jruby_sandbox 0.2.1-java → 0.2.2-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/sandbox/version.rb +1 -1
  4. data/lib/sandbox.rb +3 -0
  5. data/spec/exploits_spec.rb +24 -0
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d9cee93864fe9088e39d5da9838a9929cd93eda3
4
- data.tar.gz: c1f9ab8ae12cf194cc39838a6201ae35b5f769a1
3
+ metadata.gz: 3cdc0b53cef5a2d1d509646a3b963d348b50e06d
4
+ data.tar.gz: 41e5404e7e6c76dfc1ff75be32c640e7e2aeb39f
5
5
  SHA512:
6
- metadata.gz: 915fab034e4d057e037af65442755c67f6812c4b8d12a6d276e82e06fc2ac5658a720976ccb06a079409ed66b0c3b0a72a5b14cfb91bd60540a30704cf097535
7
- data.tar.gz: cc393077aa2d6f4ddc696ec058e727f8982224a517097385f341e726ac3de94b709bb58e4d4641aae5918d94fa0033e61f5955f6ca73e52785072891f0828713
6
+ metadata.gz: c23b753187b1c877a27e4d443e38a79653d092fef60ad03d5fca2b3aa033e1609ec51bd66cfb784c1b96aa8363d2d2087b8abb7255666aca756052aa732719a8
7
+ data.tar.gz: 5f2c9be34c59aef1d159521c88ba4d4687a237a99d85f1b7522a4272f8bbfd8aa7e9849ca902b3ee831af0b428800f8de0f7cf79465c21dca6b53ac45af48e71
data/Gemfile.lock CHANGED
@@ -8,7 +8,7 @@ GIT
8
8
  PATH
9
9
  remote: .
10
10
  specs:
11
- jruby_sandbox (0.2.0-java)
11
+ jruby_sandbox (0.2.2-java)
12
12
  fakefs
13
13
 
14
14
  GEM
data/lib/sandbox/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Sandbox
2
- VERSION = '0.2.1'
2
+ VERSION = '0.2.2'
3
3
  end
data/lib/sandbox.rb CHANGED
@@ -38,6 +38,9 @@ module Sandbox
38
38
  def `(*args)
39
39
  raise NoMethodError, "` is unavailable"
40
40
  end
41
+ def system(*args)
42
+ raise NoMethodError, "system is unavailable"
43
+ end
41
44
  end
42
45
  end
43
46
 
data/spec/exploits_spec.rb CHANGED
@@ -18,6 +18,12 @@ describe "Sandbox exploits" do
18
18
  }.to raise_error(Sandbox::SandboxException)
19
19
  end
20
20
 
21
+ it "should not allow running system commands using system" do
22
+ expect {
23
+ subject.eval 'system("ls")'
24
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
25
+ end
26
+
21
27
  it "should not allow running system commands through File.class_eval" do
22
28
  expect {
23
29
  subject.eval 'File.class_eval { `echo Hello` }'
@@ -36,6 +42,24 @@ describe "Sandbox exploits" do
36
42
  }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
37
43
  end
38
44
 
45
+ it "should not allow running system commands through File.eval" do
46
+ expect {
47
+ subject.eval 'File.eval "`echo Hello`"'
48
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
49
+
50
+ expect {
51
+ subject.eval 'FileUtils.eval "`echo Hello`"'
52
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
53
+
54
+ expect {
55
+ subject.eval 'Dir.eval "`echo Hello`"'
56
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
57
+
58
+ expect {
59
+ subject.eval 'FileTest.eval "`echo Hello`"'
60
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
61
+ end
62
+
39
63
  it "should not allow running system commands through File.instance_eval" do
40
64
  expect {
41
65
  subject.eval 'File.instance_eval { `echo Hello` }'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jruby_sandbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.2.2
5
5
  platform: java
6
6
  authors:
7
7
  - Dray Lacy