RubyGems - rufus-treechecker - Versions diffs - 1.0.3 → 1.0.4 - Mend

rufus-treechecker 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

data/CHANGELOG.txt +29 -0
data/CREDITS.txt +6 -0
data/LICENSE.txt +21 -0
data/README.txt +25 -25
data/Rakefile +83 -0
data/lib/rufus/tree_checker.rb +3 -0
data/lib/rufus/treechecker.rb +52 -72
data/lib/rufus-tree_checker.rb +3 -0
data/rufus-treechecker.gemspec +31 -0
data/spec/high_spec.rb +303 -0
data/spec/low_spec.rb +199 -0
data/spec/misc_spec.rb +44 -0
data/spec/ruleset_spec.rb +94 -0
data/spec/spec_base.rb +17 -0
metadata +70 -25
data/test/ft_0_basic.rb +0 -253
data/test/ft_1_old_treechecker.rb +0 -72
data/test/ft_2_clone.rb +0 -32
data/test/test.rb +0 -5
data/test/testmixin.rb +0 -31

data/spec/high_spec.rb ADDED Viewed

@@ -0,0 +1,303 @@
+#
+# Specifying rufus-treechecker
+#
+# Wed Dec 22 15:49:08 JST 2010
+#
+require File.join(File.dirname(__FILE__), 'spec_base')
+describe Rufus::TreeChecker do
+  describe 'exclude_global_vars' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_global_vars
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      "$ENV",
+      "$ENV = {}",
+      "$ENV['HOME'] = 'away'"
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_alias' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_alias
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'alias a b',
+      'alias :a :b',
+      'alias_method :a, :b',
+      'alias_method "a", "b"'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_class_tinkering' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_class_tinkering
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'class << instance; def length; 3; end; end',
+      'class Toto; end',
+      'class Alpha::Toto; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_class_tinkering :except => [ String ]' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_class_tinkering :except => [ String, Rufus::TreeChecker ]
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'class S2 < String; def length; 3; end; end',
+      'class Toto < Rufus::TreeChecker; def length; 3; end; end',
+    ].each do |code|
+      it "doesn't block '#{code}'" do
+        lambda { tc.check(code) }.should_not raise_error
+      end
+    end
+    [
+      'class String; def length; 3; end; end',
+      'class Toto; end',
+      'class Alpha::Toto; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_module_tinkering' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_module_tinkering
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'module Alpha; end',
+      'module Momo::Alpha; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_eval' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_eval
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'eval("code")',
+      'Kernel.eval("code")',
+      'toto.instance_eval("code")',
+      'Toto.module_eval("code")'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_backquotes' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_backquotes
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      '`kill -9 whatever`'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_raise' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_raise
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'Kernel.puts "error"'
+    ].each do |code|
+      it "doesn't block '#{code}'" do
+        lambda { tc.check(code) }.should_not raise_error
+      end
+    end
+    [
+      'raise',
+      'raise "error"',
+      'Kernel.raise',
+      'Kernel.raise "error"',
+      'throw',
+      'throw :halt'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_rebinding' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_call_to :class
+        exclude_rebinding Kernel, Rufus::TreeChecker
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'k = Kernel',
+      'k = ::Kernel',
+      'c = Rufus::TreeChecker',
+      'c = ::Rufus::TreeChecker',
+      's = "".class'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_access_to(File)' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_access_to File
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'f = File',
+      'f = ::File',
+      'File.read "hello.txt"',
+      '::File.read "hello.txt"'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+end

data/spec/low_spec.rb ADDED Viewed

@@ -0,0 +1,199 @@
+#
+# Specifying rufus-treechecker
+#
+# Wed Dec 22 15:49:08 JST 2010
+#
+require File.join(File.dirname(__FILE__), 'spec_base')
+describe Rufus::TreeChecker do
+  describe 'exclude_call_to(:exit)' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        #exclude_vcall :abort
+        #exclude_fcall :abort
+        exclude_call_to :abort
+        #exclude_fvcall :exit, :exit!
+        exclude_call_to :exit
+        exclude_call_to :exit!
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    %w[
+      exit exit() exit(1)
+      exit! exit!() exit!(1)
+      Kernel.exit Kernel.exit() Kernel.exit(1)
+      ::Kernel.exit ::Kernel.exit() ::Kernel.exit(1)
+      abort abort() abort("damn!")
+      Kernel.abort Kernel.abort() Kernel.abort(1)
+      ::Kernel.abort ::Kernel.abort() ::Kernel.abort(1)
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_call_on' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_call_on File, FileUtils
+        exclude_call_on IO
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'data = File.read("surf.txt")',
+      'f = File.new("surf.txt")',
+      'FileUtils.rm_f("bondzoi.txt")',
+      'IO.foreach("testfile") {|x| print "GOT ", x }'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_def' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_def
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'def drink; "water"; end',
+      'class Toto; def drink; "water"; end; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_fvccall (public/protected/private)' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_fvccall :public
+        exclude_fvccall :protected
+        exclude_fvccall :private
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'public',
+      'public :surf',
+      'class Toto; public :car; end',
+      'private',
+      'private :surf',
+      'class Toto; private :car; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_head' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_head [ :block ]
+        exclude_head [ :lasgn ]
+        exclude_head [ :dasgn_curr ]
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'a; b; c',
+      'lambda { a; b; c }',
+      'a = 2',
+      'lambda { a = 2 }'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'at_root { }' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        at_root do
+          exclude_head [ :block ]
+          exclude_head [ :lasgn ]
+        end
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'lambda { a; b; c }',
+      'lambda { a = 2 }'
+    ].each do |code|
+      it "doesn't block '#{code}'" do
+        lambda { tc.check(code) }.should_not raise_error
+      end
+    end
+    [
+      'a; b; c',
+      'a = 2'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+end

data/spec/misc_spec.rb ADDED Viewed

@@ -0,0 +1,44 @@
+#
+# Specifying rufus-treechecker
+#
+# Wed Dec 22 16:58:11 JST 2010
+#
+require File.join(File.dirname(__FILE__), 'spec_base')
+describe Rufus::TreeChecker do
+  describe '.parse' do
+    it 'returns the AST as an array' do
+      Rufus::TreeChecker.parse('1 + 1').should ==
+        [ :call, [ :lit, 1 ], :+, [ :arglist, [ :lit, 1 ] ] ]
+    end
+  end
+  describe '.clone' do
+    it "returns a copy of the TreeChecker" do
+      tc0 = Rufus::TreeChecker.new do
+        exclude_fvccall :abort
+      end
+      tc1 = tc0.clone
+      class << tc0
+        attr_reader :set, :root_set
+      end
+      class << tc1
+        attr_reader :set, :root_set
+      end
+      tc1.set.object_id.should_not == tc0.set.object_id
+      tc1.root_set.object_id.should_not == tc0.root_set.object_id
+    end
+  end
+end

data/spec/ruleset_spec.rb ADDED Viewed

@@ -0,0 +1,94 @@
+#
+# Specifying rufus-treechecker
+#
+# Wed Dec 22 17:06:17 JST 2010
+#
+require File.join(File.dirname(__FILE__), 'spec_base')
+module Testy
+  class Tasty
+  end
+end
+describe Rufus::TreeChecker do
+  context 'as a [complete] ruleset' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_fvccall :abort
+        exclude_fvccall :exit, :exit!
+        exclude_fvccall :system
+        exclude_fvccall :at_exit
+        exclude_eval
+        exclude_alias
+        exclude_global_vars
+        exclude_call_on File, FileUtils
+        exclude_class_tinkering :except => Testy::Tasty
+        exclude_module_tinkering
+        exclude_fvcall :public
+        exclude_fvcall :protected
+        exclude_fvcall :private
+        exclude_fcall :load
+        exclude_fcall :require
+      end
+    end
+    [
+      '1 + 1',
+      'puts "toto"',
+      "class Toto < Testy::Tasty\nend",
+      "class Toto < Testy::Tasty; end"
+    ].each do |code|
+      it "doesn't block #{code.inspect}" do
+        lambda { tc.check(code) }.should_not raise_error
+      end
+    end
+    [
+      "exit",
+      "puts $BATEAU",
+      "abort",
+      "abort; puts 'ok'",
+      "puts 'ok'; abort",
+      "exit 0",
+      "system('whatever')",
+      "alias :a :b",
+      "alias_method :a, :b",
+      "File.open('x')",
+      "FileUtils.rm('x')",
+      "eval 'nada'",
+      "M.module_eval 'nada'",
+      "o.instance_eval 'nada'",
+      "class String\nend",
+      "module Whatever\nend",
+      "class << e\nend",
+      "class String; end",
+      "module Whatever; end",
+      "class << e; end",
+      "at_exit { puts 'over.' }",
+      "Kernel.at_exit { puts 'over.' }"
+    ].each do |code|
+      it "blocks #{code.inspect}" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+end

data/spec/spec_base.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'fileutils'
+$:.unshift(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib')))
+require 'rufus-treechecker'
+#
+# rspec helpers
+#Dir[File.join(File.dirname(__FILE__), 'support/*.rb')].each { |f| require(f) }
+#
+#RSpec.configure do |config|
+#  #config.include DollarHelper
+#end