evalhook 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
data/CHANGELOG CHANGED
@@ -1,3 +1,5 @@
1
+ 0.1.1 Fixed ruby injection flaw in evalhook trick
2
+
1
3
  0.1.0 Created RDOC
2
4
 
3
5
  Implemented use examples
data/Rakefile CHANGED
@@ -6,7 +6,7 @@ require 'rake/gempackagetask'
6
6
 
7
7
  spec = Gem::Specification.new do |s|
8
8
  s.name = 'evalhook'
9
- s.version = '0.1.0'
9
+ s.version = '0.1.1'
10
10
  s.author = 'Dario Seminara'
11
11
  s.email = 'robertodarioseminara@gmail.com'
12
12
  s.platform = Gem::Platform::RUBY
@@ -630,6 +630,18 @@ VALUE caller_obj(VALUE self, VALUE rblevel) {
630
630
  }
631
631
 
632
632
 
633
+ VALUE validate_syntax(VALUE self, VALUE code) {
634
+
635
+ NODE* node = rb_compile_string("(eval)", code, 1);
636
+
637
+ if (node == 0) {
638
+ rb_raise(rb_eSyntaxError,"");
639
+ }
640
+
641
+ return Qnil;
642
+ }
643
+
644
+
633
645
  extern void Init_evalhook_base() {
634
646
  m_EvalHook = rb_define_module("EvalHook");
635
647
 
@@ -662,6 +674,7 @@ See README for more examples
662
674
  c_HookHandler = rb_define_class_under(m_EvalHook, "HookHandler", rb_cObject);
663
675
 
664
676
  rb_define_singleton_method(m_EvalHook, "hook_block", hook_block, 1);
677
+ rb_define_singleton_method(m_EvalHook, "validate_syntax", validate_syntax, 1);
665
678
 
666
679
  rb_define_method(c_HookHandler, "hook_method_tree", hook_method_tree, 1);
667
680
 
data/lib/evalhook.rb CHANGED
@@ -184,6 +184,8 @@ module EvalHook
184
184
 
185
185
  EvalHook.method_handler = self
186
186
 
187
+ EvalHook.validate_syntax args[0]
188
+
187
189
  args[0] = "
188
190
  retvalue = nil
189
191
  EvalHook.double_run do |run|
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: evalhook
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 25
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 0
10
- version: 0.1.0
9
+ - 1
10
+ version: 0.1.1
11
11
  platform: ruby
12
12
  authors:
13
13
  - Dario Seminara
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-10-30 00:00:00 -03:00
18
+ date: 2010-12-19 00:00:00 -03:00
19
19
  default_executable:
20
20
  dependencies: []
21
21