rufus-treechecker 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/spec/high_spec.rb ADDED
@@ -0,0 +1,303 @@
1
+
2
+ #
3
+ # Specifying rufus-treechecker
4
+ #
5
+ # Wed Dec 22 15:49:08 JST 2010
6
+ #
7
+
8
+ require File.join(File.dirname(__FILE__), 'spec_base')
9
+
10
+
11
+ describe Rufus::TreeChecker do
12
+
13
+ describe 'exclude_global_vars' do
14
+
15
+ let :tc do
16
+ Rufus::TreeChecker.new do
17
+ exclude_global_vars
18
+ end
19
+ end
20
+
21
+ it 'does not block "1 + 1"' do
22
+ lambda { tc.check("1 + 1") }.should_not raise_error
23
+ end
24
+
25
+ [
26
+
27
+ "$ENV",
28
+ "$ENV = {}",
29
+ "$ENV['HOME'] = 'away'"
30
+
31
+ ].each do |code|
32
+
33
+ it "blocks '#{code}'" do
34
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
35
+ end
36
+ end
37
+ end
38
+
39
+ describe 'exclude_alias' do
40
+
41
+ let :tc do
42
+ Rufus::TreeChecker.new do
43
+ exclude_alias
44
+ end
45
+ end
46
+
47
+ it 'does not block "1 + 1"' do
48
+ lambda { tc.check("1 + 1") }.should_not raise_error
49
+ end
50
+
51
+ [
52
+
53
+ 'alias a b',
54
+ 'alias :a :b',
55
+ 'alias_method :a, :b',
56
+ 'alias_method "a", "b"'
57
+
58
+ ].each do |code|
59
+
60
+ it "blocks '#{code}'" do
61
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
62
+ end
63
+ end
64
+ end
65
+
66
+ describe 'exclude_class_tinkering' do
67
+
68
+ let :tc do
69
+ Rufus::TreeChecker.new do
70
+ exclude_class_tinkering
71
+ end
72
+ end
73
+
74
+ it 'does not block "1 + 1"' do
75
+ lambda { tc.check("1 + 1") }.should_not raise_error
76
+ end
77
+
78
+ [
79
+
80
+ 'class << instance; def length; 3; end; end',
81
+ 'class Toto; end',
82
+ 'class Alpha::Toto; end'
83
+
84
+ ].each do |code|
85
+
86
+ it "blocks '#{code}'" do
87
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
88
+ end
89
+ end
90
+ end
91
+
92
+ describe 'exclude_class_tinkering :except => [ String ]' do
93
+
94
+ let :tc do
95
+ Rufus::TreeChecker.new do
96
+ exclude_class_tinkering :except => [ String, Rufus::TreeChecker ]
97
+ end
98
+ end
99
+
100
+ it 'does not block "1 + 1"' do
101
+ lambda { tc.check("1 + 1") }.should_not raise_error
102
+ end
103
+
104
+ [
105
+
106
+ 'class S2 < String; def length; 3; end; end',
107
+ 'class Toto < Rufus::TreeChecker; def length; 3; end; end',
108
+
109
+ ].each do |code|
110
+
111
+ it "doesn't block '#{code}'" do
112
+ lambda { tc.check(code) }.should_not raise_error
113
+ end
114
+ end
115
+
116
+ [
117
+
118
+ 'class String; def length; 3; end; end',
119
+
120
+ 'class Toto; end',
121
+ 'class Alpha::Toto; end'
122
+
123
+ ].each do |code|
124
+
125
+ it "blocks '#{code}'" do
126
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
127
+ end
128
+ end
129
+ end
130
+
131
+ describe 'exclude_module_tinkering' do
132
+
133
+ let :tc do
134
+ Rufus::TreeChecker.new do
135
+ exclude_module_tinkering
136
+ end
137
+ end
138
+
139
+ it 'does not block "1 + 1"' do
140
+ lambda { tc.check("1 + 1") }.should_not raise_error
141
+ end
142
+
143
+ [
144
+
145
+ 'module Alpha; end',
146
+ 'module Momo::Alpha; end'
147
+
148
+ ].each do |code|
149
+
150
+ it "blocks '#{code}'" do
151
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
152
+ end
153
+ end
154
+ end
155
+
156
+ describe 'exclude_eval' do
157
+
158
+ let :tc do
159
+ Rufus::TreeChecker.new do
160
+ exclude_eval
161
+ end
162
+ end
163
+
164
+ it 'does not block "1 + 1"' do
165
+ lambda { tc.check("1 + 1") }.should_not raise_error
166
+ end
167
+
168
+ [
169
+
170
+ 'eval("code")',
171
+ 'Kernel.eval("code")',
172
+ 'toto.instance_eval("code")',
173
+ 'Toto.module_eval("code")'
174
+
175
+ ].each do |code|
176
+
177
+ it "blocks '#{code}'" do
178
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
179
+ end
180
+ end
181
+ end
182
+
183
+ describe 'exclude_backquotes' do
184
+
185
+ let :tc do
186
+ Rufus::TreeChecker.new do
187
+ exclude_backquotes
188
+ end
189
+ end
190
+
191
+ it 'does not block "1 + 1"' do
192
+ lambda { tc.check("1 + 1") }.should_not raise_error
193
+ end
194
+
195
+ [
196
+
197
+ '`kill -9 whatever`'
198
+
199
+ ].each do |code|
200
+
201
+ it "blocks '#{code}'" do
202
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
203
+ end
204
+ end
205
+ end
206
+
207
+ describe 'exclude_raise' do
208
+
209
+ let :tc do
210
+ Rufus::TreeChecker.new do
211
+ exclude_raise
212
+ end
213
+ end
214
+
215
+ it 'does not block "1 + 1"' do
216
+ lambda { tc.check("1 + 1") }.should_not raise_error
217
+ end
218
+
219
+ [
220
+
221
+ 'Kernel.puts "error"'
222
+
223
+ ].each do |code|
224
+
225
+ it "doesn't block '#{code}'" do
226
+ lambda { tc.check(code) }.should_not raise_error
227
+ end
228
+ end
229
+
230
+ [
231
+
232
+ 'raise',
233
+ 'raise "error"',
234
+ 'Kernel.raise',
235
+ 'Kernel.raise "error"',
236
+ 'throw',
237
+ 'throw :halt'
238
+
239
+ ].each do |code|
240
+
241
+ it "blocks '#{code}'" do
242
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
243
+ end
244
+ end
245
+ end
246
+
247
+ describe 'exclude_rebinding' do
248
+
249
+ let :tc do
250
+ Rufus::TreeChecker.new do
251
+ exclude_call_to :class
252
+ exclude_rebinding Kernel, Rufus::TreeChecker
253
+ end
254
+ end
255
+
256
+ it 'does not block "1 + 1"' do
257
+ lambda { tc.check("1 + 1") }.should_not raise_error
258
+ end
259
+
260
+ [
261
+
262
+ 'k = Kernel',
263
+ 'k = ::Kernel',
264
+ 'c = Rufus::TreeChecker',
265
+ 'c = ::Rufus::TreeChecker',
266
+ 's = "".class'
267
+
268
+ ].each do |code|
269
+
270
+ it "blocks '#{code}'" do
271
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
272
+ end
273
+ end
274
+ end
275
+
276
+ describe 'exclude_access_to(File)' do
277
+
278
+ let :tc do
279
+ Rufus::TreeChecker.new do
280
+ exclude_access_to File
281
+ end
282
+ end
283
+
284
+ it 'does not block "1 + 1"' do
285
+ lambda { tc.check("1 + 1") }.should_not raise_error
286
+ end
287
+
288
+ [
289
+
290
+ 'f = File',
291
+ 'f = ::File',
292
+ 'File.read "hello.txt"',
293
+ '::File.read "hello.txt"'
294
+
295
+ ].each do |code|
296
+
297
+ it "blocks '#{code}'" do
298
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
299
+ end
300
+ end
301
+ end
302
+ end
303
+
data/spec/low_spec.rb ADDED
@@ -0,0 +1,199 @@
1
+
2
+ #
3
+ # Specifying rufus-treechecker
4
+ #
5
+ # Wed Dec 22 15:49:08 JST 2010
6
+ #
7
+
8
+ require File.join(File.dirname(__FILE__), 'spec_base')
9
+
10
+
11
+ describe Rufus::TreeChecker do
12
+
13
+ describe 'exclude_call_to(:exit)' do
14
+
15
+ let :tc do
16
+ Rufus::TreeChecker.new do
17
+ #exclude_vcall :abort
18
+ #exclude_fcall :abort
19
+ exclude_call_to :abort
20
+ #exclude_fvcall :exit, :exit!
21
+ exclude_call_to :exit
22
+ exclude_call_to :exit!
23
+ end
24
+ end
25
+
26
+ it 'does not block "1 + 1"' do
27
+ lambda { tc.check("1 + 1") }.should_not raise_error
28
+ end
29
+
30
+ %w[
31
+
32
+ exit exit() exit(1)
33
+ exit! exit!() exit!(1)
34
+ Kernel.exit Kernel.exit() Kernel.exit(1)
35
+ ::Kernel.exit ::Kernel.exit() ::Kernel.exit(1)
36
+
37
+ abort abort() abort("damn!")
38
+ Kernel.abort Kernel.abort() Kernel.abort(1)
39
+ ::Kernel.abort ::Kernel.abort() ::Kernel.abort(1)
40
+
41
+ ].each do |code|
42
+
43
+ it "blocks '#{code}'" do
44
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
45
+ end
46
+ end
47
+ end
48
+
49
+ describe 'exclude_call_on' do
50
+
51
+ let :tc do
52
+ Rufus::TreeChecker.new do
53
+ exclude_call_on File, FileUtils
54
+ exclude_call_on IO
55
+ end
56
+ end
57
+
58
+ it 'does not block "1 + 1"' do
59
+ lambda { tc.check("1 + 1") }.should_not raise_error
60
+ end
61
+
62
+ [
63
+
64
+ 'data = File.read("surf.txt")',
65
+ 'f = File.new("surf.txt")',
66
+ 'FileUtils.rm_f("bondzoi.txt")',
67
+ 'IO.foreach("testfile") {|x| print "GOT ", x }'
68
+
69
+ ].each do |code|
70
+
71
+ it "blocks '#{code}'" do
72
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
73
+ end
74
+ end
75
+ end
76
+
77
+ describe 'exclude_def' do
78
+
79
+ let :tc do
80
+ Rufus::TreeChecker.new do
81
+ exclude_def
82
+ end
83
+ end
84
+
85
+ it 'does not block "1 + 1"' do
86
+ lambda { tc.check("1 + 1") }.should_not raise_error
87
+ end
88
+
89
+ [
90
+
91
+ 'def drink; "water"; end',
92
+ 'class Toto; def drink; "water"; end; end'
93
+
94
+ ].each do |code|
95
+
96
+ it "blocks '#{code}'" do
97
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
98
+ end
99
+ end
100
+ end
101
+
102
+ describe 'exclude_fvccall (public/protected/private)' do
103
+
104
+ let :tc do
105
+ Rufus::TreeChecker.new do
106
+ exclude_fvccall :public
107
+ exclude_fvccall :protected
108
+ exclude_fvccall :private
109
+ end
110
+ end
111
+
112
+ it 'does not block "1 + 1"' do
113
+ lambda { tc.check("1 + 1") }.should_not raise_error
114
+ end
115
+
116
+ [
117
+
118
+ 'public',
119
+ 'public :surf',
120
+ 'class Toto; public :car; end',
121
+ 'private',
122
+ 'private :surf',
123
+ 'class Toto; private :car; end'
124
+
125
+ ].each do |code|
126
+
127
+ it "blocks '#{code}'" do
128
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
129
+ end
130
+ end
131
+ end
132
+
133
+ describe 'exclude_head' do
134
+
135
+ let :tc do
136
+ Rufus::TreeChecker.new do
137
+ exclude_head [ :block ]
138
+ exclude_head [ :lasgn ]
139
+ exclude_head [ :dasgn_curr ]
140
+ end
141
+ end
142
+
143
+ it 'does not block "1 + 1"' do
144
+ lambda { tc.check("1 + 1") }.should_not raise_error
145
+ end
146
+
147
+ [
148
+
149
+ 'a; b; c',
150
+ 'lambda { a; b; c }',
151
+
152
+ 'a = 2',
153
+ 'lambda { a = 2 }'
154
+
155
+ ].each do |code|
156
+
157
+ it "blocks '#{code}'" do
158
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
159
+ end
160
+ end
161
+ end
162
+
163
+ describe 'at_root { }' do
164
+
165
+ let :tc do
166
+ Rufus::TreeChecker.new do
167
+ at_root do
168
+ exclude_head [ :block ]
169
+ exclude_head [ :lasgn ]
170
+ end
171
+ end
172
+ end
173
+
174
+ it 'does not block "1 + 1"' do
175
+ lambda { tc.check("1 + 1") }.should_not raise_error
176
+ end
177
+
178
+ [
179
+ 'lambda { a; b; c }',
180
+ 'lambda { a = 2 }'
181
+ ].each do |code|
182
+
183
+ it "doesn't block '#{code}'" do
184
+ lambda { tc.check(code) }.should_not raise_error
185
+ end
186
+ end
187
+
188
+ [
189
+ 'a; b; c',
190
+ 'a = 2'
191
+ ].each do |code|
192
+
193
+ it "blocks '#{code}'" do
194
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
195
+ end
196
+ end
197
+ end
198
+ end
199
+
data/spec/misc_spec.rb ADDED
@@ -0,0 +1,44 @@
1
+
2
+ #
3
+ # Specifying rufus-treechecker
4
+ #
5
+ # Wed Dec 22 16:58:11 JST 2010
6
+ #
7
+
8
+ require File.join(File.dirname(__FILE__), 'spec_base')
9
+
10
+
11
+ describe Rufus::TreeChecker do
12
+
13
+ describe '.parse' do
14
+
15
+ it 'returns the AST as an array' do
16
+
17
+ Rufus::TreeChecker.parse('1 + 1').should ==
18
+ [ :call, [ :lit, 1 ], :+, [ :arglist, [ :lit, 1 ] ] ]
19
+ end
20
+ end
21
+
22
+ describe '.clone' do
23
+
24
+ it "returns a copy of the TreeChecker" do
25
+
26
+ tc0 = Rufus::TreeChecker.new do
27
+ exclude_fvccall :abort
28
+ end
29
+
30
+ tc1 = tc0.clone
31
+
32
+ class << tc0
33
+ attr_reader :set, :root_set
34
+ end
35
+ class << tc1
36
+ attr_reader :set, :root_set
37
+ end
38
+
39
+ tc1.set.object_id.should_not == tc0.set.object_id
40
+ tc1.root_set.object_id.should_not == tc0.root_set.object_id
41
+ end
42
+ end
43
+ end
44
+
@@ -0,0 +1,94 @@
1
+
2
+ #
3
+ # Specifying rufus-treechecker
4
+ #
5
+ # Wed Dec 22 17:06:17 JST 2010
6
+ #
7
+
8
+ require File.join(File.dirname(__FILE__), 'spec_base')
9
+
10
+
11
+ module Testy
12
+ class Tasty
13
+ end
14
+ end
15
+
16
+
17
+ describe Rufus::TreeChecker do
18
+
19
+ context 'as a [complete] ruleset' do
20
+
21
+ let :tc do
22
+
23
+ Rufus::TreeChecker.new do
24
+
25
+ exclude_fvccall :abort
26
+ exclude_fvccall :exit, :exit!
27
+ exclude_fvccall :system
28
+ exclude_fvccall :at_exit
29
+ exclude_eval
30
+ exclude_alias
31
+ exclude_global_vars
32
+ exclude_call_on File, FileUtils
33
+ exclude_class_tinkering :except => Testy::Tasty
34
+ exclude_module_tinkering
35
+
36
+ exclude_fvcall :public
37
+ exclude_fvcall :protected
38
+ exclude_fvcall :private
39
+ exclude_fcall :load
40
+ exclude_fcall :require
41
+ end
42
+ end
43
+
44
+ [
45
+ '1 + 1',
46
+ 'puts "toto"',
47
+ "class Toto < Testy::Tasty\nend",
48
+ "class Toto < Testy::Tasty; end"
49
+ ].each do |code|
50
+
51
+ it "doesn't block #{code.inspect}" do
52
+ lambda { tc.check(code) }.should_not raise_error
53
+ end
54
+ end
55
+
56
+ [
57
+ "exit",
58
+ "puts $BATEAU",
59
+ "abort",
60
+ "abort; puts 'ok'",
61
+ "puts 'ok'; abort",
62
+
63
+ "exit 0",
64
+ "system('whatever')",
65
+
66
+ "alias :a :b",
67
+ "alias_method :a, :b",
68
+
69
+ "File.open('x')",
70
+ "FileUtils.rm('x')",
71
+
72
+ "eval 'nada'",
73
+ "M.module_eval 'nada'",
74
+ "o.instance_eval 'nada'",
75
+
76
+ "class String\nend",
77
+ "module Whatever\nend",
78
+ "class << e\nend",
79
+
80
+ "class String; end",
81
+ "module Whatever; end",
82
+ "class << e; end",
83
+
84
+ "at_exit { puts 'over.' }",
85
+ "Kernel.at_exit { puts 'over.' }"
86
+ ].each do |code|
87
+
88
+ it "blocks #{code.inspect}" do
89
+ lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
90
+ end
91
+ end
92
+ end
93
+ end
94
+
data/spec/spec_base.rb ADDED
@@ -0,0 +1,17 @@
1
+
2
+ require 'fileutils'
3
+
4
+ $:.unshift(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib')))
5
+
6
+ require 'rufus-treechecker'
7
+
8
+
9
+ #
10
+ # rspec helpers
11
+
12
+ #Dir[File.join(File.dirname(__FILE__), 'support/*.rb')].each { |f| require(f) }
13
+ #
14
+ #RSpec.configure do |config|
15
+ # #config.include DollarHelper
16
+ #end
17
+