evalhook 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/CHANGELOG +2 -0
  2. data/Rakefile +1 -1
  3. data/ext/evalhook_base/evalhook_base.c +13 -0
  4. data/lib/evalhook.rb +2 -0
  5. metadata +4 -4
data/CHANGELOG CHANGED
@@ -1,3 +1,5 @@
1
+ 0.1.1 Fixed ruby injection flaw in evalhook trick
2
+
1
3
  0.1.0 Created RDOC
2
4
 
3
5
  Implemented use examples
data/Rakefile CHANGED
@@ -6,7 +6,7 @@ require 'rake/gempackagetask'
6
6
 
7
7
  spec = Gem::Specification.new do |s|
8
8
  s.name = 'evalhook'
9
- s.version = '0.1.0'
9
+ s.version = '0.1.1'
10
10
  s.author = 'Dario Seminara'
11
11
  s.email = 'robertodarioseminara@gmail.com'
12
12
  s.platform = Gem::Platform::RUBY
data/ext/evalhook_base/evalhook_base.c CHANGED
@@ -630,6 +630,18 @@ VALUE caller_obj(VALUE self, VALUE rblevel) {
630
630
  }
631
631
 
632
632
 
633
+ VALUE validate_syntax(VALUE self, VALUE code) {
634
+
635
+ NODE* node = rb_compile_string("(eval)", code, 1);
636
+
637
+ if (node == 0) {
638
+ rb_raise(rb_eSyntaxError,"");
639
+ }
640
+
641
+ return Qnil;
642
+ }
643
+
644
+
633
645
  extern void Init_evalhook_base() {
634
646
  m_EvalHook = rb_define_module("EvalHook");
635
647
 
@@ -662,6 +674,7 @@ See README for more examples
662
674
  c_HookHandler = rb_define_class_under(m_EvalHook, "HookHandler", rb_cObject);
663
675
 
664
676
  rb_define_singleton_method(m_EvalHook, "hook_block", hook_block, 1);
677
+ rb_define_singleton_method(m_EvalHook, "validate_syntax", validate_syntax, 1);
665
678
 
666
679
  rb_define_method(c_HookHandler, "hook_method_tree", hook_method_tree, 1);
667
680
 
data/lib/evalhook.rb CHANGED
@@ -184,6 +184,8 @@ module EvalHook
184
184
 
185
185
  EvalHook.method_handler = self
186
186
 
187
+ EvalHook.validate_syntax args[0]
188
+
187
189
  args[0] = "
188
190
  retvalue = nil
189
191
  EvalHook.double_run do |run|
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: evalhook
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 25
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 0
10
- version: 0.1.0
9
+ - 1
10
+ version: 0.1.1
11
11
  platform: ruby
12
12
  authors:
13
13
  - Dario Seminara
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-10-30 00:00:00 -03:00
18
+ date: 2010-12-19 00:00:00 -03:00
19
19
  default_executable:
20
20
  dependencies: []
21
21