RubyGems - github-safegem - Versions diffs - 0.2.4 → 0.2.5 - Mend

github-safegem 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

data/README ADDED Viewed

@@ -0,0 +1,20 @@
+SafeGem: GitHub's Safe Gem Eval Web Service
+-------------------------------------------
+Help make GitHub's gem build process more secure and robust!
+SafeGem is a Sinatra app that safely converts Ruby gemspecs into YAML gemspecs.
+It works as follows:
+1) Receives a request with the repo location and the ruby gemspec
+2) Returns immediately and schedules the following via EM.defer:
+1) Makes a shallow clone of the repo and chdir's to that repo
+2) Evals the spec in a separate thread with a higher $SAFE level
+3) Converts spec to YAML
+4) Posts the YAML to the specified callback
+Goals
+-----
+* Lower the $SAFE level to allow methods like Dir.glob, but without compromising security.

data/VERSION.yml CHANGED Viewed

@@ -1,4 +1,4 @@
 ---
-:major: 0
 :minor: 2
-:patch: 4
+:patch: 5
+:major: 0

data/bin/safegem CHANGED Viewed

@@ -80,10 +80,8 @@ post '/' do
             payload = Base64.encode64(Zlib::Deflate.deflate(YAML.dump(spec)))
             w.write payload
             w.close
-          rescue Object
-            puts $!, $@
-            w.write "ERROR: #$!"
+          rescue Object => e
+            w.write "ERROR: #{e.message}"
             w.close
           end
         end
@@ -92,30 +90,36 @@ post '/' do
         Process.wait(pid)
         yaml = r.read
         r.close
-        puts "-- converted to yaml in #{Time.now - t1}s"
+        if yaml =~ /^ERROR: (.*)$/
+          puts "-- conversion error in #{Time.now - t1}s"
+          res = nil
+          t = time do
+            payload = {'token' => token, 'message' => $1}
+            puts "<- [#{callback}] #{payload.inspect}"
+            res = Net::HTTP.post_form(URI.parse("#{callback}_error"), payload)
+          end
+          puts "-> #{res.body.inspect} in #{t}s"
-        res = nil
-        t = time do
-          payload = {'token' => token, 'yaml' => yaml}
-          puts "<- [#{callback}] #{payload.merge('yaml' => payload['yaml'].size).inspect}"
-          res = Net::HTTP.post_form(URI.parse(callback), payload)
-        end
-        puts "-> #{res.body.inspect} in #{t}s"
+          packet = {'result' => "Failed to convert #{repo} gemspec to YAML.", 'error' => nil}
+          puts "<- #{packet.inspect}"
+          packet.to_json
+        else
+          puts "-- converted to yaml in #{Time.now - t1}s"
-        # uri = URI.parse(callback)
-        # http = Net::HTTP.new(uri.host)
-        # http.set_debug_output $stdout
-        # http.start do |http|
-        #   req = Net::HTTP::Post.new(uri.path)
-        #   payload = {'token' => token, 'yaml' => yaml}
-        #   req.set_form_data(payload)
-        #   res = http.request(req)
-        #   p res.value
-        # end
+          res = nil
+          t = time do
+            payload = {'token' => token, 'yaml' => yaml}
+            puts "<- [#{callback}] #{payload.merge('yaml' => payload['yaml'].size).inspect}"
+            res = Net::HTTP.post_form(URI.parse(callback), payload)
+          end
+          puts "-> #{res.body.inspect} in #{t}s"
-        packet = {'result' => "Successfully converted #{repo} gemspec to YAML.", 'error' => nil}
-        puts "<- #{packet.inspect}"
-        packet.to_json
+          packet = {'result' => "Successfully converted #{repo} gemspec to YAML.", 'error' => nil}
+          puts "<- #{packet.inspect}"
+          packet.to_json
+        end
       end
     rescue Exception => e
       Process.kill(9, pid) rescue nil

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: github-safegem
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.2.5
 platform: ruby
 authors:
 - PJ Hyett
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-03-29 00:00:00 -07:00
+date: 2009-04-01 00:00:00 -07:00
 default_executable: safegem
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -49,8 +49,8 @@ executables:
 - safegem
 extensions: []
-extra_rdoc_files: []
+extra_rdoc_files:
+- README
 files:
 - VERSION.yml
 - bin/safegem
@@ -63,6 +63,7 @@ files:
 - test/lazy_dir_test.rb
 - test/safegem_test.rb
 - test/security_test.rb
+- README
 has_rdoc: true
 homepage: http://github.com/github/safegem
 post_install_message: