dia 1.4.pre.2 → 1.4

data/NEWS.md

@@ -1,10 +1,13 @@
 ## NEWS
 
+### 1.4
+* A typo broke support for launching applications in a sandbox. (Bug affects 1.3 and all the 1.4 *pre* releases)
 * Mac OSX 10.5 reported as working! (Bug fix)  
   Many thanks to Josh Creek for reporting and helping me debug this bug.
 * Use ffi\_lib() to explicitly load the dynamic library "sandbox", or "System"
 * Depend explicitly on FFI v0.6.2
 * Dia::Sandbox#run accepts a variable amount of arguments that will be passed onto the block supplied to the constructer.
+* Added "test/\*\*/*.rb" to the gem specification as test files..
 
 ### 1.3
 * Added Dia::Sandbox#running? to check if a process running a sandbox is alive or not.

data/TODO.md

@@ -1,7 +1,8 @@
 ## TODO
 
 ### 1.4
-* If you're going to run a block under a sandbox, make Dia::Sandbox#run accept *args so they may be passed onto the block.
+* Dia::Sandbox.run() doesn't use @app to launch a process, but uses @app\_path which was removed in 1.3
+ * If you're going to run a block under a sandbox, make Dia::Sandbox#run accept *args so they may be passed onto the block.
 
 ### 1.3
 * Remove link to experimental branch in gemspec before release

data/lib/dia.rb

@@ -5,7 +5,7 @@ require File.join(File.dirname(__FILE__), 'dia/commonapi.rb')
 require File.join(File.dirname(__FILE__), 'dia/sandbox.rb')
 
 module Dia
-  VERSION = '1.4.pre.2'
+  VERSION = '1.4'
   class SandboxException < StandardError; end
 end
 

data/lib/dia/sandbox.rb

@@ -57,11 +57,11 @@ module Dia
       
       @pid = fork do
         if sandbox_init(FFI::MemoryPointer.from_string(@profile), 0x0001, err = FFI::MemoryPointer.new(:pointer)) == -1
-          raise Dia::SandboxException, "Failed to initialize sandbox (#{err.read_pointer.read_string}"
+          raise Dia::SandboxException, "Failed to initialize sandbox (#{err.read_pointer.read_string})"
         end
         
-        if @app_path
-          exec(@app_path)
+        if @app
+          exec(@app)
         else
           @blk.call(*args)
         end

data/test/setup.rb

@@ -0,0 +1,4 @@
+require 'rubygems'
+require 'socket'
+require 'baretest'
+require File.join(File.dirname(__FILE__), '..', 'lib', 'dia')

data/test/suite/check_if_sandbox_is_alive_test.rb

@@ -0,0 +1,23 @@
+BareTest.suite "Dia::Sandbox#running?", :tags => [ :running? ] do
+  
+  assert 'Confirm that Dia::Sandbox#running? returns true when a sandbox is running' do
+    sandbox = Dia::Sandbox.new(Dia::Profiles::NO_OS_SERVICES) do
+      sleep(20)
+    end
+    
+    sandbox.run
+    equal(true, sandbox.running?)
+    sandbox.terminate
+  end
+
+  assert 'Confirm that Dia::Sandbox#running? returns false when a sandbox is not running' do
+    sandbox = Dia::Sandbox.new(Dia::Profiles::NO_OS_SERVICES) do
+      sleep(20)
+    end
+    sandbox.run
+    sandbox.terminate
+    sleep(1)
+    equal(false, sandbox.running?)
+  end
+  
+end

data/test/suite/passing_parameters_to_constructer_test.rb

@@ -0,0 +1,34 @@
+# See /test/suite/run_block_in_sandbox_test.rb for tests that confirm sandboxes are successfully created ..
+BareTest.suite 'Dia::Sandbox.new', :tags => [ :new ] do
+  
+  assert 'Passing no arguments to the constructer will raise an ArgumentError' do
+    raises(ArgumentError) do
+      Dia::Sandbox.new
+    end
+  end
+  
+  assert 'Passing only a profile to the constructer will raise an ArgumentError' do
+    raises(ArgumentError) do
+      Dia::Sandbox.new(Dia::Profiles::NO_INTERNET)
+    end
+  end
+  
+  assert 'Passing a profile, application path, and a block will raise an ArgumentError' do
+    raises(ArgumentError) do
+      Dia::Sandbox.new(Dia::Profiles::NO_OS_SERVICES, 'ls') do
+        puts "foo"
+      end
+    end
+  end
+  
+  assert 'Passing an application path and a profile will raise nothing' do
+    Dia::Sandbox.new(Dia::Profiles::NO_OS_SERVICES, 'ls')
+  end
+  
+  assert 'Passing a block and a profile will raise nothing' do
+    Dia::Sandbox.new(Dia::Profiles::NO_OS_SERVICES) do
+      puts "foo"
+    end
+  end
+  
+end

data/test/suite/run_block_in_sandbox_test.rb

@@ -0,0 +1,126 @@
+# TODO: Add assertion for Dia::Profiles::NO_OS_SERVICES
+
+BareTest.suite 'Dia::Sandbox#run', :tags => [ :run ] do 
+
+  setup do
+    @reader, @writer = IO.pipe
+  end
+  
+  assert 'A Ruby block will not be able to access the internet' do
+    
+    sandbox = Dia::Sandbox.new(Dia::Profiles::NO_INTERNET) do
+      begin
+        @reader.close
+        TCPSocket.open('http://www.google.com', 80)
+        @writer.write('false')
+      rescue SocketError, SystemCallError => e
+        @writer.write('true')
+      end
+    end
+    
+    # a child process is spawned, and the block passed to the constructer executed.
+    sandbox.run
+    
+    # back in the parent.
+    @writer.close
+    successful = @reader.gets
+    @reader.close
+    
+    equal('true', successful)
+  end
+    
+  assert 'A Ruby block will not be able to write the filesystem' do
+    
+    sandbox = Dia::Sandbox.new(Dia::Profiles::NO_FILESYSTEM_WRITE)  do
+      begin
+        @reader.close
+        File.open('foo.txt', 'w')
+        @writer.write('false')
+      rescue SystemCallError => e
+        @writer.write('true')
+      end
+    end
+
+    # a child process is spawned, and the block passed to the constructer executed.
+    sandbox.run
+    
+    # back in the parent.
+    @writer.close
+    successful = @reader.gets
+    @reader.close
+    
+    equal('true', successful)
+  end
+  
+  assert 'A Ruby block will not be able to write to the filesystem except when writing to /tmp' do
+    sandbox = Dia::Sandbox.new(Dia::Profiles::NO_FILESYSTEM_WRITE_EXCEPT_TMP) do
+      marshal = []
+      begin
+        marshal = Marshal.dump(marshal)
+        @reader.close
+        File.open('foo.txt', 'w')
+        @writer.write('false')
+      rescue SystemCallError => e
+        marshal = Marshal.dump(Marshal.load(marshal) << 'true')
+      end
+      
+      begin
+        File.open('/tmp/foo.txt', 'w') do |f|
+          f.puts 'foo'
+        end
+        @writer.write(marshal = Marshal.dump(Marshal.load(marshal) << 'true'))
+      rescue SystemCallError => e
+        @writer.write('false')
+      end
+    end
+    
+    # a child process is spawned, and the block passed to the constructer executed.
+    sandbox.run
+    
+    # back in the parent.
+    @writer.close
+    successful = Marshal.load(@reader.gets)
+    @reader.close
+    
+    equal(['true', 'true'], successful)
+  end
+  
+  assert 'A Ruby block will not be able to do any socket based communication' do
+    sandbox = Dia::Sandbox.new(Dia::Profiles::NO_NETWORKING) do  
+      begin
+        @reader.close
+        TCPSocket.open('http://www.youtube.com', 80)
+        @writer.write('false')
+      rescue SocketError => e
+        @writer.write('true')
+      end
+    end
+    
+    # a child process is spawned, and the block passed to the constructer executed.
+    sandbox.run
+    
+    # back in the parent.
+    @writer.close
+    successful = @reader.gets
+    @reader.close
+    
+    equal('true', successful)
+  end
+ 
+  assert 'A Ruby block will be able to receive arguments through #run' do
+    sandbox = Dia::Sandbox.new(Dia::Profiles::NO_INTERNET) do |foo, bar|
+      @reader.close
+      @writer.write(foo+bar)
+      @writer.close
+    end
+    sandbox.run('foo', 'bar')
+    
+    # back in the parent..
+    @writer.close
+    answer = @reader.gets
+    @reader.close
+    
+    equal('foobar', answer)
+  end
+
+end

data/test/suite/terminate_sandbox_test.rb

@@ -0,0 +1,21 @@
+BareTest.suite 'Dia::Sandbox#terminate', :tags => [ :terminate ] do
+  
+  assert 'A spawned sandbox will be terminated with the #terminate method' do
+    sandbox = Dia::Sandbox.new(Dia::Profiles::NO_OS_SERVICES) do
+      sleep(100)
+    end
+    
+    sandbox.run
+    sandbox.terminate
+    sleep(1) # Allow the process time to die ..
+    
+    begin
+      Process.kill('SIGKILL', sandbox.pid)
+      false
+    rescue Errno::ESRCH => e
+      true
+    end
+    
+  end
+  
+end

metadata

@@ -1,13 +1,11 @@
 --- !ruby/object:Gem::Specification 
 name: dia
 version: !ruby/object:Gem::Version 
-  prerelease: true
+  prerelease: false
   segments: 
   - 1
   - 4
-  - pre
-  - 2
-  version: 1.4.pre.2
+  version: "1.4"
 platform: ruby
 authors: 
 - Robert Gleeson
@@ -15,7 +13,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-02-25 00:00:00 +00:00
+date: 2010-02-27 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -46,6 +44,18 @@ dependencies:
         version: 0.2.4
   type: :development
   version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: yard
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id003
 description: Dia allows you to sandbox application(s) or block(s) of ruby on the OSX platform by restricting access to operating system resources
 email: rob@flowof.info
 executables: []
@@ -68,7 +78,7 @@ has_rdoc: yard
 homepage: 
 licenses: []
 
-post_install_message: "  ********************************************************************\n  Dia (1.4.pre.2)\n  \n  The Mac OSX 10.5 bug has been reported as fixed! \n  Many thanks to \"Josh Creek\" for reporting, and helping me debug the\n  problem until we solved it.\n  ********************************************************************\n"
+post_install_message: "  ********************************************************************\n  Dia (1.4)\n  \n  * A typo that would result in being unable to launch an application\n    under a sandbox has been fixed (1.3 and 1.4.pre were affected)\n    \n  * The Mac OSX 10.5 bug has been reported as fixed! \n    Many thanks to \"Josh Creek\" for reporting, and helping me debug the\n    problem until we solved it.\n  ********************************************************************\n"
 rdoc_options: []
 
 require_paths: 
@@ -82,13 +92,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   requirements: 
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version 
       segments: 
-      - 1
-      - 3
-      - 1
-      version: 1.3.1
+      - 0
+      version: "0"
 requirements: []
 
 rubyforge_project: 
@@ -96,5 +104,9 @@ rubygems_version: 1.3.6
 signing_key: 
 specification_version: 3
 summary: Dia allows you to sandbox application(s) or block(s) of ruby on the OSX platform by restricting access to operating system resources
-test_files: []
-
+test_files: 
+- test/setup.rb
+- test/suite/check_if_sandbox_is_alive_test.rb
+- test/suite/passing_parameters_to_constructer_test.rb
+- test/suite/run_block_in_sandbox_test.rb
+- test/suite/terminate_sandbox_test.rb