jruby_sandbox 0.1.0-java

data/.gitignore

@@ -0,0 +1,6 @@
+*.gem
+.bundle
+lib/sandbox/sandbox.jar
+pkg/*
+tags
+tmp

data/.rvmrc

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+# This is an RVM Project .rvmrc file, used to automatically load the ruby
+# development environment upon cd'ing into the directory
+
+# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional.
+environment_id="jruby-1.6.3@jruby_sandbox"
+
+#
+# Uncomment following line if you want options to be set only for given project.
+#
+PROJECT_JRUBY_OPTS=( --1.9 )
+
+#
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+#
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments" \
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+
+  if [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]]
+  then
+    . "${rvm_path:-$HOME/.rvm}/hooks/after_use"
+  fi
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  if ! rvm --create  "$environment_id"
+  then
+    echo "Failed to create RVM environment '${environment_id}'."
+    exit 1
+  fi
+fi
+
+#
+# If you use an RVM gemset file to install a list of gems (*.gems), you can have
+# it be automatically loaded. Uncomment the following and adjust the filename if
+# necessary.
+#
+# filename=".gems"
+# if [[ -s "$filename" ]] ; then
+#   rvm gemset import "$filename" | grep -v already | grep -v listed | grep -v complete | sed '/^$/d'
+# fi
+

data/Gemfile

@@ -0,0 +1,7 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in jruby_sandbox.gemspec
+gemspec
+
+# this fork has some recent work done for 1.9, like File.foreach
+gem 'fakefs', :git => 'git://github.com/nanothief/fakefs.git', :require => 'fakefs/safe'

data/Gemfile.lock

@@ -0,0 +1,39 @@
+GIT
+  remote: git://github.com/nanothief/fakefs.git
+  revision: cb63ff262e1ab9dffdda6d20a1b9c90434e97d58
+  specs:
+    fakefs (0.3.2)
+
+PATH
+  remote: .
+  specs:
+    jruby_sandbox (0.1.0-java)
+      fakefs
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.2)
+    rake (0.9.2)
+    rake-compiler (0.7.9)
+      rake
+    rspec (2.6.0)
+      rspec-core (~> 2.6.0)
+      rspec-expectations (~> 2.6.0)
+      rspec-mocks (~> 2.6.0)
+    rspec-core (2.6.4)
+    rspec-expectations (2.6.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.6.0)
+    yard (0.7.2)
+
+PLATFORMS
+  java
+
+DEPENDENCIES
+  fakefs!
+  jruby_sandbox!
+  rake
+  rake-compiler
+  rspec
+  yard

data/README.md

@@ -0,0 +1,66 @@
+JRuby Sandbox
+=============
+
+The JRuby sandbox is a reimplementation of _why's freaky freaky sandbox
+in JRuby, and is heavily based on [javasand][1] by Ola Bini, but updated
+for JRuby 1.6.
+
+## Prerequisites
+
+This gem requires JRuby 1.6. As of the time of this writing, it is known to
+work with the latest stable version of JRuby, 1.6.3. You can install it via
+RVM with the following command:
+
+    rvm install jruby-1.6.3
+
+## Building
+
+To build the JRuby extension, run `rake compile`. This will build the
+`lib/sandbox/sandbox.jar` file, which `lib/sandbox.rb` loads.
+
+## Basic Usage
+
+Sandbox gives you a self-contained JRuby interpreter in which to eval
+code without polluting the host environment.
+
+    >> require "sandbox"
+    => true
+    >> sand = Sandbox::Full.new
+    => #<Sandbox::Full:0x46377e2a>
+    >> sand.eval("x = 1 + 2")
+    => 3
+    >> sand.eval("x")
+    => 3
+    >> x
+    NameError: undefined local variable or method `x' for #<Object:0x11cdc190>
+
+There's also `Sandbox::Full#require`, which lets you invoke
+`Kernel#require` directly for the sandbox, so you can load any trusted
+core libraries.  Note that this is a direct binding to `Kernel#require`,
+so it will only load ruby stdlib libraries (i.e. no rubygems support
+yet).
+
+## Sandbox::Safe usage
+
+Sandbox::Safe exposes an `#activate!` method which will lock down the sandbox, removing unsafe methods.  Before calling `#activate!`, Sandbox::Safe is the same as Sandbox::Full.
+
+    >> require 'sandbox'
+    => true 
+    >> sand = Sandbox.safe
+    => #<Sandbox::Safe:0x17072b90> 
+    >> sand.eval %{`echo HELLO`}
+    => "HELLO\n" 
+    >> sand.activate! 
+    >> sand.eval %{`echo HELLO`}
+    Sandbox::SandboxException: NoMethodError: undefined method ``' for main:Object
+
+Sandbox::Safe works by whitelisting methods to keep, and removing the rest.  Checkout sandbox.rb for which methods are kept.
+
+## Known Issues / TODOs
+
+  * It would be a good idea to integrate something like FakeFS to stub
+    out the filesystem in the sandbox.
+  * There is currently no timeout support, so it's possible for a
+    sandbox to loop indefinitely and block the host interpreter.
+
+[1]: http://ola-bini.blogspot.com/2006/12/freaky-freaky-sandbox-has-come-to-jruby.html

data/Rakefile

@@ -0,0 +1,24 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rake/javaextensiontask'
+
+Rake::JavaExtensionTask.new('sandbox') do |ext|
+  jruby_home = RbConfig::CONFIG['prefix']
+  ext.ext_dir = 'ext/java'
+  ext.lib_dir = 'lib/sandbox'
+  jars = ["#{jruby_home}/lib/jruby.jar"] + FileList['lib/*.jar']
+  ext.classpath = jars.map { |x| File.expand_path(x) }.join(':')
+end
+
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.pattern = 'spec/**/*_spec.rb'
+  t.rspec_opts = ['--backtrace']
+end
+
+# Make sure the jar is up to date before running specs
+task :spec => :compile
+
+task :default => :spec

data/ext/java/sandbox/BoxedClass.java

@@ -0,0 +1,25 @@
+package sandbox;
+
+import org.jruby.anno.JRubyClass;
+import org.jruby.anno.JRubyMethod;
+import org.jruby.runtime.builtin.IRubyObject;
+import org.jruby.runtime.Block;
+
+@JRubyClass(name="BoxedClass")
+public class BoxedClass {
+  @JRubyMethod(module=true, rest=true)
+  public static IRubyObject method_missing(IRubyObject recv, IRubyObject[] args, Block block) {
+    IRubyObject[] args2 = new IRubyObject[args.length - 1];
+    System.arraycopy(args, 1, args2, 0, args2.length);
+    String name = args[0].toString();
+
+    SandboxFull box = (SandboxFull) SandboxFull.getLinkedBox(recv);
+    return box.runMethod(recv, name, args2, block);
+  }
+
+  @JRubyMethod(name="new", meta=true, rest=true)
+  public static IRubyObject _new(IRubyObject recv, IRubyObject[] args, Block block) {
+    SandboxFull box = (SandboxFull) SandboxFull.getLinkedBox(recv);
+    return box.runMethod(recv, "new", args, block);
+  }
+}

data/ext/java/sandbox/SandboxFull.java

@@ -0,0 +1,308 @@
+package sandbox;
+
+import java.util.Collection;
+import java.util.Map;
+
+import org.jruby.Ruby;
+import org.jruby.RubyClass;
+import org.jruby.RubyInstanceConfig;
+import org.jruby.RubyKernel;
+import org.jruby.RubyModule;
+import org.jruby.RubyObject;
+import org.jruby.CompatVersion;
+import org.jruby.anno.JRubyClass;
+import org.jruby.anno.JRubyMethod;
+import org.jruby.internal.runtime.methods.DynamicMethod;
+import org.jruby.runtime.Block;
+import org.jruby.runtime.builtin.IRubyObject;
+import org.jruby.common.IRubyWarnings;
+import org.jruby.exceptions.RaiseException;
+
+
+@JRubyClass(name="Sandbox::Full")
+public class SandboxFull extends RubyObject {
+  private Ruby wrapped;
+
+  public SandboxFull(Ruby runtime, RubyClass type) {
+    super(runtime, type);
+    reload();
+  }
+
+  @JRubyMethod
+  public IRubyObject reload() {
+    RubyInstanceConfig cfg = new RubyInstanceConfig();
+    cfg.setObjectSpaceEnabled(getRuntime().getInstanceConfig().isObjectSpaceEnabled());
+    cfg.setInput(getRuntime().getInstanceConfig().getInput());
+    cfg.setOutput(getRuntime().getInstanceConfig().getOutput());
+    cfg.setError(getRuntime().getInstanceConfig().getError());
+    cfg.setCompatVersion(CompatVersion.RUBY1_9);
+    cfg.setScriptFileName("(sandbox)");
+
+    SandboxProfile profile = new SandboxProfile(this);
+    cfg.setProfile(profile);
+
+    wrapped = Ruby.newInstance(cfg);
+
+    RubyClass cBoxedClass = wrapped.defineClass("BoxedClass", wrapped.getObject(), wrapped.getObject().getAllocator());
+    cBoxedClass.defineAnnotatedMethods(BoxedClass.class);
+
+    return this;
+  }
+
+  @JRubyMethod(required=1)
+  public IRubyObject eval(IRubyObject str) {
+    try {
+      IRubyObject result = wrapped.evalScriptlet(str.asJavaString(), wrapped.getCurrentContext().getCurrentScope());
+      return unbox(result);
+    } catch (RaiseException e) {
+      String msg = e.getException().callMethod(wrapped.getCurrentContext(), "message").asJavaString();
+      String path = e.getException().type().getName();
+      RubyClass eSandboxException = (RubyClass) getRuntime().getClassFromPath("Sandbox::SandboxException");
+      throw new RaiseException(getRuntime(), eSandboxException, path + ": " + msg, false);
+    } catch (Exception e) {
+      e.printStackTrace();
+      getRuntime().getWarnings().warn(IRubyWarnings.ID.MISCELLANEOUS, "NativeException: " + e);
+      return getRuntime().getNil();
+    }
+  }
+
+  @JRubyMethod(name="import", required=1)
+  public IRubyObject _import(IRubyObject klass) {
+    if (!(klass instanceof RubyModule)) {
+      throw getRuntime().newTypeError(klass, getRuntime().getClass("Module"));
+    }
+    String name = ((RubyModule) klass).getName();
+    importClassPath(name, false);
+    return getRuntime().getNil();
+  }
+
+  @JRubyMethod(required=1)
+  public IRubyObject ref(IRubyObject klass) {
+    if (!(klass instanceof RubyModule)) {
+      throw getRuntime().newTypeError(klass, getRuntime().getClass("Module"));
+    }
+    String name = ((RubyModule) klass).getName();
+    importClassPath(name, true);
+    return getRuntime().getNil();
+  }
+
+  private RubyModule importClassPath(String path, final boolean link) {
+    RubyModule runtimeModule = getRuntime().getObject();
+    RubyModule wrappedModule = wrapped.getObject();
+
+    if (path.startsWith("#")) {
+      throw getRuntime().newArgumentError("can't import anonymous class " + path);
+    }
+
+    for (String name : path.split("::")) {
+      runtimeModule = (RubyModule) runtimeModule.getConstantAt(name);
+      // Create the module when it did not exist yet...
+      if (wrappedModule.const_defined_p(wrapped.getCurrentContext(), wrapped.newString(name)).isFalse()) {
+        // The BoxedClass takes the place of Object as top of the inheritance
+        // hierarchy. As a result, we can intercept all new instances that are
+        // created and all method_missing calls.
+        RubyModule sup = wrapped.getClass("BoxedClass");
+        if (!link && runtimeModule instanceof RubyClass) {
+          // If we're importing a class, recursively import all of its
+          // superclasses as well.
+          sup = importClassPath(runtimeModule.getSuperClass().getName(), true);
+        }
+        
+        RubyClass klass = (RubyClass) sup;
+        if (wrappedModule == wrapped.getObject()) {
+          
+          if (link || runtimeModule instanceof RubyClass){ // if this is a ref and not an import
+            wrappedModule = wrapped.defineClass(name, klass, klass.getAllocator());
+          } else {
+            wrappedModule = wrapped.defineModule(name);
+          }
+          
+        } else {
+          if (runtimeModule instanceof RubyClass){
+            wrappedModule = wrappedModule.defineClassUnder(name, klass, klass.getAllocator());
+          } else {
+            wrappedModule = wrappedModule.defineModuleUnder(name);
+          }
+          
+        }
+      } else {
+        // ...or just resolve it, if it was already known
+        wrappedModule = (RubyModule) wrappedModule.getConstantAt(name);
+      }
+      
+      // Check the consistency of the hierarchy
+      if (runtimeModule instanceof RubyClass) {
+        if (!link && !runtimeModule.getSuperClass().getName().equals(wrappedModule.getSuperClass().getName())) {
+          throw getRuntime().newTypeError("superclass mismatch for class " + runtimeModule.getSuperClass().getName());
+        }
+      }
+
+      if (link || runtimeModule instanceof RubyClass) {
+        linkObject(runtimeModule, wrappedModule);
+      } else {
+        copyMethods(runtimeModule, wrappedModule);
+      }
+    }
+
+    return runtimeModule;
+  }
+
+  private void copyMethods(RubyModule from, RubyModule to) {
+    to.getMethodsForWrite().putAll(from.getMethods());
+    to.getSingletonClass().getMethodsForWrite().putAll(from.getSingletonClass().getMethods());
+  }
+
+  @JRubyMethod(required=2)
+  public IRubyObject keep_methods(IRubyObject className, IRubyObject methods) {
+    RubyModule module = wrapped.getModule(className.asJavaString());
+    if (module != null) {
+      keepMethods(module, methods.convertToArray());
+    }
+    return methods;
+  }
+
+  @JRubyMethod(required=2)
+  public IRubyObject keep_singleton_methods(IRubyObject className, IRubyObject methods) {
+    RubyModule module = wrapped.getModule(className.asJavaString()).getSingletonClass();
+    if (module != null) {
+      keepMethods(module, methods.convertToArray());
+    }
+    return methods;
+  }
+
+  private void keepMethods(RubyModule module, Collection retain) {
+    for (Map.Entry<String, DynamicMethod> methodEntry : module.getMethods().entrySet()) {
+      String methodName = methodEntry.getKey();
+      if (!retain.contains(methodName)) {
+        removeMethod(module, methodName);
+      }
+    }
+  }
+
+  @JRubyMethod(required=2)
+  public IRubyObject remove_method(IRubyObject className, IRubyObject methodName) {
+    RubyModule module = wrapped.getModule(className.asJavaString());
+    if (module != null) {
+      removeMethod(module, methodName.asJavaString());
+    }
+    return getRuntime().getNil();
+  }
+
+  @JRubyMethod(required=2)
+  public IRubyObject remove_singleton_method(IRubyObject className, IRubyObject methodName) {
+    RubyModule module = wrapped.getModule(className.asJavaString()).getSingletonClass();
+    if (module != null) {
+      removeMethod(module, methodName.asJavaString());
+    }
+    return getRuntime().getNil();
+  }
+
+  private void removeMethod(RubyModule module, String methodName) {
+    // System.err.println("removing method " + methodName + " from " + module.inspect().asJavaString());
+    module.removeMethod(wrapped.getCurrentContext(), methodName);
+  }
+
+  @JRubyMethod(required=1)
+  public IRubyObject load(IRubyObject str) {
+    try {
+      wrapped.getLoadService().load(str.asJavaString(), true);
+      return getRuntime().getTrue();
+    } catch (RaiseException e) {
+      e.printStackTrace();
+      return getRuntime().getFalse();
+    }
+  }
+
+  @JRubyMethod(required=1)
+  public IRubyObject require(IRubyObject str) {
+    try {
+      IRubyObject result = RubyKernel.require(wrapped.getKernel(), wrapped.newString(str.asJavaString()), Block.NULL_BLOCK);
+      return unbox(result);
+    } catch (RaiseException e) {
+      e.printStackTrace();
+      return getRuntime().getFalse();
+    }
+  }
+
+  private IRubyObject unbox(IRubyObject obj) {
+    return box(obj);
+  }
+
+  private IRubyObject rebox(IRubyObject obj) {
+    return box(obj);
+  }
+
+  private IRubyObject box(IRubyObject obj) {
+    if (obj.isImmediate()) {
+      return cross(obj);
+    } else {
+      // If this object already existed and was returned from the wrapped
+      // runtime on an earlier occasion, it will already contain a link to its
+      // brother in the regular runtime and we can safely return that link.
+      IRubyObject link = getLinkedObject(obj);
+      if (!link.isNil()) {
+        IRubyObject box = getLinkedBox(obj);
+        if (box == this) return link;
+      }
+
+      // Is the class already known on both sides of the fence?
+      IRubyObject klass = constFind(obj.getMetaClass().getRealClass().getName());
+      link = getRuntime().getNil();
+      if (!klass.isNil()) {
+        link = getLinkedObject(klass);
+      }
+
+      if (link.isNil()) {
+        return cross(obj);
+      } else {
+        IRubyObject v = ((RubyClass)klass).allocate();
+        linkObject(obj, v);
+        return v;
+      }
+    }
+  }
+
+  private IRubyObject cross(IRubyObject obj) {
+    IRubyObject dumped = wrapped.getModule("Marshal").callMethod(wrapped.getCurrentContext(), "dump", obj);
+    return getRuntime().getModule("Marshal").callMethod(getRuntime().getCurrentContext(), "load", dumped);
+  }
+
+  protected static IRubyObject getLinkedObject(IRubyObject arg) {
+    IRubyObject object = arg.getRuntime().getNil();
+    if (arg.getInstanceVariables().getInstanceVariable("__link__") != null) {
+      object = (IRubyObject) arg.getInstanceVariables().fastGetInstanceVariable("__link__");
+    }
+    return object;
+  }
+
+  protected static IRubyObject getLinkedBox(IRubyObject arg) {
+    IRubyObject object = arg.getRuntime().getNil();
+    if (arg.getInstanceVariables().getInstanceVariable("__box__") != null) {
+      object = (IRubyObject) arg.getInstanceVariables().fastGetInstanceVariable("__box__");
+    }
+    return object;
+  }
+
+  private void linkObject(IRubyObject runtimeObject, IRubyObject wrappedObject) {
+    wrappedObject.getInstanceVariables().setInstanceVariable("__link__", runtimeObject);
+    wrappedObject.getInstanceVariables().setInstanceVariable("__box__", this);
+  }
+
+  private IRubyObject constFind(String path) {
+    try {
+      return wrapped.getClassFromPath(path);
+    } catch (Exception e) {
+      return wrapped.getNil();
+    }
+  }
+
+  protected IRubyObject runMethod(IRubyObject recv, String name, IRubyObject[] args, Block block) {
+    IRubyObject[] args2 = new IRubyObject[args.length];
+    for (int i = 0; i < args.length; i++) {
+      args2[i] = unbox(args[i]);
+    }
+    IRubyObject recv2 = unbox(recv);
+    IRubyObject result = recv2.callMethod(getRuntime().getCurrentContext(), name, args2, block);
+    return rebox(result);
+  }
+}

data/ext/java/sandbox/SandboxModule.java

@@ -0,0 +1,16 @@
+package sandbox;
+
+import org.jruby.Profile;
+import org.jruby.anno.JRubyMethod;
+import org.jruby.runtime.builtin.IRubyObject;
+
+public class SandboxModule {
+  @JRubyMethod(name="current", meta=true)
+  public static IRubyObject s_current(IRubyObject recv) {
+    Profile prof = recv.getRuntime().getProfile();
+    if (prof instanceof SandboxProfile) {
+      return ((SandboxProfile) prof).getSandbox();
+    }
+    return recv.getRuntime().getNil();
+  }
+}

data/ext/java/sandbox/SandboxProfile.java

@@ -0,0 +1,22 @@
+package sandbox;
+
+import org.jruby.Profile;
+import org.jruby.runtime.builtin.IRubyObject;
+
+public class SandboxProfile implements Profile {
+  private IRubyObject sandbox;
+
+  public SandboxProfile(IRubyObject sandbox) {
+    this.sandbox = sandbox;
+  }
+
+  public IRubyObject getSandbox() {
+    return sandbox;
+  }
+
+  public boolean allowBuiltin(String name) { return true; }
+  public boolean allowClass(String name) { return true; }
+  public boolean allowModule(String name) { return true; }
+  public boolean allowLoad(String name) { return true; }
+  public boolean allowRequire(String name) { return true; }
+}

data/ext/java/sandbox/SandboxService.java

@@ -0,0 +1,33 @@
+package sandbox;
+
+import java.io.IOException;
+
+import org.jruby.Ruby;
+import org.jruby.RubyClass;
+import org.jruby.RubyModule;
+import org.jruby.runtime.ObjectAllocator;
+import org.jruby.runtime.builtin.IRubyObject;
+import org.jruby.runtime.load.BasicLibraryService;
+
+public class SandboxService implements BasicLibraryService {
+  public boolean basicLoad(Ruby runtime) throws IOException {
+    init(runtime);
+    return true;
+  }
+
+  private void init(Ruby runtime) {
+    RubyModule mSandbox = runtime.defineModule("Sandbox");
+    mSandbox.defineAnnotatedMethods(SandboxModule.class);
+
+    RubyClass cSandboxFull = mSandbox.defineClassUnder("Full", runtime.getObject(), FULL_ALLOCATOR);
+    cSandboxFull.defineAnnotatedMethods(SandboxFull.class);
+
+    RubyClass cSandboxException = mSandbox.defineClassUnder("SandboxException", runtime.getException(), runtime.getException().getAllocator());
+  }
+
+  protected static final ObjectAllocator FULL_ALLOCATOR = new ObjectAllocator() {
+    public IRubyObject allocate(Ruby runtime, RubyClass klass) {
+      return new SandboxFull(runtime, klass);
+    }
+  };
+}

data/jruby_sandbox.gemspec

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path('../lib', __FILE__)
+require 'sandbox/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'jruby_sandbox'
+  s.version     = Sandbox::VERSION
+  s.platform    = 'java'
+  s.authors     = ['Dray Lacy', 'Eric Allam']
+  s.email       = ['dray@envylabs.com', 'eric@envylabs.com']
+  s.homepage    = 'http://github.com/omghax/jruby_sandbox'
+  s.summary     = 'Sandbox support for JRuby'
+  s.description = "A version of _why's Freaky Freaky Sandbox for JRuby."
+
+  s.rubyforge_project = 'jruby_sandbox'
+
+  s.files         = `git ls-files`.split("\n") + ['lib/sandbox/sandbox.jar']
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ['lib']
+  
+  s.add_dependency 'fakefs'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rake-compiler'
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'yard'
+end

data/lib/sandbox/prelude.rb

@@ -0,0 +1,19 @@
+# Alternate "safer" versions of Ruby methods. Mostly non-blocking.
+[Fixnum, Bignum, Float].each do |klass|
+  klass.class_eval do
+    # A very weak version of pow, it doesn't work on Floats, but it's gonna
+    # fill the most common uses for now.
+    def **(x)
+      case x
+      when 0; 1
+      when 1; self
+      else
+        y = 1
+        while 0 <= (x -= 1) do
+          y *= self
+        end
+        y
+      end
+    end
+  end
+end

data/lib/sandbox/version.rb

@@ -0,0 +1,3 @@
+module Sandbox
+  VERSION = '0.1.0'
+end

data/lib/sandbox.rb

@@ -0,0 +1,333 @@
+require 'sandbox/sandbox'
+require 'sandbox/version'
+require 'fakefs/safe'
+
+module Sandbox
+  PRELUDE = File.expand_path('../sandbox/prelude.rb', __FILE__).freeze # :nodoc:
+
+  class << self
+    def new
+      Full.new
+    end
+
+    def safe
+      Safe.new
+    end
+  end
+
+  class Safe < Full
+    def activate!
+      activate_fakefs
+      
+      keep_singleton_methods(:Kernel, KERNEL_S_METHODS)
+      keep_singleton_methods(:Symbol, SYMBOL_S_METHODS)
+      keep_singleton_methods(:String, STRING_S_METHODS)
+
+      keep_methods(:Kernel, KERNEL_METHODS)
+      keep_methods(:NilClass, NILCLASS_METHODS)
+      keep_methods(:Symbol, SYMBOL_METHODS)
+      keep_methods(:TrueClass, TRUECLASS_METHODS)
+      keep_methods(:FalseClass, FALSECLASS_METHODS)
+      keep_methods(:Enumerable, ENUMERABLE_METHODS)
+      keep_methods(:String, STRING_METHODS)
+    end
+    
+    def activate_fakefs
+      require 'fileutils'
+      
+      # unfortunately, the authors of FakeFS used `extend self` in FileUtils, instead of `module_function`.
+      # I fixed it for them
+      (FakeFS::FileUtils.methods - Module.methods - Kernel.methods).each do |module_method_name|
+        FakeFS::FileUtils.send(:module_function, module_method_name)
+      end
+      
+      import  FakeFS
+      ref     FakeFS::Dir
+      ref     FakeFS::File
+      ref     FakeFS::FileTest
+      import  FakeFS::FileUtils #import FileUtils because it is a module
+      
+      eval <<-RUBY
+        Object.class_eval do
+          remove_const(:Dir)
+          remove_const(:File)
+          remove_const(:FileTest)
+          remove_const(:FileUtils)
+      
+          const_set(:Dir,       FakeFS::Dir)
+          const_set(:File,      FakeFS::File)
+          const_set(:FileUtils, FakeFS::FileUtils)
+          const_set(:FileTest,  FakeFS::FileTest)
+        end
+      RUBY
+      
+      FakeFS::FileSystem.clear
+    end
+
+    KERNEL_S_METHODS = %w[
+      Array
+      binding
+      block_given?
+      catch
+      chomp
+      chomp!
+      chop
+      chop!
+      eval
+      fail
+      Float
+      format
+      global_variables
+      gsub
+      gsub!
+      Integer
+      iterator?
+      lambda
+      local_variables
+      loop
+      method_missing
+      proc
+      raise
+      scan
+      split
+      sprintf
+      String
+      sub
+      sub!
+      throw
+    ].freeze
+
+    SYMBOL_S_METHODS = %w[
+      all_symbols
+    ].freeze
+
+    STRING_S_METHODS = %w[
+      new
+    ].freeze
+
+    KERNEL_METHODS = %w[
+      ==
+      ===
+      =~
+      Array
+      binding
+      block_given?
+      catch
+      chomp
+      chomp!
+      chop
+      chop!
+      class
+      clone
+      dup
+      eql?
+      equal?
+      eval
+      fail
+      Float
+      format
+      freeze
+      frozen?
+      global_variables
+      gsub
+      gsub!
+      hash
+      id
+      initialize_copy
+      inspect
+      instance_eval
+      instance_of?
+      instance_variables
+      instance_variable_get
+      instance_variable_set
+      instance_variable_defined?
+      Integer
+      is_a?
+      iterator?
+      kind_of?
+      lambda
+      local_variables
+      loop
+      methods
+      method_missing
+      nil?
+      private_methods
+      print
+      proc
+      protected_methods
+      public_methods
+      raise
+      remove_instance_variable
+      respond_to?
+      respond_to_missing?
+      scan
+      send
+      singleton_methods
+      singleton_method_added
+      singleton_method_removed
+      singleton_method_undefined
+      split
+      sprintf
+      String
+      sub
+      sub!
+      taint
+      tainted?
+      throw
+      to_a
+      to_s
+      type
+      untaint
+      __send__
+    ].freeze
+
+    NILCLASS_METHODS = %w[
+      &
+      inspect
+      nil?
+      to_a
+      to_f
+      to_i
+      to_s
+      ^
+      |
+    ].freeze
+
+    SYMBOL_METHODS = %w[
+      ===
+      id2name
+      inspect
+      to_i
+      to_int
+      to_s
+      to_sym
+    ].freeze
+
+    TRUECLASS_METHODS = %w[
+      &
+      to_s
+      ^
+      |
+    ].freeze
+
+    FALSECLASS_METHODS = %w[
+      &
+      to_s
+      ^
+      |
+    ].freeze
+
+    ENUMERABLE_METHODS = %w[
+      all?
+      any?
+      collect
+      detect
+      each_with_index
+      entries
+      find
+      find_all
+      grep
+      include?
+      inject
+      map
+      max
+      member?
+      min
+      partition
+      reject
+      select
+      sort
+      sort_by
+      to_a
+      zip
+    ].freeze
+
+    STRING_METHODS = %w[
+      %
+      *
+      +
+      <<
+      <=>
+      ==
+      =~
+      capitalize
+      capitalize!
+      casecmp
+      center
+      chomp
+      chomp!
+      chop
+      chop!
+      concat
+      count
+      crypt
+      delete
+      delete!
+      downcase
+      downcase!
+      dump
+      each
+      each_byte
+      each_line
+      empty?
+      eql?
+      gsub
+      gsub!
+      hash
+      hex
+      include?
+      index
+      initialize
+      initialize_copy
+      insert
+      inspect
+      intern
+      length
+      ljust
+      lstrip
+      lstrip!
+      match
+      next
+      next!
+      oct
+      replace
+      reverse
+      reverse!
+      rindex
+      rjust
+      rstrip
+      rstrip!
+      scan
+      size
+      slice
+      slice!
+      split
+      squeeze
+      squeeze!
+      strip
+      strip!
+      start_with?
+      sub
+      sub!
+      succ
+      succ!
+      sum
+      swapcase
+      swapcase!
+      to_f
+      to_i
+      to_s
+      to_str
+      to_sym
+      tr
+      tr!
+      tr_s
+      tr_s!
+      upcase
+      upcase!
+      upto
+      []
+      []=
+    ].freeze
+  end
+end

data/spec/sandbox_spec.rb

@@ -0,0 +1,226 @@
+require 'rspec'
+require 'sandbox'
+
+describe Sandbox do
+  after(:each) do
+    Object.class_eval { remove_const(:Foo) } if defined?(Foo)
+  end
+
+  describe ".new" do
+    subject { Sandbox.new }
+
+    it { should_not be_nil }
+    it { should be_an_instance_of(Sandbox::Full) }
+  end
+
+  describe ".safe" do
+    subject { Sandbox.safe }
+
+    it { should be_an_instance_of(Sandbox::Safe) }
+
+    it 'should not lock down until calling activate!' do
+      subject.eval('`echo hello`').should == "hello\n"
+
+      subject.activate!
+        
+      expect {
+        subject.eval('`echo hello`')
+      }.to raise_error(Sandbox::SandboxException)
+    end
+    
+    it "should activate FakeFS inside the sandbox (and not allow it to be deactivated)" do
+      subject.eval('File').should == ::File
+      
+      subject.activate!
+      
+      foo = File.join(File.dirname(__FILE__), 'support', 'foo.txt')
+
+      expect {
+        subject.eval(%{File.read('#{foo}')})
+      }.to raise_error(Sandbox::SandboxException, /Errno::ENOENT: No such file or directory/)
+      
+      subject.eval('File').should == FakeFS::File
+      subject.eval('Dir').should == FakeFS::Dir
+      subject.eval('FileUtils').should == FakeFS::FileUtils
+      subject.eval('FileTest').should == FakeFS::FileTest
+      
+      subject.eval(%{FakeFS.deactivate!})
+      
+      expect {
+        subject.eval(%{File.read('#{foo}')})
+      }.to raise_error(Sandbox::SandboxException, /Errno::ENOENT: No such file or directory/)
+      
+      subject.eval(%{File.open('/bar.txt', 'w') {|file| file << "bar" }})
+      
+      expect {
+        subject.eval(%{FileUtils.cp('/bar.txt', '/baz.txt')})
+      }.to_not raise_error(Sandbox::SandboxException, /NoMethodError/)
+    end
+
+    it "sandboxes global variables" do
+      subject.eval('$0').should == '(sandbox)'
+      /(.)(.)(.)/.match('abc')
+      subject.eval('$TEST = "TEST"; $TEST').should == 'TEST'
+      subject.eval('/(.)(.)(.)/.match("def"); $2').should == 'e'
+      $2.should == 'b'
+      subject.eval('$TEST').should == 'TEST'
+      subject.eval('$2').should == 'e'
+      /(.)(.)(.)/.match('ghi')
+    end
+  end
+
+  describe ".current" do
+    it "should not return a current sandbox outside a sandbox" do
+      Sandbox.current.should be_nil
+    end
+
+    it "should return the current sandbox inside a sandbox" do
+      pending do
+        sandbox = Sandbox.new
+        sandbox.ref(Sandbox)
+        sandbox.eval('Sandbox.current').should == sandbox
+      end
+    end
+  end
+
+  describe "#eval" do
+    subject { Sandbox.new }
+
+    it "should allow a range of common operations" do
+      operations = <<-OPS
+        1 + 1
+        'foo'.chomp
+        'foo'
+      OPS
+      subject.eval(operations).should == 'foo'
+    end
+
+    it "should persist state between evaluations" do
+      subject.eval('o = Object.new')
+      subject.eval('o').should_not be_nil
+    end
+
+    it "should be able to define a new class in the sandbox" do
+      result = subject.eval('Foo = Struct.new(:foo); struct = Foo.new("baz"); struct.foo')
+      result.should == 'baz'
+    end
+
+    it "should be able to use a class across invocations" do
+      # Return nil, because the environment doesn't know "Foo"
+      subject.eval('Foo = Struct.new(:foo); nil')
+      subject.eval('struct = Foo.new("baz"); nil')
+      subject.eval('struct.foo').should == 'baz'
+    end
+
+    describe "communication between sandbox and environment" do
+      it "should be possible to pass data from the box to the environment" do
+        Foo = Struct.new(:foo)
+        subject.ref(Foo)
+        struct = subject.eval('struct = Foo.new')
+        subject.eval('struct.foo = "baz"')
+        struct.foo.should == 'baz'
+      end
+
+      it "should be possible to pass data from the environment to the box" do
+        Foo = Struct.new(:foo)
+        subject.ref(Foo)
+        struct = subject.eval('struct = Foo.new')
+        struct.foo = 'baz'
+        subject.eval('struct.foo').should == 'baz'
+      end
+
+      it "should be able to pass large object data from the box to the environment" do
+        expect {
+          subject.eval %{
+            (0..1000).to_a.inject({}) {|h,i| h[i] = "HELLO WORLD"; h }
+          }
+        }.to_not raise_error(Sandbox::SandboxException)
+
+        expect {
+          subject.eval %{'RUBY'*100}
+        }.to_not raise_error(Sandbox::SandboxException)
+      end
+    end
+  end
+  
+  describe "#import" do
+    subject { Sandbox.new }
+    
+    it "should be able to call a referenced namespaced module method" do
+      Foo = Class.new
+      Foo::Bar = Module.new do
+        def baz
+          'baz'
+        end
+        module_function :baz
+      end
+
+      subject.import(Foo::Bar)
+      subject.eval('Foo::Bar.baz').should == 'baz'
+    end
+
+    it "should be able to include a module from the environment" do
+      Foo = Module.new do
+        def baz
+          'baz'
+        end
+      end
+
+      subject.import(Foo)
+      subject.eval("class Bar; include Foo; end; nil")
+      subject.eval('Bar.new.baz').should == 'baz'
+    end
+    
+    it "should be able to copy instance methods from a module that uses module_function" do
+      Foo = Module.new do        
+        def baz; 'baz'; end
+        
+        module_function :baz
+      end
+      
+      subject.import Foo
+      subject.eval('Foo.baz').should == 'baz'
+    end
+  end
+
+  describe "#ref" do
+    subject { Sandbox.new }
+
+    it "should be possible to reference a class defined outside the box" do
+      Foo = Class.new
+      subject.ref(Foo)
+      subject.eval('Foo.new').should be_an_instance_of(Foo)
+    end
+
+    it "should be possible to change the class after the ref" do
+      Foo = Class.new
+      subject.ref(Foo)
+      def Foo.foo; 'baz'; end
+      subject.eval('Foo.foo').should == 'baz'
+    end
+
+    it "should be possible to dynamically add a class method after the ref" do
+      Foo = Class.new
+      subject.ref(Foo)
+      Foo.class_eval('def Foo.foo; "baz"; end')
+      subject.eval('Foo.foo').should == 'baz'
+    end
+
+    it "should be possible to dynamically add a class method after the ref" do
+      Foo = Class.new
+      subject.ref(Foo)
+      Foo.instance_eval('def Foo.foo; "baz"; end')
+      subject.eval('Foo.foo').should == 'baz'
+    end
+
+    it "should be possible to call a method on the class that receives a block" do
+      Foo = Class.new do
+        def self.bar
+          yield
+        end
+      end
+      subject.ref(Foo)
+      subject.eval(%{Foo.bar { "baz" }}).should == 'baz'
+    end
+  end
+end

data/spec/support/foo.txt

@@ -0,0 +1 @@
+foo

metadata

@@ -0,0 +1,122 @@
+--- !ruby/object:Gem::Specification
+name: jruby_sandbox
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: java
+authors:
+- Dray Lacy
+- Eric Allam
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-09-15 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: fakefs
+  requirement: &70097860842780 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70097860842780
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &70097860842160 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70097860842160
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
+  requirement: &70097860841480 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70097860841480
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70097860840900 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70097860840900
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: &70097860840300 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70097860840300
+description: A version of _why's Freaky Freaky Sandbox for JRuby.
+email:
+- dray@envylabs.com
+- eric@envylabs.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- ext/java/sandbox/BoxedClass.java
+- ext/java/sandbox/SandboxFull.java
+- ext/java/sandbox/SandboxModule.java
+- ext/java/sandbox/SandboxProfile.java
+- ext/java/sandbox/SandboxService.java
+- jruby_sandbox.gemspec
+- lib/sandbox.rb
+- lib/sandbox/prelude.rb
+- lib/sandbox/version.rb
+- spec/sandbox_spec.rb
+- spec/support/foo.txt
+- lib/sandbox/sandbox.jar
+homepage: http://github.com/omghax/jruby_sandbox
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: jruby_sandbox
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Sandbox support for JRuby
+test_files:
+- spec/sandbox_spec.rb
+- spec/support/foo.txt