jruby-safe 0.2.2-java

data/ext/java/sandbox/SandboxModule.java

@@ -0,0 +1,39 @@
+package sandbox;
+
+import org.jruby.Profile;
+import org.jruby.Ruby;
+import org.jruby.RubyClass;
+import org.jruby.RubyModule;
+import org.jruby.anno.JRubyClass;
+import org.jruby.anno.JRubyMethod;
+import org.jruby.runtime.builtin.IRubyObject;
+
+public class SandboxModule {
+  /**
+   * Create the Sandbox module and add it to the Ruby runtime.
+   */
+  public static RubyModule createSandboxModule(final Ruby runtime) {
+    RubyModule mSandbox = runtime.defineModule("Sandbox");
+    mSandbox.defineAnnotatedMethods(SandboxModule.class);
+
+    RubyClass cObject = runtime.getObject();
+    RubyClass cSandboxFull = mSandbox.defineClassUnder("Full", cObject, SandboxFull.FULL_ALLOCATOR);
+    cSandboxFull.defineAnnotatedMethods(SandboxFull.class);
+    RubyClass cStandardError = runtime.getStandardError();
+    RubyClass cSandboxException = mSandbox.defineClassUnder("SandboxException", cStandardError, cStandardError.getAllocator());
+
+    return mSandbox;
+  }
+
+  @JRubyClass(name="Sandbox::SandboxException", parent="StandardError")
+  public static class SandboxException {}
+
+  @JRubyMethod(name="current", meta=true)
+  public static IRubyObject s_current(IRubyObject recv) {
+    Profile prof = recv.getRuntime().getProfile();
+    if (prof instanceof SandboxProfile) {
+      return ((SandboxProfile) prof).getSandbox();
+    }
+    return recv.getRuntime().getNil();
+  }
+}

data/ext/java/sandbox/SandboxProfile.java

@@ -0,0 +1,22 @@
+package sandbox;
+
+import org.jruby.Profile;
+import org.jruby.runtime.builtin.IRubyObject;
+
+public class SandboxProfile implements Profile {
+  private IRubyObject sandbox;
+
+  public SandboxProfile(IRubyObject sandbox) {
+    this.sandbox = sandbox;
+  }
+
+  public IRubyObject getSandbox() {
+    return sandbox;
+  }
+
+  public boolean allowBuiltin(String name) { return true; }
+  public boolean allowClass(String name) { return true; }
+  public boolean allowModule(String name) { return true; }
+  public boolean allowLoad(String name) { return true; }
+  public boolean allowRequire(String name) { return true; }
+}

data/ext/java/sandbox/SandboxService.java

@@ -0,0 +1,17 @@
+package sandbox;
+
+import java.io.IOException;
+
+import org.jruby.Ruby;
+import org.jruby.runtime.load.BasicLibraryService;
+
+public class SandboxService implements BasicLibraryService {
+  public boolean basicLoad(Ruby runtime) throws IOException {
+    init(runtime);
+    return true;
+  }
+
+  private void init(Ruby runtime) {
+    SandboxModule.createSandboxModule(runtime);
+  }
+}

data/jruby-safe.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "sandbox/version"
+
+Gem::Specification.new do |s|
+  s.name        = "jruby-safe"
+  s.version     = Sandbox::VERSION
+  s.platform    = "java"
+  s.authors     = ["Kazuhiro yamada"]
+  s.email       = ["yamadakazu45@gmail.com"]
+  s.homepage    = "http://github.com/k-yamada/jruby-safe"
+  s.summary     = "Sandbox support for JRuby"
+  s.description = "A version of _why's Freaky Freaky Sandbox for JRuby."
+
+  s.files         = `git ls-files`.split("\n") + ["lib/sandbox/sandbox.jar"]
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency "fakefs"
+
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rake-compiler"
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "yard"
+end

data/lib/jruby-safe.rb

@@ -0,0 +1 @@
+require 'sandbox'

data/lib/sandbox.rb

@@ -0,0 +1,18 @@
+require "sandbox/binding"
+require "sandbox/sandbox"
+require "sandbox/version"
+require "sandbox/safe"
+
+module Sandbox
+  PRELUDE = File.expand_path("../sandbox/prelude.rb", __FILE__).freeze # :nodoc:
+
+  class << self
+    def new
+      Full.new
+    end
+
+    def safe
+      Safe.new
+    end
+  end
+end

data/lib/sandbox/binding.rb

@@ -0,0 +1,27 @@
+class Binding
+  # Returns the value of some variable.
+  #
+  #   a = 2
+  #   binding["a"]  #=> 2
+  #
+  def [](x)
+    if RUBY_VERSION.to_f > 2.1
+      local_variable_get(x)
+    else
+      eval(x.to_s)
+    end
+  end
+
+  # Set the value of a local variable.
+  #
+  #   b = binding
+  #   b["a"] = 4
+  #   eval("a", b)  #=> 4
+  def []=(l, v)
+    if RUBY_VERSION.to_f > 2.1
+      local_variable_set(l, v)
+    else
+      eval("#{l} = nil; lambda {|v| #{l} = v}").call(v)
+    end
+  end
+end

data/lib/sandbox/prelude.rb

@@ -0,0 +1,19 @@
+# Alternate "safer" versions of Ruby methods. Mostly non-blocking.
+[Fixnum, Bignum, Float].each do |klass|
+  klass.class_eval do
+    # A very weak version of pow, it doesn't work on Floats, but it's gonna
+    # fill the most common uses for now.
+    def **(x)
+      case x
+      when 0; 1
+      when 1; self
+      else
+        y = 1
+        while 0 <= (x -= 1) do
+          y *= self
+        end
+        y
+      end
+    end
+  end
+end

data/lib/sandbox/safe.rb

@@ -0,0 +1,397 @@
+require "fakefs/safe"
+
+module Sandbox
+  TimeoutError = Class.new(Exception)
+
+  class Safe < Full
+    def activate!
+      activate_fakefs
+
+      keep_singleton_methods(:Kernel, KERNEL_S_METHODS)
+      keep_singleton_methods(:Symbol, SYMBOL_S_METHODS)
+      keep_singleton_methods(:String, STRING_S_METHODS)
+      keep_singleton_methods(:IO, IO_S_METHODS)
+
+      keep_methods(:Kernel, KERNEL_METHODS)
+      keep_methods(:NilClass, NILCLASS_METHODS)
+      keep_methods(:Symbol, SYMBOL_METHODS)
+      keep_methods(:TrueClass, TRUECLASS_METHODS)
+      keep_methods(:FalseClass, FALSECLASS_METHODS)
+      keep_methods(:Enumerable, ENUMERABLE_METHODS)
+      keep_methods(:String, STRING_METHODS)
+
+      Kernel.class_eval do
+        def `(*args) # `<- fix highlight by editor
+          raise NoMethodError, "` is unavailable"
+        end
+
+        def system(*args)
+          raise NoMethodError, "system is unavailable"
+        end
+      end
+    end
+
+    def activate_fakefs
+      require "fileutils"
+
+      # unfortunately, the authors of FakeFS used `extend self` in FileUtils, instead of `module_function`.
+      # I fixed it for them
+      (FakeFS::FileUtils.methods - Module.methods - Kernel.methods).each do |module_method_name|
+        FakeFS::FileUtils.send(:module_function, module_method_name)
+      end
+
+      import  FakeFS
+      ref     FakeFS::Dir
+      ref     FakeFS::File
+      ref     FakeFS::FileTest
+      import  FakeFS::FileUtils #import FileUtils because it is a module
+
+      # this is basically what FakeFS.activate! does, but we want to do it in the sandbox
+      # so we have to live with this:
+      eval <<-RUBY
+        Object.class_eval do
+          remove_const(:Dir)
+          remove_const(:File)
+          remove_const(:FileTest)
+          remove_const(:FileUtils)
+
+          const_set(:Dir,       FakeFS::Dir)
+          const_set(:File,      FakeFS::File)
+          const_set(:FileUtils, FakeFS::FileUtils)
+          const_set(:FileTest,  FakeFS::FileTest)
+        end
+
+        [Dir, File, FileUtils, FileTest].each do |fake_class|
+          fake_class.class_eval do
+            def self.class_eval
+              raise NoMethodError, "class_eval is unavailable"
+            end
+            def self.instance_eval
+              raise NoMethodError, "instance_eval is unavailable"
+            end
+          end
+        end
+      RUBY
+
+      FakeFS::FileSystem.clear
+    end
+
+    def eval(code, options={})
+      if options.is_a?(Binding)
+        eval_with_binding(code, options)
+      elsif seconds = options[:timeout]
+        sandbox_timeout(code, seconds) do
+          super code
+        end
+      else
+        super code
+      end
+    end
+
+    private
+
+    def sandbox_timeout(name, seconds)
+      val, exc = nil
+
+      thread = Thread.start(name) do
+        begin
+          val = yield
+        rescue Exception => exc
+        end
+      end
+
+      thread.join(seconds)
+
+      if thread.alive?
+        if thread.respond_to? :kill!
+          thread.kill!
+        else
+          thread.kill
+        end
+
+        timed_out = true
+      end
+
+      if timed_out
+        raise TimeoutError, "#{self.class} timed out"
+      elsif exc
+        raise exc
+      else
+        val
+      end
+    end
+
+    IO_S_METHODS = %w[
+      new
+      foreach
+      open
+    ]
+
+    KERNEL_S_METHODS = %w[
+      Array
+      binding
+      block_given?
+      catch
+      chomp
+      chomp!
+      chop
+      chop!
+      eval
+      fail
+      Float
+      format
+      global_variables
+      gsub
+      gsub!
+      Integer
+      iterator?
+      lambda
+      local_variables
+      loop
+      method_missing
+      proc
+      raise
+      scan
+      split
+      sprintf
+      String
+      sub
+      sub!
+      throw
+    ].freeze
+
+    SYMBOL_S_METHODS = %w[
+      all_symbols
+    ].freeze
+
+    STRING_S_METHODS = %w[
+      new
+    ].freeze
+
+    KERNEL_METHODS = %w[
+      ==
+      ===
+      =~
+      Array
+      binding
+      block_given?
+      catch
+      chomp
+      chomp!
+      chop
+      chop!
+      class
+      clone
+      dup
+      eql?
+      equal?
+      eval
+      fail
+      Float
+      format
+      freeze
+      frozen?
+      global_variables
+      gsub
+      gsub!
+      hash
+      id
+      initialize_copy
+      inspect
+      instance_eval
+      instance_of?
+      instance_variables
+      instance_variable_get
+      instance_variable_set
+      instance_variable_defined?
+      Integer
+      is_a?
+      iterator?
+      kind_of?
+      lambda
+      local_variables
+      loop
+      methods
+      method_missing
+      nil?
+      private_methods
+      print
+      proc
+      protected_methods
+      public_methods
+      raise
+      remove_instance_variable
+      respond_to?
+      respond_to_missing?
+      scan
+      send
+      singleton_methods
+      singleton_method_added
+      singleton_method_removed
+      singleton_method_undefined
+      split
+      sprintf
+      String
+      sub
+      sub!
+      taint
+      tainted?
+      throw
+      to_a
+      to_s
+      type
+      untaint
+      __send__
+    ].freeze
+
+    NILCLASS_METHODS = %w[
+      &
+      inspect
+      nil?
+      to_a
+      to_f
+      to_i
+      to_s
+      ^
+      |
+    ].freeze
+
+    SYMBOL_METHODS = %w[
+      ===
+      id2name
+      inspect
+      to_i
+      to_int
+      to_s
+      to_sym
+    ].freeze
+
+    TRUECLASS_METHODS = %w[
+      &
+      to_s
+      ^
+      |
+    ].freeze
+
+    FALSECLASS_METHODS = %w[
+      &
+      to_s
+      ^
+      |
+    ].freeze
+
+    ENUMERABLE_METHODS = %w[
+      all?
+      any?
+      collect
+      detect
+      each_with_index
+      entries
+      find
+      find_all
+      grep
+      include?
+      inject
+      map
+      max
+      member?
+      min
+      partition
+      reject
+      select
+      sort
+      sort_by
+      to_a
+      zip
+    ].freeze
+
+    STRING_METHODS = %w[
+      %
+      *
+      +
+      <<
+      <=>
+      ==
+      =~
+      capitalize
+      capitalize!
+      casecmp
+      center
+      chomp
+      chomp!
+      chop
+      chop!
+      concat
+      count
+      crypt
+      delete
+      delete!
+      downcase
+      downcase!
+      dump
+      each
+      each_byte
+      each_line
+      empty?
+      eql?
+      gsub
+      gsub!
+      hash
+      hex
+      include?
+      index
+      initialize
+      initialize_copy
+      insert
+      inspect
+      intern
+      length
+      ljust
+      lines
+      lstrip
+      lstrip!
+      match
+      next
+      next!
+      oct
+      replace
+      reverse
+      reverse!
+      rindex
+      rjust
+      rstrip
+      rstrip!
+      scan
+      size
+      slice
+      slice!
+      split
+      squeeze
+      squeeze!
+      strip
+      strip!
+      start_with?
+      sub
+      sub!
+      succ
+      succ!
+      sum
+      swapcase
+      swapcase!
+      to_f
+      to_i
+      to_s
+      to_str
+      to_sym
+      tr
+      tr!
+      tr_s
+      tr_s!
+      upcase
+      upcase!
+      upto
+      []
+      []=
+    ].freeze
+  end
+end