jruby_sandbox 0.2.1-java → 0.2.2-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/sandbox/version.rb +1 -1
  4. data/lib/sandbox.rb +3 -0
  5. data/spec/exploits_spec.rb +24 -0
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d9cee93864fe9088e39d5da9838a9929cd93eda3
4
- data.tar.gz: c1f9ab8ae12cf194cc39838a6201ae35b5f769a1
3
+ metadata.gz: 3cdc0b53cef5a2d1d509646a3b963d348b50e06d
4
+ data.tar.gz: 41e5404e7e6c76dfc1ff75be32c640e7e2aeb39f
5
5
  SHA512:
6
- metadata.gz: 915fab034e4d057e037af65442755c67f6812c4b8d12a6d276e82e06fc2ac5658a720976ccb06a079409ed66b0c3b0a72a5b14cfb91bd60540a30704cf097535
7
- data.tar.gz: cc393077aa2d6f4ddc696ec058e727f8982224a517097385f341e726ac3de94b709bb58e4d4641aae5918d94fa0033e61f5955f6ca73e52785072891f0828713
6
+ metadata.gz: c23b753187b1c877a27e4d443e38a79653d092fef60ad03d5fca2b3aa033e1609ec51bd66cfb784c1b96aa8363d2d2087b8abb7255666aca756052aa732719a8
7
+ data.tar.gz: 5f2c9be34c59aef1d159521c88ba4d4687a237a99d85f1b7522a4272f8bbfd8aa7e9849ca902b3ee831af0b428800f8de0f7cf79465c21dca6b53ac45af48e71
data/Gemfile.lock CHANGED
@@ -8,7 +8,7 @@ GIT
8
8
  PATH
9
9
  remote: .
10
10
  specs:
11
- jruby_sandbox (0.2.0-java)
11
+ jruby_sandbox (0.2.2-java)
12
12
  fakefs
13
13
 
14
14
  GEM
data/lib/sandbox/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Sandbox
2
- VERSION = '0.2.1'
2
+ VERSION = '0.2.2'
3
3
  end
data/lib/sandbox.rb CHANGED
@@ -38,6 +38,9 @@ module Sandbox
38
38
  def `(*args)
39
39
  raise NoMethodError, "` is unavailable"
40
40
  end
41
+ def system(*args)
42
+ raise NoMethodError, "system is unavailable"
43
+ end
41
44
  end
42
45
  end
43
46
 
data/spec/exploits_spec.rb CHANGED
@@ -18,6 +18,12 @@ describe "Sandbox exploits" do
18
18
  }.to raise_error(Sandbox::SandboxException)
19
19
  end
20
20
 
21
+ it "should not allow running system commands using system" do
22
+ expect {
23
+ subject.eval 'system("ls")'
24
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
25
+ end
26
+
21
27
  it "should not allow running system commands through File.class_eval" do
22
28
  expect {
23
29
  subject.eval 'File.class_eval { `echo Hello` }'
@@ -36,6 +42,24 @@ describe "Sandbox exploits" do
36
42
  }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
37
43
  end
38
44
 
45
+ it "should not allow running system commands through File.eval" do
46
+ expect {
47
+ subject.eval 'File.eval "`echo Hello`"'
48
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
49
+
50
+ expect {
51
+ subject.eval 'FileUtils.eval "`echo Hello`"'
52
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
53
+
54
+ expect {
55
+ subject.eval 'Dir.eval "`echo Hello`"'
56
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
57
+
58
+ expect {
59
+ subject.eval 'FileTest.eval "`echo Hello`"'
60
+ }.to raise_error(Sandbox::SandboxException, /NoMethodError/)
61
+ end
62
+
39
63
  it "should not allow running system commands through File.instance_eval" do
40
64
  expect {
41
65
  subject.eval 'File.instance_eval { `echo Hello` }'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jruby_sandbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.2.2
5
5
  platform: java
6
6
  authors:
7
7
  - Dray Lacy