RubyGems - ruby-stemp - Versions diffs - 1.0 - Mend

ruby-stemp 1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/README ADDED Viewed

@@ -0,0 +1,36 @@
+STemp - Secure tempfile extension for Ruby
+Pure Ruby tempfile implementations appear to suffer from well-known race
+conditions. The 'mkstemp' family of functions now popular on Linux & *BSD
+attempt to work around these issues. This module makes them available to
+Ruby programmers on platforms where they are present.
+Note that you should set your +umask+ appropriately when using this library:
+not all implementations of these functions use a reasonable file creation mask
+by default.
+Author:: Cian Synnott <cian@gmail.com>
+Copyright:: Copyright (c) 2006 Cian Synnott
+License:: MIT License
+Copyright (c) 2006 Cian Synnott
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.
+$Id: README 5 2006-11-15 00:15:44Z cian $

data/ext/extconf.rb ADDED Viewed

@@ -0,0 +1,23 @@
+#
+# Ruby extension configuration for STemp
+#
+# STemp - Secure tempfile extension for Ruby
+#
+# Author:: Cian Synnott <cian@gmail.com>
+# Copyright:: Copyright (c) 2006 Cian Synnott
+# License:: MIT License
+#
+# For license info, see the README file bundled with this package.
+#
+# $Id: extconf.rb 5 2006-11-15 00:15:44Z cian $
+#
+require 'mkmf'
+if have_func('mkdtemp') and have_func('mkstemp') and have_func('tmpfile')
+then
+   create_makefile('stemp')
+else
+   puts "One or more of 'mkdtemp', 'mkstemp' and 'tmpfile' is not available"
+end

data/ext/stemp.c ADDED Viewed

@@ -0,0 +1,170 @@
+/* STemp - Secure tempfile extension for Ruby
+ *
+ * Pure Ruby tempfile implementations appear to suffer from well-known race
+ * conditions. The 'mkstemp' family of functions now popular on Linux & *BSD
+ * attempt to work around these issues. This module makes them available to
+ * Ruby programmers on platforms where they are present.
+ *
+ * Author:: Cian Synnott <cian@gmail.com>
+ * Copyright:: Copyright (c) 2006 Cian Synnott
+ * License:: MIT License
+ *
+ * Copyright (c) 2006 Cian Synnott
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ *
+ * $Id: stemp.c 5 2006-11-15 00:15:44Z cian $
+ */
+#include "ruby.h"
+#include <unistd.h>
+#include <errno.h>
+VALUE mSTemp;
+static void raise_systemcallerror(int, char *);
+/* call-seq:
+ *   STemp.mkdtemp(template) -> String
+ *
+ * Wraps <tt>mkdtemp(3)</tt> for Ruby. See <tt>man mkdtemp</tt> on your system
+ * for exact semantics.
+ *
+ * Notes:
+ * - <tt>template</tt> is overwritten with the eventual directory name.
+ * - raises a <tt>SystemCallError</tt> if any of the syscalls involved fail.
+ *
+ */
+static VALUE stemp_mkdtemp(VALUE self, VALUE template) {
+  VALUE duckstr;
+  char *ret;
+  SafeStringValue(template);
+  duckstr = StringValue(template);
+  ret = mkdtemp(RSTRING(duckstr)->ptr);
+  if (NULL == ret) raise_systemcallerror(errno, "in mkdtemp");
+  return duckstr;
+}
+/* call-seq:
+ *   STemp.mkstemp(template) -> File
+ *
+ * Wraps <tt>mkstemp(3)</tt> for Ruby. See <tt>man mkstemp</tt> on your system
+ * for exact semantics.
+ *
+ * Notes:
+ * - returns a File object rather than a simple file descriptor.
+ * - <tt>template</tt> is overwritten with the eventual directory name.
+ * - raises a <tt>SystemCallError</tt> if any of the syscalls involved fail.
+ * - the Debian manpage for <tt>mkstemp</tt> suggests you shouldn't use it, but
+ *   rather stick with <tt>tmpfile</tt>. However, I think it's better all
+ *   round to have the choice; there are times when you want to know the
+ *   tempfile name.
+ */
+static VALUE stemp_mkstemp(VALUE self, VALUE template) {
+  VALUE duckstr, filedesc, file;
+  int fd;
+  SafeStringValue(template);
+  duckstr = StringValue(template);
+  fd = mkstemp(RSTRING(duckstr)->ptr);
+  if (-1 == fd) raise_systemcallerror(errno, "in mkstemp");
+  filedesc = INT2FIX(fd);
+  file = rb_class_new_instance(1, &filedesc,
+    rb_const_get(rb_cObject, rb_intern("File")));
+  return file;
+}
+/* call-seq:
+ *   STemp.tmpfile -> File
+ *
+ * Wraps <tt>tmpfile(3)</tt> for Ruby. See <tt>man tmpfile</tt> on your system
+ * for exact semantics.
+ *
+ * Notes:
+ * - raises a <tt>SystemCallError</tt> if any of the syscalls involved fail.
+ */
+static VALUE stemp_tmpfile(VALUE self) {
+  VALUE filedesc, file;
+  FILE *fp;
+  fp = tmpfile();
+  if (NULL == fp) raise_systemcallerror(errno, "in tmpfile");
+  /* A shame to have to move back to fileno from the FILE *, but there doesn't
+   * seem to be a clean way to do this in Ruby's C bindings otherwise.
+   * Note that fileno() is not ANSI C, but should be present wherever mkstemp
+   * and company are. */
+  filedesc = INT2FIX(fileno(fp));
+  file = rb_class_new_instance(1, &filedesc,
+    rb_const_get(rb_cObject, rb_intern("File")));
+  return file;
+}
+/* raise_systemcallerror - Raise a SystemCallError
+ *
+ * A utility routine for the actual methods defined here.
+ *
+ * Args:
+ * - num: the system error number, probably errno
+ * - msg: a message to attach
+ */
+static void raise_systemcallerror(int num, char *msg) {
+  VALUE excobj, excno, *params;
+  /* Construct argument list */
+  excno = INT2FIX(num);
+  params = &excno;
+  excobj = rb_class_new_instance(1, params,
+    rb_const_get(rb_cObject, rb_intern("SystemCallError")));
+  /* I go about this in a somewhat strange way because of the way
+   * SystemCallError works. Its 'new' method creates an object of the
+   * appropriate subclass of Errno based on the number you give it. However,
+   * rb_raise takes a _class_, not an instance. */
+  rb_raise(rb_funcall(excobj, rb_intern("class"), 0), msg);
+}
+/* STemp - secure tempfile extension for Ruby
+ *
+ * Note that you should set your +umask+ appropriately when using this library:
+ * not all implementations of these functions use a reasonable file creation
+ * mask by default.
+*/
+void Init_stemp() {
+  mSTemp = rb_define_module("STemp");
+  rb_define_singleton_method(mSTemp, "mkdtemp", stemp_mkdtemp, 1);
+  rb_define_singleton_method(mSTemp, "mkstemp", stemp_mkstemp, 1);
+  rb_define_singleton_method(mSTemp, "tmpfile", stemp_tmpfile, 0);
+}

data/test/ts_stemp.rb ADDED Viewed

@@ -0,0 +1,91 @@
+#
+# Unit tests for STemp
+#
+# STemp - Secure tempfile extension for Ruby
+#
+# Author:: Cian Synnott <cian@gmail.com>
+# Copyright:: Copyright (c) 2006 Cian Synnott
+# License:: MIT License
+#
+# For license info, see the README file bundled with this package.
+#
+# $Id: ts_stemp.rb 5 2006-11-15 00:15:44Z cian $
+#
+require 'test/unit'
+require 'fileutils'
+require 'tmpdir'
+require 'rubygems'
+require 'stemp'
+# Tests for STemp
+class TestSTemp < Test::Unit::TestCase
+  WRITE   = "#{Dir.tmpdir}/test-stemp-write"
+  NOWRITE = "#{Dir.tmpdir}/test-stemp-nowrite"
+  def setup
+    # Create writeable and unwriteable directory 'fixtures'
+    FileUtils.mkdir(WRITE, :mode => 0700)
+    FileUtils.mkdir(NOWRITE, :mode => 0500)
+  end
+  # Tests for +mkdtemp+.
+  def test_mkdtemp
+    # If we're getting the correct EACCES exceptions here, the exception
+    # handling in mkdtemp is working. Don't bother if we're root. :op
+    unless Process.euid == 0
+      dirname = "#{NOWRITE}/dir-XXXXXX"
+      assert_raise(Errno::EACCES) { STemp.mkdtemp(dirname) }
+    end
+    # Normal behaviour. Remember to check side-effect.
+    dirname = "#{WRITE}/dir-XXXXXX"
+    newname = STemp.mkdtemp(dirname)
+    assert_equal(newname, dirname)
+    assert_not_equal(dirname, "#{WRITE}/dir-XXXXXX")
+    assert(File.directory?(dirname))
+  end
+  # Tests for +mkstemp+.
+  def test_mkstemp
+    # See comments above on first assertion.
+    unless Process.euid == 0
+      filename = "#{NOWRITE}/file-XXXXXX"
+      assert_raise(Errno::EACCES) { STemp.mkstemp(filename) }
+    end
+    # Test creating a file, writing to it etc. and that it exists at the end.
+    filename = "#{WRITE}/file-XXXXXX"
+    f = STemp.mkstemp(filename)
+    assert_not_equal(filename, "#{WRITE}/file-XXXXXX")
+    text = nil
+    assert_nothing_raised do
+      f.puts 'test string'
+      f.rewind
+      text = f.read
+      f.close
+    end
+    assert_equal(text, "test string\n")
+    assert(File.exists?(filename))
+  end
+  # Tests for +tmpfile+.
+  def test_tmpfile
+    # Test creating a file, writing to it etc.
+    f = STemp.tmpfile
+    text = nil
+    assert_nothing_raised do
+      f.puts 'test string'
+      f.rewind
+      text = f.read
+      f.close
+    end
+    assert_equal(text, "test string\n")
+  end
+  def teardown
+    FileUtils.rm_rf(WRITE)
+    FileUtils.rm_rf(NOWRITE)
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,49 @@
+--- !ruby/object:Gem::Specification
+rubygems_version: 0.8.11
+specification_version: 1
+name: ruby-stemp
+version: !ruby/object:Gem::Version
+  version: "1.0"
+date: 2006-11-15 00:00:00 +00:00
+summary: Secure tempfile extension for Ruby
+require_paths:
+- .
+email: cian@gmail.com
+homepage: http://code.google.com/p/ruby-stemp
+rubyforge_project:
+description:
+autorequire: stemp
+default_executable:
+bindir: bin
+has_rdoc: true
+required_ruby_version: !ruby/object:Gem::Version::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 0.0.0
+  version:
+platform: ruby
+signing_key:
+cert_chain:
+authors:
+- Cian Synnott
+files:
+- ext/extconf.rb
+- ext/stemp.c
+- test/ts_stemp.rb
+- README
+test_files:
+- test/ts_stemp.rb
+rdoc_options:
+- --main
+- README
+extra_rdoc_files:
+- README
+executables: []
+extensions:
+- ext/extconf.rb
+requirements: []
+dependencies: []