jruby_sandbox 0.2.0-java → 0.2.1-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sandbox/version.rb +1 -1
  3. data/lib/sandbox.rb +6 -0
  4. data/spec/exploits_spec.rb +6 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 072482dce6da86c8ee7a942fb1e66fd00debe215
4
- data.tar.gz: 01767fa5c25221cd5fc66dd15210b7e6c6106078
3
+ metadata.gz: d9cee93864fe9088e39d5da9838a9929cd93eda3
4
+ data.tar.gz: c1f9ab8ae12cf194cc39838a6201ae35b5f769a1
5
5
  SHA512:
6
- metadata.gz: fee8ee1cde9b266b761c4300e17d05354da618afcb04ed56462042fdff8ed2b5af8edf1459a6d66b59d7f8378199e907cd283530c83e469ea80744f62651ac2f
7
- data.tar.gz: 869380ff05222788d77bb6be8fe24a68998d28734b53150f6aef5963bcd8cf3cd9e1749d79ee1cac84c77720515ec08ff3329282fb897d299d38e7d99436be37
6
+ metadata.gz: 915fab034e4d057e037af65442755c67f6812c4b8d12a6d276e82e06fc2ac5658a720976ccb06a079409ed66b0c3b0a72a5b14cfb91bd60540a30704cf097535
7
+ data.tar.gz: cc393077aa2d6f4ddc696ec058e727f8982224a517097385f341e726ac3de94b709bb58e4d4641aae5918d94fa0033e61f5955f6ca73e52785072891f0828713
data/lib/sandbox/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Sandbox
2
- VERSION = '0.2.0'
2
+ VERSION = '0.2.1'
3
3
  end
data/lib/sandbox.rb CHANGED
@@ -33,6 +33,12 @@ module Sandbox
33
33
  keep_methods(:FalseClass, FALSECLASS_METHODS)
34
34
  keep_methods(:Enumerable, ENUMERABLE_METHODS)
35
35
  keep_methods(:String, STRING_METHODS)
36
+
37
+ Kernel.class_eval do
38
+ def `(*args)
39
+ raise NoMethodError, "` is unavailable"
40
+ end
41
+ end
36
42
  end
37
43
 
38
44
  def activate_fakefs
data/spec/exploits_spec.rb CHANGED
@@ -12,6 +12,12 @@ describe "Sandbox exploits" do
12
12
  subject.activate!
13
13
  end
14
14
 
15
+ it 'should not allow access to the filesystem using backticks' do
16
+ expect {
17
+ subject.eval('`cat spec/support/foo.txt`')
18
+ }.to raise_error(Sandbox::SandboxException)
19
+ end
20
+
15
21
  it "should not allow running system commands through File.class_eval" do
16
22
  expect {
17
23
  subject.eval 'File.class_eval { `echo Hello` }'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jruby_sandbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: java
6
6
  authors:
7
7
  - Dray Lacy
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-11-08 00:00:00.000000000 Z
12
+ date: 2013-11-30 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: fakefs