jruby_sandbox 0.1.3-java → 0.1.4-java

data/Gemfile

@@ -4,4 +4,4 @@ source "http://rubygems.org"
 gemspec
 
 # this fork has some recent work done for 1.9, like File.foreach
-gem 'fakefs', :git => 'git://github.com/nanothief/fakefs.git', :require => 'fakefs/safe'
+gem 'fakefs', :git => 'git://github.com/codeschool/fakefs.git', :require => 'fakefs/safe', :ref => "6ae3212e3dab013b4b5e290d1aceba6466b30dec"

data/Gemfile.lock

@@ -1,8 +1,9 @@
 GIT
-  remote: git://github.com/nanothief/fakefs.git
-  revision: cb63ff262e1ab9dffdda6d20a1b9c90434e97d58
+  remote: git://github.com/codeschool/fakefs.git
+  revision: 6ae3212e3dab013b4b5e290d1aceba6466b30dec
+  ref: 6ae3212e3dab013b4b5e290d1aceba6466b30dec
   specs:
-    fakefs (0.3.2)
+    fakefs (0.4.0)
 
 PATH
   remote: .

data/LICENSE

@@ -0,0 +1,21 @@
+Copyright (c) 2006 Ola Bini <ola@ologix.com>
+Copyright (c) 2011 Dray Lacy and Eric Allam
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/ext/java/sandbox/SandboxFull.java

@@ -17,13 +17,11 @@ import org.jruby.runtime.Block;
 import org.jruby.runtime.builtin.IRubyObject;
 import org.jruby.common.IRubyWarnings;
 import org.jruby.exceptions.RaiseException;
-import org.jruby.runtime.DynamicScope;
 
 
 @JRubyClass(name="Sandbox::Full")
 public class SandboxFull extends RubyObject {
   private Ruby wrapped;
-  private DynamicScope currentScope;
 
   public SandboxFull(Ruby runtime, RubyClass type) {
     super(runtime, type);
@@ -47,8 +45,6 @@ public class SandboxFull extends RubyObject {
 
     RubyClass cBoxedClass = wrapped.defineClass("BoxedClass", wrapped.getObject(), wrapped.getObject().getAllocator());
     cBoxedClass.defineAnnotatedMethods(BoxedClass.class);
-    
-    currentScope = wrapped.getCurrentContext().getCurrentScope();
 
     return this;
   }
@@ -56,7 +52,7 @@ public class SandboxFull extends RubyObject {
   @JRubyMethod(required=1)
   public IRubyObject eval(IRubyObject str) {
     try {
-      IRubyObject result = wrapped.evalScriptlet(str.asJavaString(), currentScope);
+      IRubyObject result = wrapped.evalScriptlet(str.asJavaString(), wrapped.getCurrentContext().getCurrentScope());
       return unbox(result);
     } catch (RaiseException e) {
       String msg = e.getException().callMethod(wrapped.getCurrentContext(), "message").asJavaString();
@@ -111,29 +107,29 @@ public class SandboxFull extends RubyObject {
           // superclasses as well.
           sup = importClassPath(runtimeModule.getSuperClass().getName(), true);
         }
-        
+
         RubyClass klass = (RubyClass) sup;
         if (wrappedModule == wrapped.getObject()) {
-          
+
           if (link || runtimeModule instanceof RubyClass){ // if this is a ref and not an import
             wrappedModule = wrapped.defineClass(name, klass, klass.getAllocator());
           } else {
             wrappedModule = wrapped.defineModule(name);
           }
-          
+
         } else {
           if (runtimeModule instanceof RubyClass){
             wrappedModule = wrappedModule.defineClassUnder(name, klass, klass.getAllocator());
           } else {
             wrappedModule = wrappedModule.defineModuleUnder(name);
           }
-          
+
         }
       } else {
         // ...or just resolve it, if it was already known
         wrappedModule = (RubyModule) wrappedModule.getConstantAt(name);
       }
-      
+
       // Check the consistency of the hierarchy
       if (runtimeModule instanceof RubyClass) {
         if (!link && !runtimeModule.getSuperClass().getName().equals(wrappedModule.getSuperClass().getName())) {

data/lib/sandbox/version.rb

@@ -1,3 +1,3 @@
 module Sandbox
-  VERSION = '0.1.3'
+  VERSION = '0.1.4'
 end

data/lib/sandbox.rb

@@ -1,11 +1,10 @@
 require 'sandbox/sandbox'
 require 'sandbox/version'
 require 'fakefs/safe'
+require 'timeout'
 
 module Sandbox
   PRELUDE = File.expand_path('../sandbox/prelude.rb', __FILE__).freeze # :nodoc:
-  
-  TimeoutError = Class.new(Exception)
 
   class << self
     def new
@@ -20,7 +19,7 @@ module Sandbox
   class Safe < Full
     def activate!
       activate_fakefs
-      
+
       keep_singleton_methods(:Kernel, KERNEL_S_METHODS)
       keep_singleton_methods(:Symbol, SYMBOL_S_METHODS)
       keep_singleton_methods(:String, STRING_S_METHODS)
@@ -34,86 +33,62 @@ module Sandbox
       keep_methods(:Enumerable, ENUMERABLE_METHODS)
       keep_methods(:String, STRING_METHODS)
     end
-    
+
     def activate_fakefs
       require 'fileutils'
-      
+
       # unfortunately, the authors of FakeFS used `extend self` in FileUtils, instead of `module_function`.
       # I fixed it for them
       (FakeFS::FileUtils.methods - Module.methods - Kernel.methods).each do |module_method_name|
         FakeFS::FileUtils.send(:module_function, module_method_name)
       end
-      
+
       import  FakeFS
       ref     FakeFS::Dir
       ref     FakeFS::File
       ref     FakeFS::FileTest
       import  FakeFS::FileUtils #import FileUtils because it is a module
-      
-      # this is basically what FakeFS.activate! does, but we want to do it in the sandbox
-      # so we have to live with this:
+
       eval <<-RUBY
         Object.class_eval do
           remove_const(:Dir)
           remove_const(:File)
           remove_const(:FileTest)
           remove_const(:FileUtils)
-      
+
           const_set(:Dir,       FakeFS::Dir)
           const_set(:File,      FakeFS::File)
           const_set(:FileUtils, FakeFS::FileUtils)
           const_set(:FileTest,  FakeFS::FileTest)
+
+          [Dir, File, FileUtils, FileTest].each do |fake_class|
+            fake_class.class_eval do
+              def self.class_eval 
+                raise NoMethodError, "class_eval is unavailable"
+              end
+              def self.instance_eval 
+                raise NoMethodError, "instance_eval is unavailable"
+              end
+            end
+          end
         end
       RUBY
-      
+
       FakeFS::FileSystem.clear
     end
-    
-    def eval(code, options={})
-      
-      if seconds = options[:timeout]
-        sandbox_timeout(code, seconds) do
-          super code
-        end
-      else
-        super code
-      end
-      
-    end
-    
-    private
-    
-    def sandbox_timeout(name, seconds)
-      val, exc = nil
-      
-      thread = Thread.start(name) do
-        begin
-          val = yield
-        rescue Exception => exc
-        end
-      end
-      
-      thread.join(seconds)
-    
-      if thread.alive?
-        if thread.respond_to? :kill!
-          thread.kill!
-        else
-          thread.kill
+
+    def eval_with_timeout(code, timeout=10)
+      require 'timeout'
+
+      timeout_code = <<-RUBY
+        Timeout.timeout(#{timeout}) do
+          #{code}
         end
-      
-        timed_out = true
-      end
-    
-      if timed_out
-        raise TimeoutError, "#{self.class} timed out"
-      elsif exc
-        raise exc
-      else
-        val
-      end
+      RUBY
+
+      eval timeout_code
     end
-    
+
     IO_S_METHODS = %w[
       new
       foreach

data/spec/exploits_spec.rb

@@ -7,71 +7,107 @@ end
 
 describe "Sandbox exploits" do
   subject { Sandbox.safe }
-  
+
   before(:each) do
     subject.activate!
   end
-  
+
+  it "should not allow running system commands through File.class_eval" do
+    expect {
+      subject.eval 'File.class_eval { `echo Hello` }'
+    }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
+
+    expect {
+      subject.eval 'FileUtils.class_eval { `echo Hello` }'
+    }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
+
+    expect {
+      subject.eval 'Dir.class_eval { `echo Hello` }'
+    }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
+
+    expect {
+      subject.eval 'FileTest.class_eval { `echo Hello` }'
+    }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
+  end
+
+  it "should not allow running system commands through File.instance_eval" do
+    expect {
+      subject.eval 'File.instance_eval { `echo Hello` }'
+    }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
+
+    expect {
+      subject.eval 'FileUtils.instance_eval { `echo Hello` }'
+    }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
+
+    expect {
+      subject.eval 'Dir.instance_eval { `echo Hello` }'
+    }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
+
+    expect {
+      subject.eval 'FileTest.instance_eval { `echo Hello` }'
+    }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
+  end
+
   it "should not allow running any commands or reading files using IO" do
     expect {
       subject.eval 'f=IO.popen("uname"); f.readlines; f.close'
     }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
-    
+
     expect {
       subject.eval 'IO.binread("/etc/passwd")'
     }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
-    
+
     expect {
       subject.eval 'IO.read("/etc/passwd")'
     }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
   end
-  
+
   it "should not pass through methods added to Kernel" do
     k = subject.eval("Kernel")
     def k.crack
       open("/etc/passwd")
     end
-    
+
     Kernel.should respond_to(:crack)
     subject.eval("Kernel.respond_to?(:crack)").should == false
   end
-  
+
   it "should not allow calling fork on Kernel, even through eval" do
     subject.eval("eval('Kernel').respond_to?(:fork)").should == false
   end
-  
+
   it "should not get access to outside the box objects by using eval and TOPLEVEL_BINDING" do
     expect {
       subject.eval(%{eval('OutsideFoo.bar', TOPLEVEL_BINDING)})
     }.to raise_error(Sandbox::SandboxException, /NameError/)
   end
-  
+
   it "should not get access to the outside eval through a ref'd object" do
     subject.ref OutsideFoo
     subject.eval "obj = OutsideFoo.new"
     subject.eval("(obj.methods.grep /^eval/).empty?").should == true
     subject.eval("obj.respond_to?(:eval)").should == false
   end
-  
+
   it "should not allow file access, even through a ref hack" do
     unsafe_open = %{File.open('/etc/passwd').read}
-    
+
     expect {
-      subject.eval(unsafe_open) 
+      subject.eval(unsafe_open)
     }.to raise_error(Sandbox::SandboxException)
-    
+
     subject.ref OutsideFoo
     subject.eval "obj = OutsideFoo.new"
-    
+
     unsafe_open_hack = %{obj.eval "#{unsafe_open}"}
-    
+
     pending "gotta figure out how to lock down ref'd objects eval" do
       expect {
         subject.eval(unsafe_open_hack)
       }.to raise_error(Sandbox::SandboxException)
     end
   end
-  
+
   it "should have safe globals" do
     subject.eval('$0').should == '(sandbox)'
     /(.)(.)(.)/.match("abc")
@@ -81,33 +117,33 @@ describe "Sandbox exploits" do
     subject.eval("$TEST").should == "TEST"
     subject.eval("$2").should == "e"
   end
-  
+
   it "should not keep Kernel.fork" do
     expect {
       subject.eval("Kernel.fork")
     }.to raise_error(Sandbox::SandboxException)
-    
+
     expect {
       subject.eval("fork")
     }.to raise_error(Sandbox::SandboxException)
   end
-  
+
   it "should not allow the sandbox to get back to Kernel through ancestors" do
     subject.eval('$0.class.ancestors[3].respond_to?(:fork)').should == false
   end
-  
+
   it "should not pass through block scope" do
     1.times do |i|
       subject.eval('local_variables').should == []
     end
   end
-  
+
   it "should not allow exploits through match data" do
     subject.eval("begin; /(.+)/.match('FreakyFreaky').instance_eval { open('/etc/passwd') }; rescue NameError; :NameError; end").should == :NameError
-    
+
     subject.eval("begin;(begin;Regexp.new('(');rescue e;e;end).instance_eval{ open('/etc/passwd') }; rescue NameError; :NameError; end").should == :NameError
   end
-  
+
   it "should not be able to access outside box Kernel through exceptions" do
     exception_code = <<-RUBY
       begin
@@ -117,7 +153,7 @@ describe "Sandbox exploits" do
       end
     RUBY
     subject.eval(exception_code)
-    
+
     subject.eval('obj.class.ancestors[4].respond_to?(:fork)').should == false
   end
-end
+end

data/spec/sandbox_spec.rb

@@ -55,7 +55,7 @@ describe Sandbox do
       
       expect {
         subject.eval(%{FileUtils.cp('/bar.txt', '/baz.txt')})
-      }.to_not raise_error(Sandbox::SandboxException, /NoMethodError/)
+      }.to_not raise_error(Sandbox::SandboxException, /Sandbox::SandboxException: NoMethodError: /)
     end
   end
 
@@ -73,7 +73,7 @@ describe Sandbox do
     end
   end
   
-  describe "#eval with timeout" do
+  describe "#eval_with_timeout" do
     subject { Sandbox.safe }
     
     context "before it's been activated" do
@@ -83,18 +83,8 @@ describe Sandbox do
         RUBY
 
         expect {
-          subject.eval(long_code, timeout: 1)
-        }.to raise_error(Sandbox::TimeoutError)
-      end
-      
-      it "should not raise a timeout error if the code runs in under the passed in time" do
-        short_code = <<-RUBY
-          1+1
-        RUBY
-        
-        expect {
-          subject.eval(short_code, timeout: 1)
-        }.to_not raise_error(Sandbox::TimeoutError)
+          subject.eval_with_timeout(long_code, 1)
+        }.to raise_error(Sandbox::SandboxException, /Timeout/)
       end
     end
     
@@ -107,16 +97,10 @@ describe Sandbox do
         RUBY
 
         expect {
-          subject.eval(long_code, timeout: 1)
-        }.to raise_error(Sandbox::TimeoutError)
-      end
-      
-      it "should persist state between evaluations" do
-        subject.eval('o = Object.new', timeout: 1)
-        
-        expect {
-          subject.eval('o', timeout: 1)
-        }.to_not raise_error(Sandbox::SandboxException)
+          Timeout.timeout(3) do
+            subject.eval_with_timeout(long_code, 1)
+          end
+        }.to raise_error(Sandbox::SandboxException, /Timeout/)
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jruby_sandbox
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
   prerelease: 
 platform: java
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-09-29 00:00:00.000000000Z
+date: 2013-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fakefs
-  requirement: &70149996586680 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70149996586680
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &70149996586260 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,10 +38,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70149996586260
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake-compiler
-  requirement: &70149996585840 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -44,10 +54,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70149996585840
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70149996585420 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -55,10 +70,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70149996585420
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: yard
-  requirement: &70149996585000 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -66,7 +86,12 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70149996585000
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A version of _why's Freaky Freaky Sandbox for JRuby.
 email:
 - dray@envylabs.com
@@ -79,6 +104,7 @@ files:
 - .rvmrc
 - Gemfile
 - Gemfile.lock
+- LICENSE
 - README.md
 - Rakefile
 - ext/java/sandbox/BoxedClass.java
@@ -114,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: jruby_sandbox
-rubygems_version: 1.8.10
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: Sandbox support for JRuby
@@ -122,3 +148,4 @@ test_files:
 - spec/exploits_spec.rb
 - spec/sandbox_spec.rb
 - spec/support/foo.txt
+has_rdoc: