jruby_sandbox 0.2.2-java → 0.2.3-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3cdc0b53cef5a2d1d509646a3b963d348b50e06d
-  data.tar.gz: 41e5404e7e6c76dfc1ff75be32c640e7e2aeb39f
+  metadata.gz: 20db9f92162ab81d708ba65399e609c732fd1112
+  data.tar.gz: 3e23f62108ab2637d034f1c90f04da46e1569da7
 SHA512:
-  metadata.gz: c23b753187b1c877a27e4d443e38a79653d092fef60ad03d5fca2b3aa033e1609ec51bd66cfb784c1b96aa8363d2d2087b8abb7255666aca756052aa732719a8
-  data.tar.gz: 5f2c9be34c59aef1d159521c88ba4d4687a237a99d85f1b7522a4272f8bbfd8aa7e9849ca902b3ee831af0b428800f8de0f7cf79465c21dca6b53ac45af48e71
+  metadata.gz: ed461f57a6f7b2fd11f2eee081356d05a1a2f81a4df582ebe13b9efa393812bf457ce5d861bca90c1dd4aaee0b193810b7e724727beafdb4797b34d5bd326685
+  data.tar.gz: 7002942c8eed69c5ede100b792f663431b922fc7eb013fcabfd6a899ba9726ab62b5ddbc2a64a170e398a0ee55b04f2157f98d2ddc4bd727c696e5c8b1cf2236

data/.gitignore

@@ -1,5 +1,7 @@
 *.gem
 .bundle
+.ruby-gemset
+Gemfile.lock
 lib/sandbox/sandbox.jar
 pkg/*
 tags

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - jruby-19mode

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# JRuby Sandbox Changelog
+
+## 0.2.3 (April 24, 2014)
+
+* [SECURITY] Remove access to Object#java\_import.

data/README.md

@@ -1,17 +1,24 @@
 JRuby Sandbox
 =============
 
-The JRuby sandbox is a reimplementation of _why's freaky freaky sandbox
+[![Build Status](https://travis-ci.org/omghax/jruby-sandbox.png?branch=master)](https://travis-ci.org/omghax/jruby-sandbox)
+
+The JRuby sandbox is a reimplementation of \_why's freaky freaky sandbox
 in JRuby, and is heavily based on [javasand][1] by Ola Bini, but updated
-for JRuby 1.6.
+for JRuby 1.7.
 
 ## Prerequisites
 
-This gem requires JRuby 1.6. As of the time of this writing, it is known to
-work with the latest stable version of JRuby, 1.6.3. You can install it via
-RVM with the following command:
+This gem was developed against JRuby 1.7.6, and is known to work with 1.7.8,
+but has not been tested against other versions, so proceed at your own risk.
+The Travis CI configuration specifies the `jruby-19mode` target, which floats
+between exact versions of JRuby. At the time of writing, this is currently
+JRuby 1.7.8. You can see a list of Travis CI's provided rubies [here][2]. As
+long as the build is green you should be good to go.
+
+Installing JRuby is simple with RVM:
 
-    rvm install jruby-1.6.3
+    rvm install jruby-1.7.6
 
 ## Building
 
@@ -27,50 +34,53 @@ code without polluting the host environment.
     => true
     >> sand = Sandbox::Full.new
     => #<Sandbox::Full:0x46377e2a>
-    >> sand.eval("x = 1 + 2")
+    >> sand.eval("x = 1 + 2") # we've defined x in the sandbox
     => 3
     >> sand.eval("x")
     => 3
-    >> x
+    >> x # but it hasn't leaked out into the host interpreter
     NameError: undefined local variable or method `x' for #<Object:0x11cdc190>
 
-There's also `Sandbox::Full#require`, which lets you invoke
-`Kernel#require` directly for the sandbox, so you can load any trusted
-core libraries.  Note that this is a direct binding to `Kernel#require`,
-so it will only load ruby stdlib libraries (i.e. no rubygems support
-yet).
+There's also `Sandbox::Full#require`, which lets you invoke `Kernel#require`
+directly for the sandbox, so you can load any trusted core libraries. Note that
+this is a direct binding to `Kernel#require`, so it will only load ruby stdlib
+libraries (i.e. no rubygems support yet).
 
 ## Sandbox::Safe usage
 
-Sandbox::Safe exposes an `#activate!` method which will lock down the sandbox, removing unsafe methods.  Before calling `#activate!`, Sandbox::Safe is the same as Sandbox::Full.
+Sandbox::Safe exposes an `#activate!` method which will lock down the sandbox,
+removing unsafe methods. Before calling `#activate!`, Sandbox::Safe is the same
+as Sandbox::Full.
 
     >> require 'sandbox'
-    => true 
+    => true
     >> sand = Sandbox.safe
-    => #<Sandbox::Safe:0x17072b90> 
+    => #<Sandbox::Safe:0x17072b90>
     >> sand.eval %{`echo HELLO`}
-    => "HELLO\n" 
-    >> sand.activate! 
+    => "HELLO\n"
+    >> sand.activate!
     >> sand.eval %{`echo HELLO`}
     Sandbox::SandboxException: NoMethodError: undefined method ``' for main:Object
 
-Sandbox::Safe works by whitelisting methods to keep, and removing the rest.  Checkout sandbox.rb for which methods are kept.
+Sandbox::Safe works by whitelisting methods to keep, and removing the rest.
+Checkout sandbox.rb for which methods are kept.
 
-Sandbox::Safe.activate! will also isolate the sandbox environment from the filesystem using FakeFS. 
+Sandbox::Safe.activate! will also isolate the sandbox environment from the
+filesystem using FakeFS.
 
      >> require 'sandbox'
-     => true 
+     => true
      >> s = Sandbox.safe
-     => #<Sandbox::Safe:0x3fdb8a73> 
+     => #<Sandbox::Safe:0x3fdb8a73>
      >> s.eval('Dir["/"]')
-     => ["/"] 
+     => ["/"]
      >> s.eval('Dir["/*"]')
-     => ["/Applications", "/bin", "/cores", "/dev", etc.] 
+     => ["/Applications", "/bin", "/cores", "/dev", etc.]
      > s.activate!
      >> s.eval('Dir["/*"]')
-     => [] 
+     => []
      > Dir['/*']
-     => ["/Applications", "/bin", "/cores", "/dev", etc.] 
+     => ["/Applications", "/bin", "/cores", "/dev", etc.]
 
 ## Known Issues / TODOs
 
@@ -78,3 +88,4 @@ Sandbox::Safe.activate! will also isolate the sandbox environment from the files
     sandbox to loop indefinitely and block the host interpreter.
 
 [1]: http://ola-bini.blogspot.com/2006/12/freaky-freaky-sandbox-has-come-to-jruby.html
+[2]: http://about.travis-ci.org/docs/user/ci-environment/#Ruby-(aka-common)-VM-images

data/ext/java/sandbox/BoxedClass.java

@@ -1,5 +1,7 @@
 package sandbox;
 
+import org.jruby.Ruby;
+import org.jruby.RubyClass;
 import org.jruby.anno.JRubyClass;
 import org.jruby.anno.JRubyMethod;
 import org.jruby.runtime.builtin.IRubyObject;
@@ -7,6 +9,14 @@ import org.jruby.runtime.Block;
 
 @JRubyClass(name="BoxedClass")
 public class BoxedClass {
+  protected static RubyClass createBoxedClassClass(final Ruby runtime) {
+    RubyClass cObject = runtime.getObject();
+    RubyClass cBoxedClass = runtime.defineClass("BoxedClass", cObject, cObject.getAllocator());
+    cBoxedClass.defineAnnotatedMethods(BoxedClass.class);
+
+    return cBoxedClass;
+  }
+
   @JRubyMethod(module=true, rest=true)
   public static IRubyObject method_missing(IRubyObject recv, IRubyObject[] args, Block block) {
     IRubyObject[] args2 = new IRubyObject[args.length - 1];

data/ext/java/sandbox/SandboxFull.java

@@ -14,6 +14,7 @@ import org.jruby.anno.JRubyClass;
 import org.jruby.anno.JRubyMethod;
 import org.jruby.internal.runtime.methods.DynamicMethod;
 import org.jruby.runtime.Block;
+import org.jruby.runtime.ObjectAllocator;
 import org.jruby.runtime.builtin.IRubyObject;
 import org.jruby.common.IRubyWarnings;
 import org.jruby.exceptions.RaiseException;
@@ -22,10 +23,16 @@ import org.jruby.runtime.DynamicScope;
 
 @JRubyClass(name="Sandbox::Full")
 public class SandboxFull extends RubyObject {
+  protected static ObjectAllocator FULL_ALLOCATOR = new ObjectAllocator() {
+    public IRubyObject allocate(Ruby runtime, RubyClass klass) {
+      return new SandboxFull(runtime, klass);
+    }
+  };
+
   private Ruby wrapped;
   private DynamicScope currentScope;
 
-  public SandboxFull(Ruby runtime, RubyClass type) {
+  protected SandboxFull(Ruby runtime, RubyClass type) {
     super(runtime, type);
     reload();
   }
@@ -44,12 +51,10 @@ public class SandboxFull extends RubyObject {
     cfg.setProfile(profile);
 
     wrapped = Ruby.newInstance(cfg);
-
-    RubyClass cBoxedClass = wrapped.defineClass("BoxedClass", wrapped.getObject(), wrapped.getObject().getAllocator());
-    cBoxedClass.defineAnnotatedMethods(BoxedClass.class);
-    
     currentScope = wrapped.getCurrentContext().getCurrentScope();
 
+    BoxedClass.createBoxedClassClass(wrapped);
+
     return this;
   }
 
@@ -115,14 +120,14 @@ public class SandboxFull extends RubyObject {
         RubyClass klass = (RubyClass) sup;
         if (wrappedModule == wrapped.getObject()) {
           
-          if (link || runtimeModule instanceof RubyClass){ // if this is a ref and not an import
+          if (link || runtimeModule instanceof RubyClass) { // if this is a ref and not an import
             wrappedModule = wrapped.defineClass(name, klass, klass.getAllocator());
           } else {
             wrappedModule = wrapped.defineModule(name);
           }
           
         } else {
-          if (runtimeModule instanceof RubyClass){
+          if (runtimeModule instanceof RubyClass) {
             wrappedModule = wrappedModule.defineClassUnder(name, klass, klass.getAllocator());
           } else {
             wrappedModule = wrappedModule.defineModuleUnder(name);
@@ -273,16 +278,16 @@ public class SandboxFull extends RubyObject {
 
   protected static IRubyObject getLinkedObject(IRubyObject arg) {
     IRubyObject object = arg.getRuntime().getNil();
-    if (arg.getInstanceVariables().getInstanceVariable("__link__") != null) {
-      object = (IRubyObject) arg.getInstanceVariables().fastGetInstanceVariable("__link__");
+    if (arg.getInstanceVariables().hasInstanceVariable("__link__")) {
+      object = (IRubyObject) arg.getInstanceVariables().getInstanceVariable("__link__");
     }
     return object;
   }
 
   protected static IRubyObject getLinkedBox(IRubyObject arg) {
     IRubyObject object = arg.getRuntime().getNil();
-    if (arg.getInstanceVariables().getInstanceVariable("__box__") != null) {
-      object = (IRubyObject) arg.getInstanceVariables().fastGetInstanceVariable("__box__");
+    if (arg.getInstanceVariables().hasInstanceVariable("__box__")) {
+      object = (IRubyObject) arg.getInstanceVariables().getInstanceVariable("__box__");
     }
     return object;
   }

data/ext/java/sandbox/SandboxModule.java

@@ -1,10 +1,33 @@
 package sandbox;
 
 import org.jruby.Profile;
+import org.jruby.Ruby;
+import org.jruby.RubyClass;
+import org.jruby.RubyModule;
+import org.jruby.anno.JRubyClass;
 import org.jruby.anno.JRubyMethod;
 import org.jruby.runtime.builtin.IRubyObject;
 
 public class SandboxModule {
+  /**
+   * Create the Sandbox module and add it to the Ruby runtime.
+   */
+  public static RubyModule createSandboxModule(final Ruby runtime) {
+    RubyModule mSandbox = runtime.defineModule("Sandbox");
+    mSandbox.defineAnnotatedMethods(SandboxModule.class);
+
+    RubyClass cObject = runtime.getObject();
+    RubyClass cSandboxFull = mSandbox.defineClassUnder("Full", cObject, SandboxFull.FULL_ALLOCATOR);
+    cSandboxFull.defineAnnotatedMethods(SandboxFull.class);
+    RubyClass cStandardError = runtime.getStandardError();
+    RubyClass cSandboxException = mSandbox.defineClassUnder("SandboxException", cStandardError, cStandardError.getAllocator());
+
+    return mSandbox;
+  }
+
+  @JRubyClass(name="Sandbox::SandboxException", parent="StandardError")
+  public static class SandboxException {}
+
   @JRubyMethod(name="current", meta=true)
   public static IRubyObject s_current(IRubyObject recv) {
     Profile prof = recv.getRuntime().getProfile();

data/ext/java/sandbox/SandboxService.java

@@ -3,10 +3,6 @@ package sandbox;
 import java.io.IOException;
 
 import org.jruby.Ruby;
-import org.jruby.RubyClass;
-import org.jruby.RubyModule;
-import org.jruby.runtime.ObjectAllocator;
-import org.jruby.runtime.builtin.IRubyObject;
 import org.jruby.runtime.load.BasicLibraryService;
 
 public class SandboxService implements BasicLibraryService {
@@ -16,18 +12,6 @@ public class SandboxService implements BasicLibraryService {
   }
 
   private void init(Ruby runtime) {
-    RubyModule mSandbox = runtime.defineModule("Sandbox");
-    mSandbox.defineAnnotatedMethods(SandboxModule.class);
-
-    RubyClass cSandboxFull = mSandbox.defineClassUnder("Full", runtime.getObject(), FULL_ALLOCATOR);
-    cSandboxFull.defineAnnotatedMethods(SandboxFull.class);
-
-    RubyClass cSandboxException = mSandbox.defineClassUnder("SandboxException", runtime.getException(), runtime.getException().getAllocator());
+    SandboxModule.createSandboxModule(runtime);
   }
-
-  protected static final ObjectAllocator FULL_ALLOCATOR = new ObjectAllocator() {
-    public IRubyObject allocate(Ruby runtime, RubyClass klass) {
-      return new SandboxFull(runtime, klass);
-    }
-  };
 }

data/jruby_sandbox.gemspec

@@ -1,27 +1,28 @@
 # -*- encoding: utf-8 -*-
-$:.push File.expand_path('../lib', __FILE__)
-require 'sandbox/version'
+$:.push File.expand_path("../lib", __FILE__)
+require "sandbox/version"
 
 Gem::Specification.new do |s|
-  s.name        = 'jruby_sandbox'
+  s.name        = "jruby_sandbox"
   s.version     = Sandbox::VERSION
-  s.platform    = 'java'
-  s.authors     = ['Dray Lacy', 'Eric Allam']
-  s.email       = ['dray@envylabs.com', 'eric@envylabs.com']
-  s.homepage    = 'http://github.com/omghax/jruby-sandbox'
-  s.summary     = 'Sandbox support for JRuby'
+  s.platform    = "java"
+  s.authors     = ["Dray Lacy", "Eric Allam"]
+  s.email       = ["dray@envylabs.com", "eric@envylabs.com"]
+  s.homepage    = "http://github.com/omghax/jruby-sandbox"
+  s.summary     = "Sandbox support for JRuby"
   s.description = "A version of _why's Freaky Freaky Sandbox for JRuby."
 
-  s.rubyforge_project = 'jruby_sandbox'
+  s.rubyforge_project = "jruby_sandbox"
 
-  s.files         = `git ls-files`.split("\n") + ['lib/sandbox/sandbox.jar']
+  s.files         = `git ls-files`.split("\n") + ["lib/sandbox/sandbox.jar"]
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-  s.require_paths = ['lib']
-  
-  s.add_dependency 'fakefs'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'rake-compiler'
-  s.add_development_dependency 'rspec'
-  s.add_development_dependency 'yard'
+  s.require_paths = ["lib"]
+
+  s.add_dependency "fakefs"
+
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rake-compiler"
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "yard"
 end

data/lib/sandbox.rb

@@ -1,11 +1,9 @@
-require 'sandbox/sandbox'
-require 'sandbox/version'
-require 'fakefs/safe'
+require "sandbox/sandbox"
+require "sandbox/version"
+require "sandbox/safe"
 
 module Sandbox
-  PRELUDE = File.expand_path('../sandbox/prelude.rb', __FILE__).freeze # :nodoc:
-  
-  TimeoutError = Class.new(Exception)
+  PRELUDE = File.expand_path("../sandbox/prelude.rb", __FILE__).freeze # :nodoc:
 
   class << self
     def new
@@ -16,395 +14,4 @@ module Sandbox
       Safe.new
     end
   end
-
-  class Safe < Full
-    def activate!
-      activate_fakefs
-      
-      keep_singleton_methods(:Kernel, KERNEL_S_METHODS)
-      keep_singleton_methods(:Symbol, SYMBOL_S_METHODS)
-      keep_singleton_methods(:String, STRING_S_METHODS)
-      keep_singleton_methods(:IO, IO_S_METHODS)
-
-      keep_methods(:Kernel, KERNEL_METHODS)
-      keep_methods(:NilClass, NILCLASS_METHODS)
-      keep_methods(:Symbol, SYMBOL_METHODS)
-      keep_methods(:TrueClass, TRUECLASS_METHODS)
-      keep_methods(:FalseClass, FALSECLASS_METHODS)
-      keep_methods(:Enumerable, ENUMERABLE_METHODS)
-      keep_methods(:String, STRING_METHODS)
-
-      Kernel.class_eval do
-        def `(*args)
-          raise NoMethodError, "` is unavailable"
-        end
-        def system(*args)
-          raise NoMethodError, "system is unavailable"
-        end
-      end
-    end
-    
-    def activate_fakefs
-      require 'fileutils'
-      
-      # unfortunately, the authors of FakeFS used `extend self` in FileUtils, instead of `module_function`.
-      # I fixed it for them
-      (FakeFS::FileUtils.methods - Module.methods - Kernel.methods).each do |module_method_name|
-        FakeFS::FileUtils.send(:module_function, module_method_name)
-      end
-      
-      import  FakeFS
-      ref     FakeFS::Dir
-      ref     FakeFS::File
-      ref     FakeFS::FileTest
-      import  FakeFS::FileUtils #import FileUtils because it is a module
-      
-      # this is basically what FakeFS.activate! does, but we want to do it in the sandbox
-      # so we have to live with this:
-      eval <<-RUBY
-        Object.class_eval do
-          remove_const(:Dir)
-          remove_const(:File)
-          remove_const(:FileTest)
-          remove_const(:FileUtils)
-      
-          const_set(:Dir,       FakeFS::Dir)
-          const_set(:File,      FakeFS::File)
-          const_set(:FileUtils, FakeFS::FileUtils)
-          const_set(:FileTest,  FakeFS::FileTest)
-        end
-
-        [Dir, File, FileUtils, FileTest].each do |fake_class|
-          fake_class.class_eval do
-            def self.class_eval 
-              raise NoMethodError, "class_eval is unavailable"
-            end
-            def self.instance_eval 
-              raise NoMethodError, "instance_eval is unavailable"
-            end
-          end
-        end
-      RUBY
-      
-      FakeFS::FileSystem.clear
-    end
-    
-    def eval(code, options={})
-      
-      if seconds = options[:timeout]
-        sandbox_timeout(code, seconds) do
-          super code
-        end
-      else
-        super code
-      end
-      
-    end
-    
-    private
-    
-    def sandbox_timeout(name, seconds)
-      val, exc = nil
-      
-      thread = Thread.start(name) do
-        begin
-          val = yield
-        rescue Exception => exc
-        end
-      end
-      
-      thread.join(seconds)
-    
-      if thread.alive?
-        if thread.respond_to? :kill!
-          thread.kill!
-        else
-          thread.kill
-        end
-      
-        timed_out = true
-      end
-    
-      if timed_out
-        raise TimeoutError, "#{self.class} timed out"
-      elsif exc
-        raise exc
-      else
-        val
-      end
-    end
-    
-    IO_S_METHODS = %w[
-      new
-      foreach
-      open
-    ]
-
-    KERNEL_S_METHODS = %w[
-      Array
-      binding
-      block_given?
-      catch
-      chomp
-      chomp!
-      chop
-      chop!
-      eval
-      fail
-      Float
-      format
-      global_variables
-      gsub
-      gsub!
-      Integer
-      iterator?
-      lambda
-      local_variables
-      loop
-      method_missing
-      proc
-      raise
-      scan
-      split
-      sprintf
-      String
-      sub
-      sub!
-      throw
-    ].freeze
-
-    SYMBOL_S_METHODS = %w[
-      all_symbols
-    ].freeze
-
-    STRING_S_METHODS = %w[
-      new
-    ].freeze
-
-    KERNEL_METHODS = %w[
-      ==
-      ===
-      =~
-      Array
-      binding
-      block_given?
-      catch
-      chomp
-      chomp!
-      chop
-      chop!
-      class
-      clone
-      dup
-      eql?
-      equal?
-      eval
-      fail
-      Float
-      format
-      freeze
-      frozen?
-      global_variables
-      gsub
-      gsub!
-      hash
-      id
-      initialize_copy
-      inspect
-      instance_eval
-      instance_of?
-      instance_variables
-      instance_variable_get
-      instance_variable_set
-      instance_variable_defined?
-      Integer
-      is_a?
-      iterator?
-      kind_of?
-      lambda
-      local_variables
-      loop
-      methods
-      method_missing
-      nil?
-      private_methods
-      print
-      proc
-      protected_methods
-      public_methods
-      raise
-      remove_instance_variable
-      respond_to?
-      respond_to_missing?
-      scan
-      send
-      singleton_methods
-      singleton_method_added
-      singleton_method_removed
-      singleton_method_undefined
-      split
-      sprintf
-      String
-      sub
-      sub!
-      taint
-      tainted?
-      throw
-      to_a
-      to_s
-      type
-      untaint
-      __send__
-    ].freeze
-
-    NILCLASS_METHODS = %w[
-      &
-      inspect
-      nil?
-      to_a
-      to_f
-      to_i
-      to_s
-      ^
-      |
-    ].freeze
-
-    SYMBOL_METHODS = %w[
-      ===
-      id2name
-      inspect
-      to_i
-      to_int
-      to_s
-      to_sym
-    ].freeze
-
-    TRUECLASS_METHODS = %w[
-      &
-      to_s
-      ^
-      |
-    ].freeze
-
-    FALSECLASS_METHODS = %w[
-      &
-      to_s
-      ^
-      |
-    ].freeze
-
-    ENUMERABLE_METHODS = %w[
-      all?
-      any?
-      collect
-      detect
-      each_with_index
-      entries
-      find
-      find_all
-      grep
-      include?
-      inject
-      map
-      max
-      member?
-      min
-      partition
-      reject
-      select
-      sort
-      sort_by
-      to_a
-      zip
-    ].freeze
-
-    STRING_METHODS = %w[
-      %
-      *
-      +
-      <<
-      <=>
-      ==
-      =~
-      capitalize
-      capitalize!
-      casecmp
-      center
-      chomp
-      chomp!
-      chop
-      chop!
-      concat
-      count
-      crypt
-      delete
-      delete!
-      downcase
-      downcase!
-      dump
-      each
-      each_byte
-      each_line
-      empty?
-      eql?
-      gsub
-      gsub!
-      hash
-      hex
-      include?
-      index
-      initialize
-      initialize_copy
-      insert
-      inspect
-      intern
-      length
-      ljust
-      lines
-      lstrip
-      lstrip!
-      match
-      next
-      next!
-      oct
-      replace
-      reverse
-      reverse!
-      rindex
-      rjust
-      rstrip
-      rstrip!
-      scan
-      size
-      slice
-      slice!
-      split
-      squeeze
-      squeeze!
-      strip
-      strip!
-      start_with?
-      sub
-      sub!
-      succ
-      succ!
-      sum
-      swapcase
-      swapcase!
-      to_f
-      to_i
-      to_s
-      to_str
-      to_sym
-      tr
-      tr!
-      tr_s
-      tr_s!
-      upcase
-      upcase!
-      upto
-      []
-      []=
-    ].freeze
-  end
 end