jruby_sandbox 0.1.4-java → 0.2.0-java

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 072482dce6da86c8ee7a942fb1e66fd00debe215
+  data.tar.gz: 01767fa5c25221cd5fc66dd15210b7e6c6106078
+SHA512:
+  metadata.gz: fee8ee1cde9b266b761c4300e17d05354da618afcb04ed56462042fdff8ed2b5af8edf1459a6d66b59d7f8378199e907cd283530c83e469ea80744f62651ac2f
+  data.tar.gz: 869380ff05222788d77bb6be8fe24a68998d28734b53150f6aef5963bcd8cf3cd9e1749d79ee1cac84c77720515ec08ff3329282fb897d299d38e7d99436be37

data/.ruby-version

@@ -0,0 +1 @@
+jruby-1.7.6

data/Gemfile.lock

@@ -8,7 +8,7 @@ GIT
 PATH
   remote: .
   specs:
-    jruby_sandbox (0.1.2-java)
+    jruby_sandbox (0.2.0-java)
       fakefs
 
 GEM

data/ext/java/sandbox/SandboxFull.java

@@ -17,11 +17,13 @@ import org.jruby.runtime.Block;
 import org.jruby.runtime.builtin.IRubyObject;
 import org.jruby.common.IRubyWarnings;
 import org.jruby.exceptions.RaiseException;
+import org.jruby.runtime.DynamicScope;
 
 
 @JRubyClass(name="Sandbox::Full")
 public class SandboxFull extends RubyObject {
   private Ruby wrapped;
+  private DynamicScope currentScope;
 
   public SandboxFull(Ruby runtime, RubyClass type) {
     super(runtime, type);
@@ -45,6 +47,8 @@ public class SandboxFull extends RubyObject {
 
     RubyClass cBoxedClass = wrapped.defineClass("BoxedClass", wrapped.getObject(), wrapped.getObject().getAllocator());
     cBoxedClass.defineAnnotatedMethods(BoxedClass.class);
+    
+    currentScope = wrapped.getCurrentContext().getCurrentScope();
 
     return this;
   }
@@ -52,7 +56,7 @@ public class SandboxFull extends RubyObject {
   @JRubyMethod(required=1)
   public IRubyObject eval(IRubyObject str) {
     try {
-      IRubyObject result = wrapped.evalScriptlet(str.asJavaString(), wrapped.getCurrentContext().getCurrentScope());
+      IRubyObject result = wrapped.evalScriptlet(str.asJavaString(), currentScope);
       return unbox(result);
     } catch (RaiseException e) {
       String msg = e.getException().callMethod(wrapped.getCurrentContext(), "message").asJavaString();
@@ -107,29 +111,29 @@ public class SandboxFull extends RubyObject {
           // superclasses as well.
           sup = importClassPath(runtimeModule.getSuperClass().getName(), true);
         }
-
+        
         RubyClass klass = (RubyClass) sup;
         if (wrappedModule == wrapped.getObject()) {
-
+          
           if (link || runtimeModule instanceof RubyClass){ // if this is a ref and not an import
             wrappedModule = wrapped.defineClass(name, klass, klass.getAllocator());
           } else {
             wrappedModule = wrapped.defineModule(name);
           }
-
+          
         } else {
           if (runtimeModule instanceof RubyClass){
             wrappedModule = wrappedModule.defineClassUnder(name, klass, klass.getAllocator());
           } else {
             wrappedModule = wrappedModule.defineModuleUnder(name);
           }
-
+          
         }
       } else {
         // ...or just resolve it, if it was already known
         wrappedModule = (RubyModule) wrappedModule.getConstantAt(name);
       }
-
+      
       // Check the consistency of the hierarchy
       if (runtimeModule instanceof RubyClass) {
         if (!link && !runtimeModule.getSuperClass().getName().equals(wrappedModule.getSuperClass().getName())) {

data/lib/sandbox/version.rb

@@ -1,3 +1,3 @@
 module Sandbox
-  VERSION = '0.1.4'
+  VERSION = '0.2.0'
 end

data/lib/sandbox.rb

@@ -1,10 +1,11 @@
 require 'sandbox/sandbox'
 require 'sandbox/version'
 require 'fakefs/safe'
-require 'timeout'
 
 module Sandbox
   PRELUDE = File.expand_path('../sandbox/prelude.rb', __FILE__).freeze # :nodoc:
+  
+  TimeoutError = Class.new(Exception)
 
   class << self
     def new
@@ -19,7 +20,7 @@ module Sandbox
   class Safe < Full
     def activate!
       activate_fakefs
-
+      
       keep_singleton_methods(:Kernel, KERNEL_S_METHODS)
       keep_singleton_methods(:Symbol, SYMBOL_S_METHODS)
       keep_singleton_methods(:String, STRING_S_METHODS)
@@ -33,62 +34,97 @@ module Sandbox
       keep_methods(:Enumerable, ENUMERABLE_METHODS)
       keep_methods(:String, STRING_METHODS)
     end
-
+    
     def activate_fakefs
       require 'fileutils'
-
+      
       # unfortunately, the authors of FakeFS used `extend self` in FileUtils, instead of `module_function`.
       # I fixed it for them
       (FakeFS::FileUtils.methods - Module.methods - Kernel.methods).each do |module_method_name|
         FakeFS::FileUtils.send(:module_function, module_method_name)
       end
-
+      
       import  FakeFS
       ref     FakeFS::Dir
       ref     FakeFS::File
       ref     FakeFS::FileTest
       import  FakeFS::FileUtils #import FileUtils because it is a module
-
+      
+      # this is basically what FakeFS.activate! does, but we want to do it in the sandbox
+      # so we have to live with this:
       eval <<-RUBY
         Object.class_eval do
           remove_const(:Dir)
           remove_const(:File)
           remove_const(:FileTest)
           remove_const(:FileUtils)
-
+      
           const_set(:Dir,       FakeFS::Dir)
           const_set(:File,      FakeFS::File)
           const_set(:FileUtils, FakeFS::FileUtils)
           const_set(:FileTest,  FakeFS::FileTest)
+        end
 
-          [Dir, File, FileUtils, FileTest].each do |fake_class|
-            fake_class.class_eval do
-              def self.class_eval 
-                raise NoMethodError, "class_eval is unavailable"
-              end
-              def self.instance_eval 
-                raise NoMethodError, "instance_eval is unavailable"
-              end
+        [Dir, File, FileUtils, FileTest].each do |fake_class|
+          fake_class.class_eval do
+            def self.class_eval 
+              raise NoMethodError, "class_eval is unavailable"
+            end
+            def self.instance_eval 
+              raise NoMethodError, "instance_eval is unavailable"
             end
           end
         end
       RUBY
-
+      
       FakeFS::FileSystem.clear
     end
-
-    def eval_with_timeout(code, timeout=10)
-      require 'timeout'
-
-      timeout_code = <<-RUBY
-        Timeout.timeout(#{timeout}) do
-          #{code}
+    
+    def eval(code, options={})
+      
+      if seconds = options[:timeout]
+        sandbox_timeout(code, seconds) do
+          super code
         end
-      RUBY
-
-      eval timeout_code
+      else
+        super code
+      end
+      
     end
-
+    
+    private
+    
+    def sandbox_timeout(name, seconds)
+      val, exc = nil
+      
+      thread = Thread.start(name) do
+        begin
+          val = yield
+        rescue Exception => exc
+        end
+      end
+      
+      thread.join(seconds)
+    
+      if thread.alive?
+        if thread.respond_to? :kill!
+          thread.kill!
+        else
+          thread.kill
+        end
+      
+        timed_out = true
+      end
+    
+      if timed_out
+        raise TimeoutError, "#{self.class} timed out"
+      elsif exc
+        raise exc
+      else
+        val
+      end
+    end
+    
     IO_S_METHODS = %w[
       new
       foreach

data/spec/sandbox_spec.rb

@@ -23,7 +23,7 @@ describe Sandbox do
       subject.eval('`echo hello`').should == "hello\n"
 
       subject.activate!
-        
+
       expect {
         subject.eval('`echo hello`')
       }.to raise_error(Sandbox::SandboxException)
@@ -55,7 +55,7 @@ describe Sandbox do
       
       expect {
         subject.eval(%{FileUtils.cp('/bar.txt', '/baz.txt')})
-      }.to_not raise_error(Sandbox::SandboxException, /Sandbox::SandboxException: NoMethodError: /)
+      }.to_not raise_error(Sandbox::SandboxException, /NoMethodError/)
     end
   end
 
@@ -73,7 +73,7 @@ describe Sandbox do
     end
   end
   
-  describe "#eval_with_timeout" do
+  describe "#eval with timeout" do
     subject { Sandbox.safe }
     
     context "before it's been activated" do
@@ -83,8 +83,18 @@ describe Sandbox do
         RUBY
 
         expect {
-          subject.eval_with_timeout(long_code, 1)
-        }.to raise_error(Sandbox::SandboxException, /Timeout/)
+          subject.eval(long_code, timeout: 1)
+        }.to raise_error(Sandbox::TimeoutError)
+      end
+      
+      it "should not raise a timeout error if the code runs in under the passed in time" do
+        short_code = <<-RUBY
+          1+1
+        RUBY
+        
+        expect {
+          subject.eval(short_code, timeout: 1)
+        }.to_not raise_error(Sandbox::TimeoutError)
       end
     end
     
@@ -97,10 +107,16 @@ describe Sandbox do
         RUBY
 
         expect {
-          Timeout.timeout(3) do
-            subject.eval_with_timeout(long_code, 1)
-          end
-        }.to raise_error(Sandbox::SandboxException, /Timeout/)
+          subject.eval(long_code, timeout: 1)
+        }.to raise_error(Sandbox::TimeoutError)
+      end
+      
+      it "should persist state between evaluations" do
+        subject.eval('o = Object.new', timeout: 1)
+        
+        expect {
+          subject.eval('o', timeout: 1)
+        }.to_not raise_error(Sandbox::SandboxException)
       end
     end
   end

metadata

@@ -1,97 +1,86 @@
 --- !ruby/object:Gem::Specification
 name: jruby_sandbox
 version: !ruby/object:Gem::Version
-  version: 0.1.4
-  prerelease: 
+  version: 0.2.0
 platform: java
 authors:
 - Dray Lacy
 - Eric Allam
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-11-07 00:00:00.000000000 Z
+date: 2013-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fakefs
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
   prerelease: false
+  type: :runtime
+- !ruby/object:Gem::Dependency
+  name: rake
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
   prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake-compiler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
   prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency
+  name: rspec
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
   prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency
+  name: yard
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: yard
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+  type: :development
 description: A version of _why's Freaky Freaky Sandbox for JRuby.
 email:
 - dray@envylabs.com
@@ -101,6 +90,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .ruby-version
 - .rvmrc
 - Gemfile
 - Gemfile.lock
@@ -122,30 +112,28 @@ files:
 - lib/sandbox/sandbox.jar
 homepage: http://github.com/omghax/jruby-sandbox
 licenses: []
-post_install_message: 
+metadata: {}
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: jruby_sandbox
-rubygems_version: 1.8.23
-signing_key: 
-specification_version: 3
+rubygems_version: 2.1.9
+signing_key:
+specification_version: 4
 summary: Sandbox support for JRuby
 test_files:
 - spec/exploits_spec.rb
 - spec/sandbox_spec.rb
 - spec/support/foo.txt
-has_rdoc: