github-safegem 0.2.4 → 0.2.5
Sign up to get free protection for your applications and to get access to all the features.
- data/README +20 -0
- data/VERSION.yml +2 -2
- data/bin/safegem +29 -25
- metadata +5 -4
data/README
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
SafeGem: GitHub's Safe Gem Eval Web Service
|
|
2
|
+
-------------------------------------------
|
|
3
|
+
|
|
4
|
+
Help make GitHub's gem build process more secure and robust!
|
|
5
|
+
|
|
6
|
+
SafeGem is a Sinatra app that safely converts Ruby gemspecs into YAML gemspecs.
|
|
7
|
+
|
|
8
|
+
It works as follows:
|
|
9
|
+
|
|
10
|
+
1) Receives a request with the repo location and the ruby gemspec
|
|
11
|
+
2) Returns immediately and schedules the following via EM.defer:
|
|
12
|
+
|
|
13
|
+
1) Makes a shallow clone of the repo and chdir's to that repo
|
|
14
|
+
2) Evals the spec in a separate thread with a higher $SAFE level
|
|
15
|
+
3) Converts spec to YAML
|
|
16
|
+
4) Posts the YAML to the specified callback
|
|
17
|
+
|
|
18
|
+
Goals
|
|
19
|
+
-----
|
|
20
|
+
* Lower the $SAFE level to allow methods like Dir.glob, but without compromising security.
|
data/VERSION.yml
CHANGED
data/bin/safegem
CHANGED
|
@@ -80,10 +80,8 @@ post '/' do
|
|
|
80
80
|
payload = Base64.encode64(Zlib::Deflate.deflate(YAML.dump(spec)))
|
|
81
81
|
w.write payload
|
|
82
82
|
w.close
|
|
83
|
-
rescue Object
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
w.write "ERROR: #$!"
|
|
83
|
+
rescue Object => e
|
|
84
|
+
w.write "ERROR: #{e.message}"
|
|
87
85
|
w.close
|
|
88
86
|
end
|
|
89
87
|
end
|
|
@@ -92,30 +90,36 @@ post '/' do
|
|
|
92
90
|
Process.wait(pid)
|
|
93
91
|
yaml = r.read
|
|
94
92
|
r.close
|
|
95
|
-
|
|
93
|
+
|
|
94
|
+
if yaml =~ /^ERROR: (.*)$/
|
|
95
|
+
puts "-- conversion error in #{Time.now - t1}s"
|
|
96
|
+
|
|
97
|
+
res = nil
|
|
98
|
+
t = time do
|
|
99
|
+
payload = {'token' => token, 'message' => $1}
|
|
100
|
+
puts "<- [#{callback}] #{payload.inspect}"
|
|
101
|
+
res = Net::HTTP.post_form(URI.parse("#{callback}_error"), payload)
|
|
102
|
+
end
|
|
103
|
+
puts "-> #{res.body.inspect} in #{t}s"
|
|
96
104
|
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
end
|
|
103
|
-
puts "-> #{res.body.inspect} in #{t}s"
|
|
105
|
+
packet = {'result' => "Failed to convert #{repo} gemspec to YAML.", 'error' => nil}
|
|
106
|
+
puts "<- #{packet.inspect}"
|
|
107
|
+
packet.to_json
|
|
108
|
+
else
|
|
109
|
+
puts "-- converted to yaml in #{Time.now - t1}s"
|
|
104
110
|
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
# res = http.request(req)
|
|
113
|
-
# p res.value
|
|
114
|
-
# end
|
|
111
|
+
res = nil
|
|
112
|
+
t = time do
|
|
113
|
+
payload = {'token' => token, 'yaml' => yaml}
|
|
114
|
+
puts "<- [#{callback}] #{payload.merge('yaml' => payload['yaml'].size).inspect}"
|
|
115
|
+
res = Net::HTTP.post_form(URI.parse(callback), payload)
|
|
116
|
+
end
|
|
117
|
+
puts "-> #{res.body.inspect} in #{t}s"
|
|
115
118
|
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
+
packet = {'result' => "Successfully converted #{repo} gemspec to YAML.", 'error' => nil}
|
|
120
|
+
puts "<- #{packet.inspect}"
|
|
121
|
+
packet.to_json
|
|
122
|
+
end
|
|
119
123
|
end
|
|
120
124
|
rescue Exception => e
|
|
121
125
|
Process.kill(9, pid) rescue nil
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: github-safegem
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- PJ Hyett
|
|
@@ -10,7 +10,7 @@ autorequire:
|
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
12
|
|
|
13
|
-
date: 2009-
|
|
13
|
+
date: 2009-04-01 00:00:00 -07:00
|
|
14
14
|
default_executable: safegem
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
@@ -49,8 +49,8 @@ executables:
|
|
|
49
49
|
- safegem
|
|
50
50
|
extensions: []
|
|
51
51
|
|
|
52
|
-
extra_rdoc_files:
|
|
53
|
-
|
|
52
|
+
extra_rdoc_files:
|
|
53
|
+
- README
|
|
54
54
|
files:
|
|
55
55
|
- VERSION.yml
|
|
56
56
|
- bin/safegem
|
|
@@ -63,6 +63,7 @@ files:
|
|
|
63
63
|
- test/lazy_dir_test.rb
|
|
64
64
|
- test/safegem_test.rb
|
|
65
65
|
- test/security_test.rb
|
|
66
|
+
- README
|
|
66
67
|
has_rdoc: true
|
|
67
68
|
homepage: http://github.com/github/safegem
|
|
68
69
|
post_install_message:
|