RubyGems - kobako - Versions diffs - 0.9.0 → 0.9.1 - Mend

kobako 0.9.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.release-please-manifest.json +1 -1
data/CHANGELOG.md +7 -0
data/Cargo.lock +1 -1
data/ext/kobako/Cargo.toml +1 -1
data/lib/kobako/transport/dispatcher.rb +32 -2
data/lib/kobako/version.rb +1 -1
data/release-please-config.json +2 -1
data/sig/kobako/transport/dispatcher.rbs +4 -0
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 77815cccc84108dd3ece9b1571ecaa2b089867bf7b9ac395e561c940300c78fb
-  data.tar.gz: 49199331280ce4f7324039be281dd4cdfcedfaa03ece5141e56b70c24895f6de
+  metadata.gz: f2af9677bcec2d298db05d1259360b9589ac7726d855157dbbfd0be0ca666472
+  data.tar.gz: 5ed589a7b179274650d04280d9f84456873ec6fbab46166e85974a3d92d9ab9d
 SHA512:
-  metadata.gz: b812aea26a6c6196fcd5dbb54b38d20d38e23577b0374fb89c620c725281dc569c3ef9dd44e2383842afc37dd2db0614601b0ba8c08d423338c38f1c511966f0
-  data.tar.gz: a55933ff5d6e425b6f98be8d2d57adcf733097a74a3524fd086005f463ba4372e0a3ced4cf2ce783e4049b3e2f7a7364baa090d76d70781cba8857334e230963
+  metadata.gz: 59c775f5aacdf0b81a8f00970385974d2e7173b356d9886bd7e173f006a668449eb1672833b222129a227a5f4a3746b92d1fece7b44265eba44963414406b8d2
+  data.tar.gz: d902273d0c0df298c41e6be747d692ba8ceec86f564c81cd81347a75bf2a78b2fc35cfd73ccbd44696cabcff01cfdcf76d7260ba99cd2f194a1400cdbe4e88df

data/.release-please-manifest.json CHANGED Viewed

	@@ -1 +1 @@
1	- {".":"0.9.0","wasm/kobako-core":"0.4.0","wasm/kobako":"0.4.0","wasm/kobako-io":"0.4.0","wasm/kobako-regexp":"0.4.0"}
1	+ {".":"0.9.1","wasm/kobako-core":"0.4.0","wasm/kobako":"0.4.0","wasm/kobako-io":"0.4.0","wasm/kobako-regexp":"0.4.0"}

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,12 @@
 # Changelog
+## [0.9.1](https://github.com/elct9620/kobako/compare/v0.9.0...v0.9.1) (2026-06-11)
+### Bug Fixes
+* **transport:** block ambient reflection in guest dispatch (GHSA-7pwq-q9jf-539h) ([dd08166](https://github.com/elct9620/kobako/commit/dd081665f368f7ba54e476c3ad045ee1aa8ed703))
 ## [0.9.0](https://github.com/elct9620/kobako/compare/v0.8.0...v0.9.0) (2026-06-10)

data/Cargo.lock CHANGED Viewed

@@ -878,7 +878,7 @@ dependencies = [
 [[package]]
 name = "kobako"
-version = "0.9.0"
+version = "0.9.1"
 dependencies = [
  "magnus",
  "wasmtime",

data/ext/kobako/Cargo.toml CHANGED Viewed

@@ -1,6 +1,6 @@
 [package]
 name = "kobako"
-version = "0.9.0"
+version = "0.9.1"
 edition = "2021"
 authors = ["Aotokitsuruya <contact@aotoki.me>"]
 license = "Apache-2.0"

data/lib/kobako/transport/dispatcher.rb CHANGED Viewed

@@ -42,6 +42,17 @@ module Kobako
       # ({docs/behavior.md E-12}[link:../../../docs/behavior.md]).
       class UndefinedTargetError < StandardError; end
+      # Modules whose instance methods are ambient Ruby reflection /
+      # metaprogramming surface (+send+, +public_send+, +instance_eval+,
+      # +method+, +tap+, +instance_variable_get+, ...) rather than Service
+      # behaviour. A guest-supplied method name resolving to one of these is
+      # rejected: the security contract is that only methods the bound object
+      # itself defines are reachable, and +public_send(:send, ...)+ would
+      # otherwise let a guest pivot through +send+ into the private
+      # +Kernel#eval+ / +#system+ surface (host RCE).
+      META_OWNERS = [BasicObject, Kernel, Object, Module, Class].freeze
+      private_constant :META_OWNERS
       # Dispatch a single transport request and return the encoded
       # Response bytes ({docs/behavior.md B-12}[link:../../../docs/behavior.md]).
       # Invoked from the +Runtime#on_dispatch+ Proc that
@@ -109,14 +120,33 @@ module Kobako
       # so the same call site handles both cases without an explicit
       # conditional.
       def invoke(target, method, args, kwargs, yielder = nil)
+        name = method.to_sym
+        reject_meta_method!(target, name)
         block = yielder&.to_proc
         if kwargs.empty?
-          target.public_send(method.to_sym, *args, &block)
+          target.public_send(name, *args, &block)
         else
-          target.public_send(method.to_sym, *args, **kwargs, &block)
+          target.public_send(name, *args, **kwargs, &block)
         end
       end
+      # Guard the +public_send+ below against ambient reflection methods
+      # (see {META_OWNERS}). A concretely-defined public method whose owner
+      # is a meta module is rejected; a name with no concrete public method
+      # is allowed only when the target opts into it via +respond_to?+
+      # (dynamic +method_missing+ Services), since the dangerous meta methods
+      # are all concretely defined and therefore never reach that branch.
+      def reject_meta_method!(target, name)
+        owner = target.public_method(name).owner
+        return unless META_OWNERS.include?(owner)
+        raise UndefinedTargetError, "method #{name.inspect} is not a Service method"
+      rescue NameError
+        return if target.respond_to?(name)
+        raise UndefinedTargetError, "no public method #{name.inspect} on target"
+      end
       # {docs/behavior.md B-16}[link:../../../docs/behavior.md] — A Kobako::Handle arriving as a positional or keyword
       # argument identifies a host-side object previously allocated by a prior
       # transport call's Handle wrap (B-14). Resolve it back to the Ruby object before

data/lib/kobako/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Kobako
-  VERSION = "0.9.0"
+  VERSION = "0.9.1"
 end

data/release-please-config.json CHANGED Viewed

@@ -7,7 +7,8 @@
       "component": "kobako",
       "include-component-in-tag": false,
       "release-type": "ruby",
-      "exclude-paths": ["wasm"]
+      "exclude-paths": ["wasm"],
+      "release-as": "0.9.1"
     },
     "wasm/kobako-core": {
       "component": "kobako-core",

data/sig/kobako/transport/dispatcher.rbs CHANGED Viewed

@@ -6,6 +6,8 @@ module Kobako
       BREAK_THROW: Symbol
+      META_OWNERS: Array[Module]
       def self?.dispatch: (String request_bytes, Kobako::Catalog::Namespaces namespaces, Kobako::Catalog::Handles handler, ^(String) -> String yield_to_guest) -> String
       def self?.resolve_call_args: (Kobako::Transport::Request request, Kobako::Catalog::Handles handler) -> [Array[untyped], Hash[Symbol, untyped]]
@@ -14,6 +16,8 @@ module Kobako
       def self?.invoke: (untyped target, String method, Array[untyped] args, Hash[Symbol, untyped] kwargs, ?Kobako::Transport::Yielder? yielder) -> untyped
+      def self?.reject_meta_method!: (untyped target, Symbol name) -> void
       def self?.resolve_arg: (untyped value, Kobako::Catalog::Handles handler) -> untyped
       def self?.resolve_target: (String | Kobako::Handle target, Kobako::Catalog::Namespaces namespaces, Kobako::Catalog::Handles handler) -> untyped

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kobako
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.9.1
 platform: ruby
 authors:
 - Aotokitsuruya