police-dataflow 0.0.1 → 0.0.2

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    Mjg4ZTczMTliM2Q2MjdmMWQzNDlmNWM0MDExZDRjOWQ4OWY5MzUwMQ==
+  data.tar.gz: !binary |-
+    MTU2OWU0NTUzYzFiOWMwYTUwM2FiZjM1OTg1MmIwNDUyZGNiZGQwMg==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    NDQ5MDRlZTVlOTgxNWI1MzIzNTI3MzNlZTE5NTlmZjZhMWZjNDBjZTBkNTRj
+    N2QwMDhjNmJmODM0YjdiYjM3YjVhNWM2YTcwNmY5NDhhNTcxNTRhYmM0ZjAw
+    ZjljM2IxNWQyYjA3ZTQzNDM2YjNmNjc4NjJhNjQ5MzU2NDZjNjU=
+  data.tar.gz: !binary |-
+    MDEzNWQ5ZmEyYTJjYjQzOWJlNzE0Yjk2MThhMDFhMjZlOWQwNjMwOTI3NWMy
+    MDYzN2U2YmFmNjI4NDRjNTNhM2RkOWFlNmZiMDM1ZjYwNjFkYWZmMTRkYjA3
+    NTc4NzdjZDE4OGVjY2Y4YTE4YTM4ZTY0NDdmNjAxYTVlMjAwMDI=

data/Gemfile

@@ -1,10 +1,11 @@
-source :rubygems
+source 'https://rubygems.org'
+
+gem 'police-vminfo', '>= 0.0.2', path: '../police-vminfo'
 
 group :development do
-  gem 'bundler', '>= 1.1.0'
-  gem 'jeweler', '>= 1.8.3'
-  gem 'minitest', '>= 2.11.2'
-  gem 'rdoc', '>= 3.12'
-  gem 'simplecov', '>= 0.6.1'
-  gem 'yard', '>= 0.7'
+  gem 'bundler', '>= 1.3.5'
+  gem 'jeweler', '>= 1.8.7'
+  gem 'minitest', '>= 5.0.7'
+  gem 'simplecov', '>= 0.7.1'
+  gem 'yard', '>= 0.8.7.1'
 end

data/Gemfile.lock

@@ -1,31 +1,70 @@
+PATH
+  remote: ../police-vminfo
+  specs:
+    police-vminfo (0.0.4)
+
 GEM
-  remote: http://rubygems.org/
+  remote: https://rubygems.org/
   specs:
-    git (1.2.5)
-    jeweler (1.8.3)
+    addressable (2.3.5)
+    builder (3.2.2)
+    faraday (0.8.8)
+      multipart-post (~> 1.2.0)
+    git (1.2.6)
+    github_api (0.10.1)
+      addressable
+      faraday (~> 0.8.1)
+      hashie (>= 1.2)
+      multi_json (~> 1.4)
+      nokogiri (~> 1.5.2)
+      oauth2
+    hashie (2.0.5)
+    highline (1.6.19)
+    httpauth (0.2.0)
+    jeweler (1.8.7)
+      builder
       bundler (~> 1.0)
       git (>= 1.2.5)
+      github_api (= 0.10.1)
+      highline (>= 1.6.15)
+      nokogiri (= 1.5.10)
       rake
       rdoc
-    json (1.6.6)
-    minitest (2.11.4)
-    multi_json (1.2.0)
-    rake (0.9.2.2)
-    rdoc (3.12)
+    json (1.8.0)
+    json (1.8.0-java)
+    jwt (0.1.8)
+      multi_json (>= 1.5)
+    minitest (5.0.7)
+    multi_json (1.7.3)
+    multi_xml (0.5.5)
+    multipart-post (1.2.0)
+    nokogiri (1.5.10)
+    nokogiri (1.5.10-java)
+    oauth2 (0.9.2)
+      faraday (~> 0.8)
+      httpauth (~> 0.2)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    rack (1.5.2)
+    rake (10.1.0)
+    rdoc (4.0.1)
       json (~> 1.4)
-    simplecov (0.6.1)
+    simplecov (0.7.1)
       multi_json (~> 1.0)
-      simplecov-html (~> 0.5.3)
-    simplecov-html (0.5.3)
-    yard (0.7.5)
+      simplecov-html (~> 0.7.1)
+    simplecov-html (0.7.1)
+    yard (0.8.7.1)
 
 PLATFORMS
+  java
   ruby
 
 DEPENDENCIES
-  bundler (>= 1.1.0)
-  jeweler (>= 1.8.3)
-  minitest (>= 2.11.2)
-  rdoc (>= 3.12)
-  simplecov (>= 0.6.1)
-  yard (>= 0.7)
+  bundler (>= 1.3.5)
+  jeweler (>= 1.8.7)
+  minitest (>= 5.0.7)
+  police-vminfo (>= 0.0.2)!
+  simplecov (>= 0.7.1)
+  yard (>= 0.8.7.1)

data/Rakefile

@@ -36,3 +36,5 @@ task :default => :test
 
 require 'yard'
 YARD::Rake::YardocTask.new
+
+Dir.glob('tasks/**/*.rake').each { |r| import r }

data/VERSION

@@ -1 +1 @@
-0.0.1
+0.0.2

data/lib/police/dataflow.rb

@@ -8,9 +8,10 @@ end  # namespace Police
 
 
 require 'police/dataflow/core_extensions.rb'
-require 'police/dataflow/guarding.rb'
+require 'police/dataflow/gating.rb'
 require 'police/dataflow/label.rb'
 require 'police/dataflow/labeling.rb'
 require 'police/dataflow/proxies.rb'
 require 'police/dataflow/proxy_base.rb'
+require 'police/dataflow/proxy_numeric.rb'
 require 'police/dataflow/proxying.rb'

data/lib/police/dataflow/core_extensions.rb

@@ -1,12 +1,26 @@
 # @private
-# The methods below are used by the Police::Dataflow implementation, and
+# The methods below are used by the {Police::DataFlow} implementation, and
 # should not be called directly.
-class Object
-  # Counterpart to the Police::DataFlow::ProxyBase#__police_labels__ attribute.
+class BasicObject
+  # Counterpart to the {Police::DataFlow::ProxyBase#__police_labels__} getter.
   #
-  # @return [NilClass] nil, to help the Police::DataFlow implementation
+  # @private
+  # Use the {Police::DataFlow} API instead of reading this directly.
+  #
+  # @return [NilClass] nil, to help the {Police::DataFlow} implementation
   #     distinguish between "real" objects and label-carrying proxies
   def __police_labels__
     nil
   end
+
+  # Counterpart to {Police::DataFlow::ProxyBase#__police_stickies__}.
+  #
+  # @private
+  # Use the {Police::DataFlow} API instead of reading this directly.
+  #
+  # @return [NilClass] nil, to help the {Police::DataFlow} implementation
+  #     distinguish between "real" objects and label-carrying proxies
+  def __police_stickies__
+    nil
+  end
 end

data/lib/police/dataflow/gate_profiles/ruby1.9.3

@@ -0,0 +1,167 @@
+---
+:core:
+- Array
+- BasicObject
+- Bignum
+- Binding
+- Class
+- Comparable
+- Complex
+- Dir
+- Encoding
+- Encoding::Converter
+- Enumerable
+- Enumerator
+- Enumerator::Yielder
+- Exception
+- FalseClass
+- Fiber
+- File
+- File::Stat
+- FileTest
+- Fixnum
+- Float
+- GC
+- GC::Profiler
+- Hash
+- IO
+- Integer
+- Kernel
+- Marshal
+- MatchData
+- Math
+- Method
+- Module
+- Mutex
+- NilClass
+- Numeric
+- ObjectSpace
+- Proc
+- Process
+- Process::GID
+- Process::Status
+- Process::Sys
+- Process::UID
+- Random
+- Range
+- Rational
+- Regexp
+- RubyVM::InstructionSequence
+- Signal
+- String
+- Struct
+- Struct::Tms
+- Symbol
+- SystemCallError
+- Thread
+- ThreadGroup
+- Time
+- TrueClass
+- UnboundMethod
+:class:
+  Array:
+  - :[]
+  - :try_convert
+  File:
+  - :absolute_path
+  - :basename
+  - :dirname
+  - :extname
+  - :fnmatch
+  - :ftype
+  - :join
+  - :path
+  - :readlink
+  - :realdirpath
+  - :realpath
+  - :split
+  - :stat
+  - :symlink
+  - :truncate
+  - :unlink
+  Regexp:
+  - :compile
+  - :escape
+  - :last_match
+  - :quote
+  - :try_convert
+  - :union
+  String:
+  - :try_convert
+  Struct:
+  - :new
+:instance:
+  Array:
+  - :&
+  - :*
+  - :+
+  - :-
+  - :<<
+  - :<=>
+  - :==
+  - :[]
+  - :[]=
+  - :assoc
+  - :combination
+  - :concat
+  - :cycle
+  - :fill
+  - :find_index
+  - :first
+  - :flatten
+  - :flatten!
+  - :include?
+  - :insert
+  - :join
+  - :last
+  - :pack
+  - :permutation
+  - :pop
+  - :product
+  - :push
+  - :rassoc
+  - :repeated_combination
+  - :repeated_permutation
+  - :replace
+  - :sample
+  - :shift
+  - :take
+  - :unshift
+  - :values_at
+  - :zip
+  - :|
+  Encoding:
+  - :_dump
+  - :replicate
+  Encoding::Converter:
+  - :convert
+  - :insert_output
+  - :primitive_convert
+  - :putback
+  Hash:
+  - :member?
+  - :merge
+  - :merge!
+  Regexp:
+  - :match
+  String:
+  - :%
+  - :+
+  - :<<
+  - :concat
+  - :gsub
+  - :gsub!
+  - :insert
+  - :match
+  - :prepend
+  - :replace
+  - :scan
+  - :squeeze
+  - :squeeze!
+  - :sub
+  - :sub!
+  - :sum
+  - :tr
+  - :tr!
+  - :tr_s
+  - :tr_s!

data/lib/police/dataflow/gating.rb

@@ -0,0 +1,70 @@
+require 'set'
+
+module Police
+
+module DataFlow
+  # Sets up label-propagating gates around all the native methods in the VM.
+  #
+  # This method is idempotent, so it is safe to call it multiple times.
+  def self.setup_gates
+
+  end
+
+# Gating logic.
+module Gating
+  # Sets up label-propagating gates around all the native methods in the VM.
+  #
+  # This method is idempotent, so it is safe to call it multiple times.
+  def self.setup_gates
+    return if @gates_set
+    setup_gates!
+    @gates_set = true
+  end
+  @gates_set = false
+
+  # Sets up label-propagating gates around all the native methods in Ruby.
+  #
+  # @private
+  # Call setup_gates instead of calling this method directly.
+  def self.setup_gates!
+    Police::VmInfo.named_modules do |module_object|
+      Police::VmInfo.class_methods(module_object).each do |method|
+        next unless Police::VmInfo.method_source(method) == :native
+        gate_class_method module_object, method
+      end
+      Police::VmInfo.instance_methods(module_object).each do |method|
+        next unless Police::VmInfo.method_source(method) == :native
+        gate_instance_method module_object, method
+      end
+    end
+  end
+
+  # Sets up a label-propagating gate around a native method.
+  #
+  # @param {Module} module_object the Ruby module that owns (declared) the
+  #     method that will be gated
+  # @param {Method, UnboundMethod} method the method that will be gated
+  def self.gate_class_method(module_object, method)
+    gate_instance_method module_object.singleton_class, method
+  end
+
+  # Sets up a label-propagating gate around a native method.
+  #
+  # @param {Module} module_object the Ruby module that owns (declareD) the
+  #     method that will be gated
+  # @param {Method, UnboundMethod} method the method that will be gated
+  def self.gate_instance_method(module_object, method)
+    alias_name = :"__police_gated__#{method.name}"
+    if module_object.public_method_defined?(alias_name) ||
+        module_object.private_method_defined?(alias_name) ||
+        module_object.protected_method_defined?(alias_name)
+      raise RuntimeError, "#{method.inspect} was already gated"
+    end
+
+    # TODO(pwnall): finish this code
+  end
+end  # namespace Police::DataFlow::Guarding
+
+end  # namespace Police::DataFlow
+
+end  # namespace Police

data/lib/police/dataflow/label.rb

@@ -6,31 +6,36 @@ module DataFlow
 class Label
   # True for labels that automatically propagate across operations.
   #
-  # Labels that indicate privacy auto-flow. For example, an auto-generated
-  # message that contains a user's phone number is just as sensitive as the
-  # phone number.
-  # 
-  # Labels that indicate sanitization do not auto-flow. For example, a substring
-  # of an HTML-sanitized string is not necessarily HTML-sanitized.
+  # This method's return value is used for methods where the label does not
+  # provide a hook. When present, hooks are responsible for label propagation.
+  #
+  # Labels that indicate privacy should be sticky. For example, an
+  # auto-generated message that contains a user's phone number is just as
+  # sensitive as the phone number.
+  #
+  # Labels that indicate sanitization should not be sticky. For example, a
+  # substring of an HTML-sanitized string is not necessarily HTML-sanitized.
   #
   # @return [Boolean] if true, the label will be automatically added to objects
-  #     whose value is likely to be derived from other labeled objects
-  def self.autoflow?
+  #     whose value is likely to be derived from other labeled objects; the
+  #     return value for a given method name should always be the same
+  def self.sticky?
     true
   end
-  
+
   # Label method changing the return value of a method in a labeled object.
   #
   # @param [Symbol] method_name the name of the method that will be decorated
   #     by the label
   # @return [Symbol, NilClass] the name of a label instance method that will
-  #     be given a chance to label the decorated method's return value
+  #     be given a chance to label the decorated method's return value; the
+  #     return value for a given method name should always be the same
   #
   # @see Police::DataFlow::Label.sample_return_hook
   def self.return_hook(method_name)
     :sample_return_hook
   end
-  
+
   # Label method changing the values yielded by a method in a labeled object.
   #
   # @param [Symbol] method_name the name of the method that will be decorated
@@ -43,7 +48,7 @@ class Label
   def self.yield_args_hook(method_name)
     :sample_yield_args_hook
   end
-  
+
   # Hook that can label a decorated method's return value.
   #
   # @param [Object] value the decorated method's return value; if a method is
@@ -52,7 +57,7 @@ class Label
   # @param [Object] receiver the object that the decorated method was called on
   # @param [Array] args the arguments passed to the decorated method
   # @return [Object] either the un-modified value argument, or the return value
-  #     of calling Police::Dataflow.label on the value argument
+  #     of calling {Police::DataFlow.label} on the value argument
   def sample_return_hook(value, receiver, *args)
     Police::DataFlow.label value, self
   end
@@ -62,7 +67,7 @@ class Label
   # @param [Object] receiver the object that the decorated method was called on
   # @param [Array] yield_args the arguments yielded by the decorated method to
   #     its block; the array's elements can be replaced with the return values
-  #     of calling Police::DataFlow.label on them; if a method is
+  #     of calling {Police::DataFlow.label} on them; if a method is
   #     decorated by multiple labels, the values might be already labeled by
   #     another label's yield values hook
   # @param [Array] args the arguments passed to the decorated method