+  def evaluate(code, binding_context, security_level, timeout)
     preserve_namespace
-    result  = BuildBox::Perform.new(code, binding_context, security_level)
+    result  = BuildBox::Perform.new(code, binding_context, security_level, timeout)
     @output = result.output
     @error  = result.error
     @code   = result.code

data/lib/build_box/version.rb

@@ -1,3 +1,3 @@
 module BuildBox
-  VERSION = "0.0.4"
+  VERSION = "0.0.5"
 end

data/spec/build_box_spec.rb

@@ -2,6 +2,49 @@ require 'spec_helper'
 
 describe "BuildBox" do
 
+  before(:each) do
+    
+    # BuildBox.configure do |config|
+    #   # config.security_level = 0
+    #   # config.timeout        = 3
+
+    #   # # Add new bad constants
+    #   # config.bad_constants << :Rails
+    #   # config.bad_constants << :ActiveRecord
+    #   # config.bad_constants << :Activity
+
+    #   # Constants used in test and migrations
+    #   config.bad_constants.delete(:Thread)
+    #   config.bad_constants.delete(:SystemExit)
+    #   config.bad_constants.delete(:SignalException)
+    #   config.bad_constants.delete(:Interrupt)
+    #   config.bad_constants.delete(:FileTest)
+    #   config.bad_constants.delete(:Signal)
+
+    #   # # Methods used int test and migrations
+    #   config.bad_methods.delete([:Object, :autoload])
+    #   config.bad_methods.delete([:Kernel, :autoload])
+    #   config.bad_methods.delete([:Object, :autoload?])
+    #   config.bad_methods.delete([:Kernel, :autoload?])
+    #   config.bad_methods.delete([:Object, :exit])
+    #   config.bad_methods.delete([:Kernel, :exit])
+    #   config.bad_methods.delete([:Object, :exit!])
+    #   config.bad_methods.delete([:Kernel, :exit!])
+    #   config.bad_methods.delete([:Object, :at_exit])
+    #   config.bad_methods.delete([:Kernel, :at_exit])
+    #   config.bad_methods.delete([:Object, :load])
+    #   config.bad_methods.delete([:Kernel, :load])
+    #   config.bad_methods.delete([:Object, :test])
+    #   config.bad_methods.delete([:Kernel, :test])
+    #   config.bad_methods.delete([:Object, :require])
+    #   config.bad_methods.delete([:Kernel, :require])
+    #   config.bad_methods.delete([:Object, :require_relative])
+    #   config.bad_methods.delete([:Kernel, :require_relative])
+    # end
+
+
+  end
+
   describe ".perform" do
     let(:correct_code){ '3+2+1'}
     let(:wrong_code){ '3+2+nil'}
@@ -63,31 +106,27 @@ describe "BuildBox" do
 
     it "permit add context varables" do
       ctx = OpenStruct.new(:params => {a: 1, b: 2})
-      expect(BuildBox.perform('params[:a] + params[:b]', ctx.__binding__).output).to eql(3)
+      expect(BuildBox.perform('params[:a] + params[:b]', binding_context: ctx.__binding__).output).to eql(3)
     end
 
     it "permit add define security level in specific perform" do
       code = %{ eval('{a: 1, b:2, c:3}')}
-      expect(BuildBox.perform(code, TOPLEVEL_BINDING, 0).result).to eql({a: 1, b:2, c:3})
-      expect(BuildBox.perform(code, TOPLEVEL_BINDING, 3).error?).to be_false
+      expect(BuildBox.perform(code, security_level: 0).result).to eql({a: 1, b:2, c:3})
+      expect(BuildBox.perform(code, security_level: 3).error?).to be_false
     end
 
     it "must permit pass hash parameters" do
       code = %{ eval('{a: 1, b:2, c:3}')}      
-      expect(BuildBox.perform(code: code, security_level: 0).result).to eql({a: 1, b:2, c:3})      
+      expect(BuildBox.perform(code, {security_level: 0}).result).to eql({a: 1, b:2, c:3})      
     end
 
-    it "must raise error when code key is not passed" do
-      code = %{ eval('{a: 1, b:2, c:3}')}
-      begin
-        expect(BuildBox.perform(cod: code, security_level: 0).result).to raise_error(RuntimeError) 
-      rescue => e 
-        raise e unless e.message == 'Code parameter must be informed.'
-      end
+    it "must permit inform timeout params" do      
+      BuildBox.config.bad_constants.clear
+      BuildBox.config.bad_methods.clear
+      code = %{ sleep 0.3 }
+      expect(BuildBox.perform(code, security_level:0, timeout: 0.1).error).to eql("BuildBoxError: execution expired")
     end
 
-
-
     context 'unsafe commands' do
       it 'does not exit' do
         expect(BuildBox.config).to receive(:bad_methods).at_least(:once).and_return([])
@@ -98,7 +137,7 @@ describe "BuildBox" do
       it 'does not exit for kernel' do
         expect(BuildBox.config).to receive(:bad_methods).at_least(:once).and_return([])
         expect(BuildBox.config).to receive(:bad_constants).at_least(:once).and_return([])
-        expect(BuildBox.perform('Kernel.exit').error).to eql("NameError: undefined local variable or method `exit' for Kernel:Module")
+        expect(BuildBox.perform('Kernel.exit').error).to eql("SystemExit: exit")
       end
 
       it 'does not exec' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: build_box
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Rafael Vettori
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-29 00:00:00.000000000 Z
+date: 2014-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler