jruby_sandbox 0.1.2-java → 0.1.3-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile.lock +1 -1
- data/ext/java/sandbox/SandboxFull.java +5 -1
- data/lib/sandbox/sandbox.jar +0 -0
- data/lib/sandbox/version.rb +1 -1
- data/lib/sandbox.rb +44 -8
- data/spec/sandbox_spec.rb +29 -7
- metadata +12 -12
data/Gemfile.lock
CHANGED
|
@@ -17,11 +17,13 @@ import org.jruby.runtime.Block;
|
|
|
17
17
|
import org.jruby.runtime.builtin.IRubyObject;
|
|
18
18
|
import org.jruby.common.IRubyWarnings;
|
|
19
19
|
import org.jruby.exceptions.RaiseException;
|
|
20
|
+
import org.jruby.runtime.DynamicScope;
|
|
20
21
|
|
|
21
22
|
|
|
22
23
|
@JRubyClass(name="Sandbox::Full")
|
|
23
24
|
public class SandboxFull extends RubyObject {
|
|
24
25
|
private Ruby wrapped;
|
|
26
|
+
private DynamicScope currentScope;
|
|
25
27
|
|
|
26
28
|
public SandboxFull(Ruby runtime, RubyClass type) {
|
|
27
29
|
super(runtime, type);
|
|
@@ -45,6 +47,8 @@ public class SandboxFull extends RubyObject {
|
|
|
45
47
|
|
|
46
48
|
RubyClass cBoxedClass = wrapped.defineClass("BoxedClass", wrapped.getObject(), wrapped.getObject().getAllocator());
|
|
47
49
|
cBoxedClass.defineAnnotatedMethods(BoxedClass.class);
|
|
50
|
+
|
|
51
|
+
currentScope = wrapped.getCurrentContext().getCurrentScope();
|
|
48
52
|
|
|
49
53
|
return this;
|
|
50
54
|
}
|
|
@@ -52,7 +56,7 @@ public class SandboxFull extends RubyObject {
|
|
|
52
56
|
@JRubyMethod(required=1)
|
|
53
57
|
public IRubyObject eval(IRubyObject str) {
|
|
54
58
|
try {
|
|
55
|
-
IRubyObject result = wrapped.evalScriptlet(str.asJavaString(),
|
|
59
|
+
IRubyObject result = wrapped.evalScriptlet(str.asJavaString(), currentScope);
|
|
56
60
|
return unbox(result);
|
|
57
61
|
} catch (RaiseException e) {
|
|
58
62
|
String msg = e.getException().callMethod(wrapped.getCurrentContext(), "message").asJavaString();
|
data/lib/sandbox/sandbox.jar
CHANGED
|
Binary file
|
data/lib/sandbox/version.rb
CHANGED
data/lib/sandbox.rb
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
require 'sandbox/sandbox'
|
|
2
2
|
require 'sandbox/version'
|
|
3
3
|
require 'fakefs/safe'
|
|
4
|
-
require 'timeout'
|
|
5
4
|
|
|
6
5
|
module Sandbox
|
|
7
6
|
PRELUDE = File.expand_path('../sandbox/prelude.rb', __FILE__).freeze # :nodoc:
|
|
7
|
+
|
|
8
|
+
TimeoutError = Class.new(Exception)
|
|
8
9
|
|
|
9
10
|
class << self
|
|
10
11
|
def new
|
|
@@ -49,6 +50,8 @@ module Sandbox
|
|
|
49
50
|
ref FakeFS::FileTest
|
|
50
51
|
import FakeFS::FileUtils #import FileUtils because it is a module
|
|
51
52
|
|
|
53
|
+
# this is basically what FakeFS.activate! does, but we want to do it in the sandbox
|
|
54
|
+
# so we have to live with this:
|
|
52
55
|
eval <<-RUBY
|
|
53
56
|
Object.class_eval do
|
|
54
57
|
remove_const(:Dir)
|
|
@@ -66,16 +69,49 @@ module Sandbox
|
|
|
66
69
|
FakeFS::FileSystem.clear
|
|
67
70
|
end
|
|
68
71
|
|
|
69
|
-
def
|
|
70
|
-
require 'timeout'
|
|
72
|
+
def eval(code, options={})
|
|
71
73
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
74
|
+
if seconds = options[:timeout]
|
|
75
|
+
sandbox_timeout(code, seconds) do
|
|
76
|
+
super code
|
|
75
77
|
end
|
|
76
|
-
|
|
78
|
+
else
|
|
79
|
+
super code
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
private
|
|
85
|
+
|
|
86
|
+
def sandbox_timeout(name, seconds)
|
|
87
|
+
val, exc = nil
|
|
77
88
|
|
|
78
|
-
|
|
89
|
+
thread = Thread.start(name) do
|
|
90
|
+
begin
|
|
91
|
+
val = yield
|
|
92
|
+
rescue Exception => exc
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
thread.join(seconds)
|
|
97
|
+
|
|
98
|
+
if thread.alive?
|
|
99
|
+
if thread.respond_to? :kill!
|
|
100
|
+
thread.kill!
|
|
101
|
+
else
|
|
102
|
+
thread.kill
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
timed_out = true
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
if timed_out
|
|
109
|
+
raise TimeoutError, "#{self.class} timed out"
|
|
110
|
+
elsif exc
|
|
111
|
+
raise exc
|
|
112
|
+
else
|
|
113
|
+
val
|
|
114
|
+
end
|
|
79
115
|
end
|
|
80
116
|
|
|
81
117
|
IO_S_METHODS = %w[
|
data/spec/sandbox_spec.rb
CHANGED
|
@@ -73,7 +73,7 @@ describe Sandbox do
|
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
75
|
|
|
76
|
-
describe "#
|
|
76
|
+
describe "#eval with timeout" do
|
|
77
77
|
subject { Sandbox.safe }
|
|
78
78
|
|
|
79
79
|
context "before it's been activated" do
|
|
@@ -83,8 +83,18 @@ describe Sandbox do
|
|
|
83
83
|
RUBY
|
|
84
84
|
|
|
85
85
|
expect {
|
|
86
|
-
subject.
|
|
87
|
-
}.to raise_error(Sandbox::
|
|
86
|
+
subject.eval(long_code, timeout: 1)
|
|
87
|
+
}.to raise_error(Sandbox::TimeoutError)
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
it "should not raise a timeout error if the code runs in under the passed in time" do
|
|
91
|
+
short_code = <<-RUBY
|
|
92
|
+
1+1
|
|
93
|
+
RUBY
|
|
94
|
+
|
|
95
|
+
expect {
|
|
96
|
+
subject.eval(short_code, timeout: 1)
|
|
97
|
+
}.to_not raise_error(Sandbox::TimeoutError)
|
|
88
98
|
end
|
|
89
99
|
end
|
|
90
100
|
|
|
@@ -97,10 +107,16 @@ describe Sandbox do
|
|
|
97
107
|
RUBY
|
|
98
108
|
|
|
99
109
|
expect {
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
110
|
+
subject.eval(long_code, timeout: 1)
|
|
111
|
+
}.to raise_error(Sandbox::TimeoutError)
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
it "should persist state between evaluations" do
|
|
115
|
+
subject.eval('o = Object.new', timeout: 1)
|
|
116
|
+
|
|
117
|
+
expect {
|
|
118
|
+
subject.eval('o', timeout: 1)
|
|
119
|
+
}.to_not raise_error(Sandbox::SandboxException)
|
|
104
120
|
end
|
|
105
121
|
end
|
|
106
122
|
end
|
|
@@ -116,6 +132,12 @@ describe Sandbox do
|
|
|
116
132
|
OPS
|
|
117
133
|
subject.eval(operations).should == 'foo'
|
|
118
134
|
end
|
|
135
|
+
|
|
136
|
+
it "should have an empty ENV" do
|
|
137
|
+
pending do
|
|
138
|
+
subject.eval(%{ENV.to_a}).should be_empty
|
|
139
|
+
end
|
|
140
|
+
end
|
|
119
141
|
|
|
120
142
|
it "should persist state between evaluations" do
|
|
121
143
|
subject.eval('o = Object.new')
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jruby_sandbox
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: java
|
|
7
7
|
authors:
|
|
@@ -10,11 +10,11 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2011-09-
|
|
13
|
+
date: 2011-09-29 00:00:00.000000000Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: fakefs
|
|
17
|
-
requirement: &
|
|
17
|
+
requirement: &70149996586680 !ruby/object:Gem::Requirement
|
|
18
18
|
none: false
|
|
19
19
|
requirements:
|
|
20
20
|
- - ! '>='
|
|
@@ -22,10 +22,10 @@ dependencies:
|
|
|
22
22
|
version: '0'
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
|
-
version_requirements: *
|
|
25
|
+
version_requirements: *70149996586680
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: rake
|
|
28
|
-
requirement: &
|
|
28
|
+
requirement: &70149996586260 !ruby/object:Gem::Requirement
|
|
29
29
|
none: false
|
|
30
30
|
requirements:
|
|
31
31
|
- - ! '>='
|
|
@@ -33,10 +33,10 @@ dependencies:
|
|
|
33
33
|
version: '0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
|
-
version_requirements: *
|
|
36
|
+
version_requirements: *70149996586260
|
|
37
37
|
- !ruby/object:Gem::Dependency
|
|
38
38
|
name: rake-compiler
|
|
39
|
-
requirement: &
|
|
39
|
+
requirement: &70149996585840 !ruby/object:Gem::Requirement
|
|
40
40
|
none: false
|
|
41
41
|
requirements:
|
|
42
42
|
- - ! '>='
|
|
@@ -44,10 +44,10 @@ dependencies:
|
|
|
44
44
|
version: '0'
|
|
45
45
|
type: :development
|
|
46
46
|
prerelease: false
|
|
47
|
-
version_requirements: *
|
|
47
|
+
version_requirements: *70149996585840
|
|
48
48
|
- !ruby/object:Gem::Dependency
|
|
49
49
|
name: rspec
|
|
50
|
-
requirement: &
|
|
50
|
+
requirement: &70149996585420 !ruby/object:Gem::Requirement
|
|
51
51
|
none: false
|
|
52
52
|
requirements:
|
|
53
53
|
- - ! '>='
|
|
@@ -55,10 +55,10 @@ dependencies:
|
|
|
55
55
|
version: '0'
|
|
56
56
|
type: :development
|
|
57
57
|
prerelease: false
|
|
58
|
-
version_requirements: *
|
|
58
|
+
version_requirements: *70149996585420
|
|
59
59
|
- !ruby/object:Gem::Dependency
|
|
60
60
|
name: yard
|
|
61
|
-
requirement: &
|
|
61
|
+
requirement: &70149996585000 !ruby/object:Gem::Requirement
|
|
62
62
|
none: false
|
|
63
63
|
requirements:
|
|
64
64
|
- - ! '>='
|
|
@@ -66,7 +66,7 @@ dependencies:
|
|
|
66
66
|
version: '0'
|
|
67
67
|
type: :development
|
|
68
68
|
prerelease: false
|
|
69
|
-
version_requirements: *
|
|
69
|
+
version_requirements: *70149996585000
|
|
70
70
|
description: A version of _why's Freaky Freaky Sandbox for JRuby.
|
|
71
71
|
email:
|
|
72
72
|
- dray@envylabs.com
|