javasand 0.0.1

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2006 Ola Bini <ola@ologix.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,2 @@
+An implementation of Sandbox for JRuby.
+Based on Sandbox 0.3 by _why the lucky stiff.

data/lib/sandbox.rb

@@ -0,0 +1,90 @@
+require 'sand_table'
+require 'thread'
+
+module Sandbox
+
+  BUILD = "#{VERSION}.#{REV_ID[6..-3]}" #:nodoc:
+  PRELUDE = File.expand_path("../sandbox/prelude.rb", __FILE__) #:nodoc:
+
+  #
+  # Stands in for an exception raised within the sandbox during evaluation.
+  # (See Sandbox#eval.)
+  #
+  class Exception
+  end
+
+  #
+  # Raised when the duration of a sandbox evaluation exceeds a specified
+  # timeout.  (See Sandbox#eval.)
+  #
+  class TimeoutError < Exception
+  end
+
+  class Full
+    private :_eval
+    #
+    # call-seq:
+    #    sandbox.eval(str, opts={})   => obj
+    #
+    # Evaluates +str+ as Ruby code inside the sandbox and returns
+    # the result.  If an option hash +opts+ is provided, any options
+    # specified in it take precedence over options specified when +sandbox+
+    # was created.  (See Sandbox.new.)
+    #
+    # Available options include:
+    #
+    # [:timeout]  The maximum time in seconds which Sandbox#eval is allowed to
+    #             run before it is forcibly terminated.
+    # [:safelevel]  The $SAFE level to use during evaluation in the sandbox.
+    #
+    # If evaluation times out, Sandbox#eval will raise a
+    # Sandbox::TimeoutError.  If no timeout is specified, Sandbox#eval will
+    # be allowed to run indefinitely.
+    #
+    def eval(str, opts = {})
+      opts = @options.merge(opts)
+      if opts[:timeout] or opts[:safelevel]
+        th, exc, timed_out = nil, nil, false
+        safelevel = opts[:safelevel]
+        val = nil
+        th = Thread.start(str) do
+          $SAFE = safelevel if safelevel and safelevel > $SAFE
+          begin
+            val = _eval(str)
+          rescue Exception => exc
+          end
+        end
+        th.join(opts[:timeout])
+        if th.alive?
+          if th.respond_to? :kill!
+            th.kill!
+          else
+            th.kill
+          end
+          timed_out = true
+        end
+        if timed_out
+          raise TimeoutError, "#{self.class}#eval timed out"
+        elsif exc
+          raise exc
+        else
+          val
+        end
+      else
+        _eval(str)
+      end
+    end
+
+    #
+    # call-seq:
+    #    sandbox.load(portname, opts={})   => obj
+    #
+    # Reads all available data from the given I/O port +portname+ and
+    # then evaluates it as a string in +sandbox+.  (See Sandbox#eval.)
+    #
+    def load(io, opts = {})
+      eval(IO.read(io), opts)
+    end
+  end
+
+end

data/lib/sandbox/irb.rb

@@ -0,0 +1,95 @@
+require 'irb'
+require 'sandbox'
+
+class Sandbox::IRB
+
+  def initialize(box)
+    @box, @sig, @p = box, :IN_IRB
+    @box_errors = %w[StandardError ScriptError].map { |x| @box.eval(x) }
+    @prompt = {:start => ">> ", :continue => ".. ", :nested => ".. ",
+      :string => "   ", :return => "=> %s\n"}
+  end
+
+  def box_eval(str)
+    @box.eval(str)
+  end
+
+  def start(io)
+    scanner = RubyLex.new
+    scanner.exception_on_syntax_error = false
+    scanner.set_prompt do |ltype, indent, continue, line_no|
+      if ltype
+        f = @prompt[:string]
+      elsif continue
+        f = @prompt[:continue]
+      elsif indent > 0
+        f = @prompt[:nested]
+      else
+        f = @prompt[:start]
+      end
+      f = "" unless f
+      @p = prompt(f, ltype, indent, line_no)
+    end
+
+    scanner.set_input(io) do
+      signal_status(:IN_INPUT) do
+        io.print @p
+        io.gets
+      end
+    end
+
+    scanner.each_top_level_statement do |line, line_no|
+      signal_status(:IN_EVAL) do
+        line.untaint
+        begin
+          val = box_eval(line)
+          io.puts @prompt[:return] % [val.inspect]
+        rescue Sandbox::Exception, Sandbox::TimeoutError => e
+          io.print e, "\n"
+        end
+      end
+    end
+  end
+
+  def prompt(prompt, ltype, indent, line_no)
+    p = prompt.dup
+    p.gsub!(/%([0-9]+)?([a-zA-Z])/) do
+      case $2
+      # when "N"
+      #   @context.irb_name
+      # when "m"
+      #   @context.main.to_s
+      # when "M"
+      #   @context.main.inspect
+      when "l"
+        ltype
+      when "i"
+        if $1 
+          format("%" + $1 + "d", indent)
+        else
+          indent.to_s
+        end
+      when "n"
+        if $1 
+          format("%" + $1 + "d", line_no)
+        else
+          line_no.to_s
+        end
+      when "%"
+        "%"
+      end
+    end
+    p
+  end
+
+  def signal_status(status)
+    return yield if @sig == :IN_LOAD
+    sig_back = @sig
+    @sig = status
+    begin
+      yield
+    ensure
+      @sig = sig_back
+    end
+  end
+end

data/lib/sandbox/prelude.rb

@@ -0,0 +1,21 @@
+# Alternate "safer" versions of Ruby methods.  Mostly non-blocking.
+[Fixnum, Bignum, Float].each do |klass|
+  klass.class_eval do
+
+    # A very weak version of pow, it doesn't work on Floats, but it's
+    # gonna fill the most common uses for now.
+    def ** x
+      case x
+      when 0; 1
+      when 1; self
+      else
+        y = 1
+        while 0 <= (x -= 1) do
+          y *= self
+        end
+        y
+      end
+    end
+
+  end
+end

data/lib/sandbox/server.rb

@@ -0,0 +1,140 @@
+require 'socket'
+require 'sandbox/irb'
+
+class Sandbox::IRBServer
+  attr_reader :acceptor
+  attr_reader :workers
+  attr_reader :host
+  attr_reader :port
+  attr_reader :timeout
+  attr_reader :num_processors
+
+  def initialize(host, port, num_processors=(2**30-1), timeout=0)
+    @socket = TCPServer.new(host, port) 
+    @host = host
+    @port = port
+    @workers = ThreadGroup.new
+    @timeout = timeout
+    @num_processors = num_processors
+    @death_time = 60
+    @sessions = {}
+  end
+
+  def randid
+    abc = %{ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz} 
+    (1..20).map { abc[rand(abc.size),1] }.join
+  end
+
+  def new_sandbox
+    Sandbox.safe(:timeout => 10)
+  end
+
+  def process_client(client)
+    begin
+      case client.gets
+      when /^LOGIN (\w+)/
+        sess = $1
+      else
+        sess = randid
+      end
+
+      @sessions[sess] ||= new_sandbox
+      client.puts sess
+      Sandbox::IRB.new(@sessions[sess]).start(client)
+    rescue EOFError,Errno::ECONNRESET,Errno::EPIPE,Errno::EINVAL,Errno::EBADF
+      # ignored
+    rescue Errno::EMFILE
+      reap_dead_workers('too many files')
+    rescue Object
+      STDERR.puts "#{Time.now}: ERROR: #$!"
+      STDERR.puts $!.backtrace.join("\n")
+    ensure
+      client.close unless client.closed?
+    end
+  end
+
+  # Used internally to kill off any worker threads that have taken too long
+  # to complete processing.  Only called if there are too many processors
+  # currently servicing.  It returns the count of workers still active
+  # after the reap is done.  It only runs if there are workers to reap.
+  def reap_dead_workers(reason='unknown')
+    if @workers.list.length > 0
+      STDERR.puts "#{Time.now}: Reaping #{@workers.list.length} threads for slow workers because of '#{reason}'"
+      mark = Time.now
+      @workers.list.each do |w|
+        w[:started_on] = Time.now if not w[:started_on]
+
+        if mark - w[:started_on] > @death_time + @timeout
+          STDERR.puts "Thread #{w.inspect} is too old, killing."
+          w.raise(TimeoutError.new("Timed out thread."))
+        end
+      end
+    end
+
+    return @workers.list.length
+  end
+
+  # Performs a wait on all the currently running threads and kills any that take
+  # too long.  Right now it just waits 60 seconds, but will expand this to
+  # allow setting.  The @timeout setting does extend this waiting period by
+  # that much longer.
+  def graceful_shutdown
+    while reap_dead_workers("shutdown") > 0
+      STDERR.print "Waiting for #{@workers.list.length} requests to finish, could take #{@death_time + @timeout} seconds."
+      sleep @death_time / 10
+    end
+  end
+
+
+  # Runs the thing.  It returns the thread used so you can "join" it.  You can also
+  # access the HttpServer::acceptor attribute to get the thread later.
+  def run
+    BasicSocket.do_not_reverse_lookup=true
+
+    @acceptor = Thread.new do
+      while true
+        begin
+          client = @socket.accept
+          worker_list = @workers.list
+
+          if worker_list.length >= @num_processors
+            STDERR.puts "Server overloaded with #{worker_list.length} processors (#@num_processors max). Dropping connection."
+            client.close
+            reap_dead_workers("max processors")
+          else
+            thread = Thread.new { process_client(client) }
+            thread.abort_on_exception = true
+            thread[:started_on] = Time.now
+            @workers.add(thread)
+
+            sleep @timeout/100 if @timeout > 0
+          end
+        rescue StopServer
+          @socket.close if not @socket.closed?
+          break
+        rescue Errno::EMFILE
+          reap_dead_workers("too many open files")
+          sleep 0.5
+        rescue Errno::ECONNABORTED
+          # client closed the socket even before accept
+          client.close if not client.closed?
+        end
+      end
+
+      graceful_shutdown
+    end
+
+    return @acceptor
+  end
+
+  # Stops the acceptor thread and then causes the worker threads to finish
+  # off the request queue before finally exiting.
+  def stop
+    stopper = Thread.new do 
+      exc = StopServer.new
+      @acceptor.raise(exc)
+    end
+    stopper.priority = 10
+  end
+
+end

metadata

@@ -0,0 +1,52 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.9.0
+specification_version: 1
+name: javasand
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+date: 2006-12-02 00:00:00 +01:00
+summary: Sandbox support for JRuby. Only usable with JRuby
+require_paths: 
+- lib
+email: ola@ologix.com
+homepage: http://jruby-extras.rubyforge.org/
+rubyforge_project: 
+description: 
+autorequire: 
+default_executable: 
+bindir: bin
+has_rdoc: false
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
+  version: 
+platform: ruby
+signing_key: 
+cert_chain: 
+post_install_message: 
+authors: 
+- JRuby-extras
+files: 
+- LICENSE
+- README
+- lib/sand_table.jar
+- lib/sandbox.rb
+- lib/sandbox/prelude.rb
+- lib/sandbox/server.rb
+- lib/sandbox/irb.rb
+test_files: []
+
+rdoc_options: []
+
+extra_rdoc_files: []
+
+executables: []
+
+extensions: []
+
+requirements: 
+- JRuby with the org.jruby.Profile-class
+dependencies: []
+