ndr_support 3.1.1

data/lib/ndr_support/ourtime.rb

@@ -0,0 +1,51 @@
+require 'active_support/time'
+require 'ndr_support/ourdate'
+
+# Convert a string into a time value (timestamp)
+# (helped by String.thetime)
+class Ourtime
+  attr_reader :thetime
+
+  def initialize(x = nil)
+    if x.is_a?(Time)
+      @thetime = x
+    elsif x.is_a?(Date)
+      @thetime = x.to_time
+    elsif x.is_a?(String)
+      self.source = x
+    else
+      @thetime = nil
+    end
+  end
+
+  def to_s
+    @thetime ? @thetime.to_time.to_s(:ui) : ''
+  end
+
+  def empty?
+    # An unspecified time will be empty. A valid or invalid time will not.
+    @thetime.nil? && @source.blank?
+  end
+
+  def source=(s)
+    begin
+      # Re-parse our own timestamps [+- seconds] without swapping month / day
+      @thetime = DateTime.strptime(s, '%d.%m.%Y %H:%M:%S').to_time
+    rescue ArgumentError
+      begin
+        @thetime = DateTime.strptime(s, '%d.%m.%Y %H:%M').to_time
+      rescue ArgumentError
+        @thetime = Time.parse(s)
+      end
+    end
+    # Apply timezone correction for daylight saving
+    if @thetime
+      @thetime = Ourdate.build_datetime(@thetime.year, @thetime.month,
+                                        @thetime.day, @thetime.hour,
+                                        @thetime.min, @thetime.sec,
+                                        @thetime.instance_of?(Time) ? @thetime.usec : 0).to_time
+    end
+  end
+
+  private :source=
+end

data/lib/ndr_support/regexp_range.rb

@@ -0,0 +1,65 @@
+# This class provides the ability to define a range using numbers or regular expressions
+# and when provided with an array, will return a normal ruby Range object based on the matching
+# elements in the array. NOTE this class is has the same attributes as Range and is identical
+# when serialized (except for the class declaration obviously), but it is NOT a substitute for
+# Range (only a facade).
+class RegexpRange
+  class PatternMatchError < StandardError
+  end
+
+  attr_reader :begin, :end, :excl
+
+  def initialize(range_start, range_end, exclusive = false)
+    @begin = range_start
+    @end = range_end
+    @excl = exclusive
+  end
+
+  def to_range(lines)
+    start_line_number = @begin
+    if start_line_number.is_a?(Regexp)
+      lines.each_with_index do |line, i|
+        if line.match(start_line_number)
+          start_line_number = i
+          break
+        end
+      end
+
+      if start_line_number.is_a?(Regexp)
+        fail PatternMatchError, "begin pattern #{start_line_number.inspect} not found"
+      end
+    end
+
+    end_line_number = @end
+    if end_line_number.is_a?(Regexp)
+      start_scan_line = start_line_number + 1
+      lines[start_scan_line..-1].each_with_index do |line, i|
+        # puts "##{start_scan_line + i}: #{line}"
+        if line.match(end_line_number)
+          end_line_number = start_scan_line + i
+          break
+        end
+      end
+      if end_line_number.is_a?(Regexp)
+        fail PatternMatchError,
+             "end pattern #{end_line_number.inspect} not found on or after line #{start_scan_line}"
+      end
+    end
+
+    Range.new(start_line_number, end_line_number, @excl)
+  end
+
+  # `other` is equal to self if it is a RegexpRange with the same state.
+  def ==(other)
+    other.is_a?(RegexpRange) && other.state == state
+  end
+  alias_method :eql?, :==
+
+  protected
+
+  # Used by other RegexpRange objects, as well as Hashes, during equality checks:
+  def state
+    [@begin, @end, @excl]
+  end
+  delegate :hash, :to => :state # Used for Hash key lookup
+end

data/lib/ndr_support/safe_file.rb

@@ -0,0 +1,185 @@
+class SafeFile
+  def initialize(*args)
+    a = self.class.get_fname_mode_prms(*args)
+    fname = a[0]
+    mode = a[1]
+    prms = a[2]
+
+    if prms
+      @file = File.new(fname, mode, prms)
+    else
+      @file = File.new(fname, mode)
+    end
+
+    # Just in case better clone the object
+    # Ruby object are passed by reference
+    @file_name = fname.clone
+  end
+
+  def self.open(*args)
+    return SafeFile.new(*args) unless block_given?
+
+    f = SafeFile.new(*args)
+    yield f
+    f.close
+  end
+
+  def close
+    @file.close
+  end
+
+  def read
+    verify @file_name, 'r'
+    @file.read
+  end
+
+  def write(data)
+    verify @file_name, 'w'
+    @file.write(data)
+  end
+
+  def path
+    @file_name.clone
+  end
+
+  def self.extname(file_name)
+    verify file_name
+    File.extname(file_name)
+  end
+
+  def self.read(file_name)
+    verify file_name, 'r'
+    File.read(file_name)
+  end
+
+  def self.readlines(*args)
+    fail ArgumentError, "Incorrect number of arguments - #{args.length}" if args.length > 2 or args.length == 0
+    verify args[0], 'r'
+    File.readlines(*args)
+  end
+
+  def self.directory?(file_name)
+    verify file_name
+    File.directory?(file_name)
+  end
+
+  def self.exist?(file_name)
+    self.exists?(file_name)
+  end
+
+  def self.exists?(file_name)
+    verify file_name
+    File.exist?(file_name)
+  end
+
+  def self.file?(file_name)
+    verify file_name
+    File.file?(file_name)
+  end
+
+  def self.zero?(file_name)
+    verify file_name
+    File.zero?(file_name)
+  end
+
+  def self.basename(file_name, suffix = :none)
+    verify file_name
+    if suffix == :none
+      File.basename(file_name)
+    else
+      File.basename(file_name, suffix)
+    end
+  end
+
+  def self.safepath_to_string(fname)
+    verify fname
+    fname.to_s
+  end
+
+  def self.basename_file
+    # SECURE: 02-08-2012 TPG Can't assign to __FILE__
+    File.basename(__FILE__)
+  end
+
+  def self.dirname(path)
+    verify path
+    res = path.clone
+    res.path = File.dirname(path)
+    res
+  end
+
+  def self.delete(*list)
+    verify list, 'w'
+
+    list.each do |file|
+      File.delete(file) if File.exist?(file)
+    end.length
+  end
+
+  private
+
+  def verify(file_names, prm = nil)
+    self.class.verify(file_names, prm)
+  end
+
+  def self.verify(file_names, prm = nil)
+    [file_names].flatten.each do |file_name|
+      fail ArgumentError, "file_name should be of type SafePath, but it is #{file_name.class}" unless file_name.class == SafePath
+
+      if prm
+        [prm].flatten.each do |p|
+          fail SecurityError, "Permissions denied. Cannot access the file #{file_name} with permissions #{prm}. The permissions are #{file_name.permissions}" unless file_name.permissions.include?(p)
+        end
+      end
+    end
+  end
+
+  def self.verify_mode(file_name, mode)
+    if mode.match(/\A(r\+)|(w\+)|(a\+)\Z/)
+      verify file_name, ['w', 'r']
+    elsif mode.match(/\Aw|a\Z/)
+      verify file_name, ['w']
+    elsif mode.match(/\Ar\Z/)
+      verify file_name, ['r']
+    else
+      fail ArgumentError, "Incorrect mode. It should be one of: 'r', 'w', 'r+', 'w+', 'a', 'a+'"
+    end
+  end
+
+  def self.get_fname_mode_prms(*args)
+    case args.length
+    when 1
+      verify_mode(args[0], 'r')
+      fname = args[0]
+      mode = 'r'
+      prms = nil
+
+    when 2
+      fail ArgimentError if args[1].class != Fixnum and args[1].class != String
+
+      if args[1].class == Fixnum
+        verify_mode(args[0], 'r')
+        mode = 'r'
+        prms = args[1]
+      else
+        verify_mode(args[0], args[1])
+        mode = args[1]
+        prms = nil
+      end
+
+      fname = args[0]
+
+    when 3
+      fail ArgimentError if args[1].class != String or args[2].class != Fixnum
+      verify_mode(args[0], args[1])
+
+      fname = args[0]
+      mode = args[1]
+      prms = args[2]
+    else
+      fail ArgumentError, "Incorrect number of arguments #{args.length}"
+    end
+
+    [fname, mode, prms]
+  end
+end

data/lib/ndr_support/safe_path.rb

@@ -0,0 +1,268 @@
+require 'erb'
+
+# Ruby has a built-in SecurityError class
+#class SecurityError < StandardError
+#end
+
+# = SafePath
+#
+# SafePath is a class which contains path to a file or directory. It also holds "path space" and
+# permissions. The path space is a directory. Everything in this directory and all the
+# subdirectories can be accessed with the permissions given to the constructor. The instance of
+# the class checks whether the path constructed points to a directory, whcih is in the
+# "path space". The idea is to limit the access of the program to given directory.
+#
+# Example of usage is :
+#   sp = SafePath("dbs_inbox")
+#
+# The root directory of the pathspace is in the file config/filesystem_paths.yml . In this case dbs_inbox has root
+# /mounts/ron/dbs_inbox . Every path which starts with /mount/ron/dbs_inbox is considered as safe. If a path is constructed
+# which is /mounts/ron/dbs_inbox/../../../etc/passwd for example then the class will evaluate the path and it will
+# raise exception SecurityError.
+#
+# The paths can be constructed by using +, join or join!.
+# Example:
+#   This:
+#     sp = SafePath("dbs_inbox")
+#     sp + "/my_dir"
+#   Points to:
+#     /mounts/ron/dbs_inbox/my_dir
+#
+#
+# The functions join and join! work in similar way. The difference between
+# join and join! is that join creates new instance of the class SafePath and
+# return it and join! doesn't create new instance, but works in-place and after
+# that it returns reference to the current instance.
+# The both operators can be used like that:
+#   sp.join("/my_dir")  #this is the same as sp + "my_dir"
+#   sp.join!("/my_dir") #this is NOT the same as sp "my_dir"
+#
+# Warning the function sp.path = "some_path" will treat some_path as absolute path
+# and if it doesn't point to the root it will raise exception. The danger is that
+# it returns the argument on the right hand side. So if it is a string the operator
+# will return a string. This is the way ruby works. If it is used properly it shouldn't
+# be a problem. The best way to use it is:
+#   sp.path = sp.root + "my_dir"
+# sp.root returns SafePath and after that + is called which also returns SafePath. So the
+# right hand side of the expression is SafePath and the = will return SafePath.
+#
+class SafePath
+
+  # Returns the list of safe 'root' filesystem locations, or raises
+  # a SecurityError if no configuration has been provided.
+  def self.fs_paths
+    if defined?(@@fs_paths)
+      @@fs_paths
+    else
+      fail SecurityError, 'SafePath not configured!'
+    end
+  end
+
+  # Takes the path the filesystem_paths.yml file that
+  # should be used. Attempting to reconfigure with
+  # new settings will raise a security error.
+  def self.configure!(filepath)
+    if defined?(@@fs_paths)
+      fail SecurityError, 'Attempt to re-assign SafePath config!'
+    else
+      File.open(filepath, 'r') do |file|
+        @@fs_paths = YAML.load(ERB.new(file.read).result)
+        @@fs_paths.freeze
+      end
+    end
+  end
+
+  # Takes:
+  #   * path - This is a path to a directory. Usually a string.
+  #   * path_space - This is identifier of the path space in whichi the system should work.
+  #     it is a string. To find list of path spaces with their roots, please
+  #     see config/filesystem_paths.yml
+  #
+  #  Raises:
+  #    * ArgumentError
+  #    * SecurityError
+  #
+  def initialize(path_space, root_suffix = '')
+    # The class has to use different path definitions during test
+
+    fs_paths = self.class.fs_paths
+
+    platform = fs_paths.keys.select do |key|
+      RUBY_PLATFORM.match key
+    end[0]
+
+    root_path_regexp = if platform == /mswin32|mingw32/
+                        /\A([A-Z]:[\\\/]|\/\/)/
+                       else
+                        /\A\//
+                       end
+
+    fail ArgumentError, "The space #{path_space} doesn't exist. Please choose one of: #{fs_paths[platform].keys.inspect}" unless fs_paths[platform][path_space]
+    fail ArgumentError, "The space #{path_space} is broken. The root path should be absolute path but it was #{fs_paths[platform][path_space]['root']}" unless fs_paths[platform][path_space]['root'].match(root_path_regexp)
+    fail ArgumentError, "The space #{path_space} is broken. No permissions specified}" unless fs_paths[platform][path_space]['prms']
+
+    # The function verify uses @root. Therefore first assign the root path
+    # specified in the yaml file. After that verify that the root path
+    # specified from the contructor is subpath of the path specified in the
+    # yaml file. If it is not raise exception before anything else is done.
+    #
+    # The reason to assign @root 2 times is that it is better to have the
+    # logic verifing the path in only one function. This way it is going
+    # to be easier to maintain it and keep it secure.
+    #
+
+    @root = File.expand_path fs_paths[platform][path_space]['root']
+    @root = verify(File.join(fs_paths[platform][path_space]['root'], root_suffix)) unless root_suffix.blank?
+
+    @path_space = path_space
+    @maximum_prms = fs_paths[platform][path_space]['prms']
+
+    self.path = @root
+  end
+
+  def ==(other)
+    other.class == SafePath and other.root.to_s == @root and other.permissions == self.permissions and other.to_s == self.to_s
+  end
+
+  # WARNING: do not use sp.to_s + from_attacker . This is unsafe!
+  #
+  # Returns:
+  #   String
+  #
+  def to_s
+    @path
+  end
+
+  # WARNING: do not use s.to_s + "my_path" . This is unsafe!
+  #
+  #  Returns:
+  #    String
+  #
+  def to_str
+    self.to_s
+  end
+
+  # Getter for permissions.
+  #
+  # Returns:
+  #   Array
+  def permissions
+    if @prm
+      @prm
+    else
+      @maximum_prms
+    end
+  end
+
+  # Getter for path space identifier.
+  #
+  # Returns:
+  #   Array
+  #
+  def path_space
+    @path_space
+  end
+
+  # Getter for the root of the path space.
+  #
+  # Returns:
+  #   SafePath
+  #
+  def root
+    r = self.clone
+    r.path = @root
+    r.permissions = self.permissions
+    r
+  end
+
+  # The permissions are specified in the yml file, but this function
+  # can select subset of these permissions. It cannot select permission,
+  # which is not specified in the yml file.
+  #
+  # Takes:
+  #   * Array of permission or single permission - If it is array then
+  #     tha array could contain duplicates and it also can be nested.
+  #     All the duplicates will be removed and the array will be flattened
+  #
+  # Returns:
+  #   Array - this is the reuslt of the assignment. Note it is the right hand side of the expression
+  #
+  # Raises:
+  #   * ArgumentError
+  #
+  def permissions=(permissions)
+    err_mess = "permissions has to be one or more of the values: #{@maximum_prms.inspect}\n but it was #{permissions.inspect}"
+
+    @prm = [permissions].flatten.each do |prm|
+      fail ArgumentError, err_mess unless @maximum_prms.include?(prm)
+    end.uniq
+  end
+
+  # Setter for path.
+  #
+  # Takes:
+  #   * path - The path.
+  #
+  # Returns:
+  #   Array - this is the result of the assignment. Note it is the right hand side of the expression
+  #
+  # Raises:
+  #   * SecurityError
+  #
+  # Warning avoid using this in expressions like this (safe_path_new = (safe_path.path = safe_path.root.to_s + "/test")) + path_from_attacker
+  # This is unsafe!
+  #
+  def path=(path)
+    @path = verify(path)
+    self
+  end
+
+  # Another name for join
+  def +(path)
+    self.join(path)
+  end
+
+  # Used to construct path. It joins the current path with the given one.
+  # Takes:
+  #   * path - path to be concatenated
+  #
+  # Returns:
+  #   New instance of SafePath which contains the new path.
+  #
+  # Raises:
+  #   * SecurityError
+  #
+  def join(path)
+    r = self.clone
+    r.path = File.join(@path, path)
+    r
+  end
+
+  # Used to construct path. It joins the current path with the given one.
+  # Takes:
+  #   * path - path to be concatenated
+  #
+  # Returns:
+  #   Reference to the current instance. It works in-place
+  #
+  # Raises:
+  #   * SecurityError
+  #
+  def join!(path)
+    self.path = File.join(@path, path)
+    self
+  end
+
+  def length()
+    @path.length
+  end
+
+  private
+
+  # Verifies whether the path is safe.
+  def verify(path)
+    epath = File.expand_path(path)
+    fail SecurityError, "The given path is insecure. The path should point at #{@root}, but it points at #{epath}" unless epath.match(/\A#{Regexp.quote(@root)}/)
+    epath
+  end
+end