jruby_sandbox 0.2.0-java → 0.2.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/sandbox/version.rb +1 -1
- data/lib/sandbox.rb +6 -0
- data/spec/exploits_spec.rb +6 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d9cee93864fe9088e39d5da9838a9929cd93eda3
|
|
4
|
+
data.tar.gz: c1f9ab8ae12cf194cc39838a6201ae35b5f769a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 915fab034e4d057e037af65442755c67f6812c4b8d12a6d276e82e06fc2ac5658a720976ccb06a079409ed66b0c3b0a72a5b14cfb91bd60540a30704cf097535
|
|
7
|
+
data.tar.gz: cc393077aa2d6f4ddc696ec058e727f8982224a517097385f341e726ac3de94b709bb58e4d4641aae5918d94fa0033e61f5955f6ca73e52785072891f0828713
|
data/lib/sandbox/version.rb
CHANGED
data/lib/sandbox.rb
CHANGED
|
@@ -33,6 +33,12 @@ module Sandbox
|
|
|
33
33
|
keep_methods(:FalseClass, FALSECLASS_METHODS)
|
|
34
34
|
keep_methods(:Enumerable, ENUMERABLE_METHODS)
|
|
35
35
|
keep_methods(:String, STRING_METHODS)
|
|
36
|
+
|
|
37
|
+
Kernel.class_eval do
|
|
38
|
+
def `(*args)
|
|
39
|
+
raise NoMethodError, "` is unavailable"
|
|
40
|
+
end
|
|
41
|
+
end
|
|
36
42
|
end
|
|
37
43
|
|
|
38
44
|
def activate_fakefs
|
data/spec/exploits_spec.rb
CHANGED
|
@@ -12,6 +12,12 @@ describe "Sandbox exploits" do
|
|
|
12
12
|
subject.activate!
|
|
13
13
|
end
|
|
14
14
|
|
|
15
|
+
it 'should not allow access to the filesystem using backticks' do
|
|
16
|
+
expect {
|
|
17
|
+
subject.eval('`cat spec/support/foo.txt`')
|
|
18
|
+
}.to raise_error(Sandbox::SandboxException)
|
|
19
|
+
end
|
|
20
|
+
|
|
15
21
|
it "should not allow running system commands through File.class_eval" do
|
|
16
22
|
expect {
|
|
17
23
|
subject.eval 'File.class_eval { `echo Hello` }'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jruby_sandbox
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Dray Lacy
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-11-
|
|
12
|
+
date: 2013-11-30 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: fakefs
|