rufus-treechecker 1.0.3 → 1.0.4

data/CHANGELOG.txt

@@ -0,0 +1,29 @@
+
+= rufus-treechecker CHANGELOG.txt
+
+
+== rufus-treechecker - 1.0.4   released 2010/12/22
+
+- require rufus/tree_checker and rufus-tree_checker
+- Rufus::Treechecker.parse(code) => tree
+
+
+== rufus-treechecker - 1.0.3   released 2008/10/29
+
+- todo   #22570 : moved to ruby_parser 2.0
+
+
+== rufus-treechecker - 1.0.2   released 2008/09/02
+
+- complete refactoring, huge perf gain
+
+
+== rufus-treechecker - 1.0.1   released 2008/09/01
+
+- more rules, slightly less code
+
+
+== rufus-treechecker - 1.0   released 2008/09/01
+
+- initial release
+

data/CREDITS.txt

@@ -0,0 +1,6 @@
+
+= CREDITS.txt
+
+Leverages ruby_parser and parsetree by Ryan Davis 
+(http://rubyforge.org/projects/parsetree/)
+

data/LICENSE.txt

@@ -0,0 +1,21 @@
+
+Copyright (c) 2008-2011, John Mettraux, jmettraux@gmail.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+

data/README.txt

@@ -8,7 +8,7 @@ Initialize a Rufus::TreeChecker and pass some ruby code to make sure it's safe b
 
 == getting it
 
-    sudo gem install -y rufus-treechecker
+    gem install -y rufus-treechecker
 
 or download[http://rubyforge.org/frs/?group_id=4812] it from RubyForge.
 
@@ -16,40 +16,40 @@ or download[http://rubyforge.org/frs/?group_id=4812] it from RubyForge.
 == usage
 
 The treechecker uses ruby_parser (http://rubyforge.org/projects/parsetree)
-to turn Ruby code into s-expressions, the treechecker then 
-checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern 
+to turn Ruby code into s-expressions, the treechecker then
+checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern
 is spotted.
 
 The excluded patterns are defined at the initialization of the TreeChecker
 instance by listing rules.
 
-    require 'rubygems'
-    require 'rufus-treechecker'
+  require 'rubygems'
+  require 'rufus-treechecker'
 
-    tc = Rufus::TreeChecker.new do
-      exclude_fvcall :abort
-      exclude_fvcall :exit, :exit!
-    end
-    
-    tc.check("1 + 1; abort")               # will raise a SecurityError
-    tc.check("puts (1..10).to_a.inspect")  # OK
+  tc = Rufus::TreeChecker.new do
+    exclude_fvcall :abort
+    exclude_fvcall :exit, :exit!
+  end
+
+  tc.check("1 + 1; abort")               # will raise a SecurityError
+  tc.check("puts (1..10).to_a.inspect")  # OK
 
 
 Nice, but how do I know what to exclude ?
 
-    require 'rubygems'
-    require 'rufus-treechecker'
+  require 'rubygems'
+  require 'rufus-treechecker'
 
-    Rufus::TreeChecker.new.ptree('a = 5 + 6; puts a')
+  Rufus::TreeChecker.new.ptree('a = 5 + 6; puts a')
 
 will yield
 
-    "a = 5 + 6; puts a"
-     => 
-     [:block, 
-       [:lasgn, :a, [:call, [:lit, 5], :+, [:array, [:lit, 6]]]], 
-       [:fcall, :puts, [:array, [:lvar, :a]]]
-     ]
+  "a = 5 + 6; puts a"
+   =>
+   [:block,
+     [:lasgn, :a, [:call, [:lit, 5], :+, [:array, [:lit, 6]]]],
+     [:fcall, :puts, [:array, [:lvar, :a]]]
+   ]
 
 
 For more documentation, see http://github.com/jmettraux/rufus-treechecker/tree/master/lib/rufus/treechecker.rb
@@ -57,26 +57,26 @@ For more documentation, see http://github.com/jmettraux/rufus-treechecker/tree/m
 
 == dependencies
 
-the 'rogue-parser' gem
+the 'ruby_parser' gem by Ryan Davis.
 
 
 == mailing list
 
 On the Rufus-Ruby list[http://groups.google.com/group/rufus-ruby] :
 
-    http://groups.google.com/group/rufus-ruby
+  http://groups.google.com/group/rufus-ruby
 
 
 == issue tracker
 
-    http://rubyforge.org/tracker/?atid=18584&group_id=4812&func=browse
+  http://rubyforge.org/tracker/?atid=18584&group_id=4812&func=browse
 
 
 == source
 
 http://github.com/jmettraux/rufus-treechecker
 
-    git clone git://github.com/jmettraux/rufus-treechecker.git
+  git clone git://github.com/jmettraux/rufus-treechecker.git
 
 
 == author

data/Rakefile

@@ -0,0 +1,83 @@
+
+$:.unshift('.') # 1.9.2
+
+require 'rubygems'
+
+require 'rake'
+require 'rake/clean'
+require 'rake/rdoctask'
+
+
+#
+# clean
+
+CLEAN.include('pkg', 'rdoc')
+
+
+#
+# test / spec
+
+task :spec do
+  sh 'rspec spec/'
+end
+task :test => :spec
+task :default => :spec
+
+
+#
+# gem
+
+GEMSPEC_FILE = Dir['*.gemspec'].first
+GEMSPEC = eval(File.read(GEMSPEC_FILE))
+GEMSPEC.validate
+
+
+desc %{
+  builds the gem and places it in pkg/
+}
+task :build do
+
+  sh "gem build #{GEMSPEC_FILE}"
+  sh "mkdir pkg" rescue nil
+  sh "mv #{GEMSPEC.name}-#{GEMSPEC.version}.gem pkg/"
+end
+
+desc %{
+  builds the gem and pushes it to rubygems.org
+}
+task :push => :build do
+
+  sh "gem push pkg/#{GEMSPEC.name}-#{GEMSPEC.version}.gem"
+end
+
+
+#
+# rdoc
+#
+# make sure to have rdoc 2.5.x to run that
+
+Rake::RDocTask.new do |rd|
+
+  rd.main = 'README.txt'
+  rd.rdoc_dir = "rdoc/#{GEMSPEC.name}"
+
+  rd.rdoc_files.include('README.txt', 'CHANGELOG.txt', 'CREDITS.txt', 'lib/**/*.rb')
+
+  rd.title = "#{GEMSPEC.name} #{GEMSPEC.version}"
+end
+
+
+#
+# upload_rdoc
+
+desc %{
+  upload the rdoc to rubyforge
+}
+task :upload_rdoc => [ :clean, :rdoc ] do
+
+  account = 'jmettraux@rubyforge.org'
+  webdir = "/var/www/gforge-projects/rufus"
+
+  sh "rsync -azv -e ssh rdoc/#{GEMSPEC.name} #{account}:#{webdir}/"
+end
+

data/lib/rufus/tree_checker.rb

@@ -0,0 +1,3 @@
+
+require 'rufus/treechecker'
+

data/lib/rufus/treechecker.rb

@@ -1,6 +1,5 @@
-#
 #--
-# Copyright (c) 2008, John Mettraux, jmettraux@gmail.com
+# Copyright (c) 2008-2011, John Mettraux, jmettraux@gmail.com
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -19,14 +18,12 @@
 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
-#++
-#
-
 #
 # "made in Japan" (as opposed to "swiss made")
-#
+#++
 
-require 'ruby_parser' # gem 'rogue_parser'
+
+require 'ruby_parser'
 
 
 module Rufus
@@ -125,27 +122,24 @@ module Rufus
   #
   class TreeChecker
 
-    VERSION = '1.0.3'
+    VERSION = '1.0.4'
 
-    #
     # pretty-prints the sexp tree of the given rubycode
     #
-    def ptree (rubycode)
+    def ptree(rubycode)
       puts stree(rubycode)
     end
 
-    #
     # returns the pretty-printed string of the given rubycode
     # (thanks ruby_parser).
     #
-    def stree (rubycode)
+    def stree(rubycode)
       "#{rubycode.inspect}\n =>\n#{parse(rubycode).inspect}"
     end
 
-    #
     # initializes the TreeChecker, expects a block
     #
-    def initialize (&block)
+    def initialize(&block)
 
       @root_set = RuleSet.new
       @set = RuleSet.new
@@ -162,12 +156,11 @@ module Rufus
       s << @set.to_s
     end
 
-    #
     # Performs the check on the given String of ruby code. Will raise a
     # Rufus::SecurityError if there is something excluded by the rules
     # specified at the initialization of the TreeChecker instance.
     #
-    def check (rubycode)
+    def check(rubycode)
 
       sexp = parse(rubycode)
 
@@ -179,8 +172,7 @@ module Rufus
       do_check(sexp)
     end
 
-    #
-    # return a copy of this TreeChecker instance
+    # Return a copy of this TreeChecker instance
     #
     def clone
 
@@ -190,18 +182,16 @@ module Rufus
       tc
     end
 
+    # Adds a set of checks (rules) to this treechecker. Returns self.
     #
-    # adds a set of checks (rules) to this treechecker. Returns self.
-    #
-    def add_rules (&block)
+    def add_rules(&block)
 
       instance_eval(&block) if block
 
       self
     end
 
-    #
-    # freezes the treechecker instance "in depth"
+    # Freezes the treechecker instance "in depth"
     #
     def freeze
       super
@@ -228,23 +218,23 @@ module Rufus
         rs
       end
 
-      def exclude_symbol (s, message)
+      def exclude_symbol(s, message)
 
         @excluded_symbols[s] = (message || ":#{s} is excluded")
       end
 
-      def accept_pattern (pat)
+      def accept_pattern(pat)
 
         (@accepted_patterns[pat.first] ||= []) << pat
       end
 
-      def exclude_pattern (pat, message)
+      def exclude_pattern(pat, message)
 
         (@excluded_patterns[pat.first] ||= []) << [
           pat, message || "#{pat.inspect} is excluded" ]
       end
 
-      def check (sexp)
+      def check(sexp)
 
         if sexp.is_a?(Symbol)
 
@@ -304,7 +294,7 @@ module Rufus
 
       protected
 
-      def check_pattern (sexp, pat)
+      def check_pattern(sexp, pat)
 
         return false if sexp.length < pat.length
 
@@ -320,18 +310,17 @@ module Rufus
     # the methods used to define the checks
     #++
 
-    #
-    # within the 'at_root' block, rules are added to the @root_checks, ie
+    # Within the 'at_root' block, rules are added to the @root_checks, ie
     # they are evaluated only for the toplevel (root) sexp.
     #
-    def at_root (&block)
+    def at_root(&block)
 
       @current_set = @root_set
       add_rules(&block)
       @current_set = @set
     end
 
-    def extract_message (args)
+    def extract_message(args)
 
       message = nil
       args = args.dup
@@ -339,7 +328,7 @@ module Rufus
       [ args, message ]
     end
 
-    def expand_class (arg)
+    def expand_class(arg)
 
       if arg.is_a?(Class) or arg.is_a?(Module)
         [ parse(arg.to_s), parse("::#{arg.to_s}") ]
@@ -348,8 +337,7 @@ module Rufus
       end
     end
 
-    #
-    # adds a rule that will forbid sexps that begin with the given head
+    # Adds a rule that will forbid sexps that begin with the given head
     #
     #     tc = TreeChecker.new do
     #       exclude_head [ :block ]
@@ -358,44 +346,43 @@ module Rufus
     #     tc.check('a = 2')         # ok
     #     tc.check('a = 2; b = 5')  # will raise an error as it's a block
     #
-    def exclude_head (head, message=nil)
+    def exclude_head(head, message=nil)
 
       @current_set.exclude_pattern(head, message)
     end
 
-    def exclude_symbol (*args)
+    def exclude_symbol(*args)
       args, message = extract_message(args)
       args.each { |a| @current_set.exclude_symbol(a, message) }
     end
 
-    def exclude_fcall (*args)
+    def exclude_fcall(*args)
       do_exclude_pair(:fcall, args)
     end
 
-    def exclude_vcall (*args)
+    def exclude_vcall(*args)
       do_exclude_pair(:vcall, args)
     end
 
-    def exclude_fvcall (*args)
+    def exclude_fvcall(*args)
       do_exclude_pair(:fcall, args)
       do_exclude_pair(:vcall, args)
     end
 
-    def exclude_call_on (*args)
+    def exclude_call_on(*args)
       do_exclude_pair(:call, args)
     end
 
-    def exclude_call_to (*args)
+    def exclude_call_to(*args)
       args, message = extract_message(args)
       args.each { |a| @current_set.exclude_pattern([ :call, :any, a], message) }
     end
 
-    def exclude_fvccall (*args)
+    def exclude_fvccall(*args)
       exclude_fvcall(*args)
       exclude_call_to(*args)
     end
 
-    #
     # This rule :
     #
     #     exclude_rebinding Kernel
@@ -405,7 +392,7 @@ module Rufus
     #     k = Kernel
     #     k = ::Kernel
     #
-    def exclude_rebinding (*args)
+    def exclude_rebinding(*args)
       args, message = extract_message(args)
       args.each do |a|
         expand_class(a).each do |c|
@@ -418,21 +405,19 @@ module Rufus
     # prevents access (calling methods and rebinding) to a class (or a list
     # of classes
     #
-    def exclude_access_to (*args)
+    def exclude_access_to(*args)
       exclude_call_on *args
       exclude_rebinding *args
     end
 
-    #
-    # bans method definitions
+    # Bans method definitions
     #
     def exclude_def
 
       @current_set.exclude_symbol(:defn, 'method definitions are forbidden')
     end
 
-    #
-    # bans the defintion and the [re]openening of classes
+    # Bans the defintion and the [re]openening of classes
     #
     # a list of exceptions (classes) can be passed. Subclassing those
     # exceptions is permitted.
@@ -454,8 +439,7 @@ module Rufus
         [ :class ], 'defining a class is forbidden')
     end
 
-    #
-    # bans the definition or the opening of modules
+    # Bans the definition or the opening of modules
     #
     def exclude_module_tinkering
 
@@ -463,8 +447,7 @@ module Rufus
         :module, 'defining or opening a module is forbidden')
     end
 
-    #
-    # bans referencing or setting the value of global variables
+    # Bans referencing or setting the value of global variables
     #
     def exclude_global_vars
 
@@ -472,8 +455,7 @@ module Rufus
       @current_set.exclude_symbol(:gasgn, 'global vars are forbidden')
     end
 
-    #
-    # bans the usage of 'alias'
+    # Bans the usage of 'alias'
     #
     def exclude_alias
 
@@ -481,8 +463,7 @@ module Rufus
       @current_set.exclude_symbol(:alias_method, "'alias_method' is forbidden")
     end
 
-    #
-    # bans the use of 'eval', 'module_eval' and 'instance_eval'
+    # Bans the use of 'eval', 'module_eval' and 'instance_eval'
     #
     def exclude_eval
 
@@ -491,16 +472,14 @@ module Rufus
       exclude_call_to(:instance_eval, 'instance_eval() is forbidden')
     end
 
-    #
-    # bans the use of backquotes
+    # Bans the use of backquotes
     #
     def exclude_backquotes
 
       @current_set.exclude_symbol(:xstr, 'backquotes are forbidden')
     end
 
-    #
-    # bans raise and throw
+    # Bans raise and throw
     #
     def exclude_raise
 
@@ -518,10 +497,9 @@ module Rufus
       end
     end
 
+    # The actual check method, check() is rather a bootstrap one...
     #
-    # the actual check method, check() is rather a bootstrap one...
-    #
-    def do_check (sexp)
+    def do_check(sexp)
 
       @set.check(sexp)
 
@@ -532,17 +510,19 @@ module Rufus
       sexp.each { |c| do_check c }
     end
 
+    # A simple parse (relies on ruby_parser currently)
     #
-    # a simple parse (relies on ruby_parser currently)
-    #
-    def parse (rubycode)
+    def parse(rubycode)
 
-      #(@parser ||= RubyParser.new).parse(rubycode).to_a
-        #
-        # parser goes ballistic after a while, seems having a new parser
-        # each is not heavy at all
+      self.class.parse(rubycode)
+    end
+
+    # A simple parse (relies on ruby_parser currently)
+    #
+    def self.parse(rubycode)
 
       RubyParser.new.parse(rubycode).to_a
     end
   end
 end
+

data/lib/rufus-tree_checker.rb

@@ -0,0 +1,3 @@
+
+require 'rufus/treechecker'
+

data/rufus-treechecker.gemspec

@@ -0,0 +1,31 @@
+# encoding: utf-8
+
+Gem::Specification.new do |s|
+
+  s.name = 'rufus-treechecker'
+  s.version = File.read('lib/rufus/treechecker.rb').match(/VERSION = '([^']+)'/)[1]
+  s.platform = Gem::Platform::RUBY
+  s.authors = [ 'John Mettraux' ]
+  s.email = [ 'jmettraux@gmail.com' ]
+  s.homepage = 'http://rufus.rubyforge.org'
+  s.rubyforge_project = 'rufus'
+  s.summary = "tests strings of Ruby code for unauthorized patterns (exit, eval, ...)"
+  s.description = %{
+    tests strings of Ruby code for unauthorized patterns (exit, eval, ...)
+  }
+
+  #s.files = `git ls-files`.split("\n")
+  s.files = Dir[
+    'Rakefile',
+    'lib/**/*.rb', 'spec/**/*.rb', 'test/**/*.rb',
+    '*.gemspec', '*.txt', '*.rdoc', '*.md'
+  ]
+
+  s.add_runtime_dependency 'ruby_parser', '>= 2.0.5'
+
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec', '>= 2.0'
+
+  s.require_path = 'lib'
+end
+