RubyGems - rufus-treechecker - Versions diffs - 1.0.3 → 1.0.4 - Mend

rufus-treechecker 1.0.3 → 1.0.4

Files changed (20) hide show

data/CHANGELOG.txt +29 -0
data/CREDITS.txt +6 -0
data/LICENSE.txt +21 -0
data/README.txt +25 -25
data/Rakefile +83 -0
data/lib/rufus/tree_checker.rb +3 -0
data/lib/rufus/treechecker.rb +52 -72
data/lib/rufus-tree_checker.rb +3 -0
data/rufus-treechecker.gemspec +31 -0
data/spec/high_spec.rb +303 -0
data/spec/low_spec.rb +199 -0
data/spec/misc_spec.rb +44 -0
data/spec/ruleset_spec.rb +94 -0
data/spec/spec_base.rb +17 -0
metadata +70 -25
data/test/ft_0_basic.rb +0 -253
data/test/ft_1_old_treechecker.rb +0 -72
data/test/ft_2_clone.rb +0 -32
data/test/test.rb +0 -5
data/test/testmixin.rb +0 -31

data/spec/high_spec.rb ADDED Viewed

@@ -0,0 +1,303 @@
+#
+# Specifying rufus-treechecker
+#
+# Wed Dec 22 15:49:08 JST 2010
+#
+require File.join(File.dirname(__FILE__), 'spec_base')
+describe Rufus::TreeChecker do
+  describe 'exclude_global_vars' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_global_vars
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      "$ENV",
+      "$ENV = {}",
+      "$ENV['HOME'] = 'away'"
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_alias' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_alias
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'alias a b',
+      'alias :a :b',
+      'alias_method :a, :b',
+      'alias_method "a", "b"'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_class_tinkering' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_class_tinkering
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'class << instance; def length; 3; end; end',
+      'class Toto; end',
+      'class Alpha::Toto; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_class_tinkering :except => [ String ]' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_class_tinkering :except => [ String, Rufus::TreeChecker ]
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'class S2 < String; def length; 3; end; end',
+      'class Toto < Rufus::TreeChecker; def length; 3; end; end',
+    ].each do |code|
+      it "doesn't block '#{code}'" do
+        lambda { tc.check(code) }.should_not raise_error
+      end
+    end
+    [
+      'class String; def length; 3; end; end',
+      'class Toto; end',
+      'class Alpha::Toto; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_module_tinkering' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_module_tinkering
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'module Alpha; end',
+      'module Momo::Alpha; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_eval' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_eval
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'eval("code")',
+      'Kernel.eval("code")',
+      'toto.instance_eval("code")',
+      'Toto.module_eval("code")'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_backquotes' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_backquotes
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      '`kill -9 whatever`'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_raise' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_raise
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'Kernel.puts "error"'
+    ].each do |code|
+      it "doesn't block '#{code}'" do
+        lambda { tc.check(code) }.should_not raise_error
+      end
+    end
+    [
+      'raise',
+      'raise "error"',
+      'Kernel.raise',
+      'Kernel.raise "error"',
+      'throw',
+      'throw :halt'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_rebinding' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_call_to :class
+        exclude_rebinding Kernel, Rufus::TreeChecker
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'k = Kernel',
+      'k = ::Kernel',
+      'c = Rufus::TreeChecker',
+      'c = ::Rufus::TreeChecker',
+      's = "".class'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_access_to(File)' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_access_to File
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'f = File',
+      'f = ::File',
+      'File.read "hello.txt"',
+      '::File.read "hello.txt"'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+end

data/spec/low_spec.rb ADDED Viewed

@@ -0,0 +1,199 @@
+#
+# Specifying rufus-treechecker
+#
+# Wed Dec 22 15:49:08 JST 2010
+#
+require File.join(File.dirname(__FILE__), 'spec_base')
+describe Rufus::TreeChecker do
+  describe 'exclude_call_to(:exit)' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        #exclude_vcall :abort
+        #exclude_fcall :abort
+        exclude_call_to :abort
+        #exclude_fvcall :exit, :exit!
+        exclude_call_to :exit
+        exclude_call_to :exit!
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    %w[
+      exit exit() exit(1)
+      exit! exit!() exit!(1)
+      Kernel.exit Kernel.exit() Kernel.exit(1)
+      ::Kernel.exit ::Kernel.exit() ::Kernel.exit(1)
+      abort abort() abort("damn!")
+      Kernel.abort Kernel.abort() Kernel.abort(1)
+      ::Kernel.abort ::Kernel.abort() ::Kernel.abort(1)
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_call_on' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_call_on File, FileUtils
+        exclude_call_on IO
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'data = File.read("surf.txt")',
+      'f = File.new("surf.txt")',
+      'FileUtils.rm_f("bondzoi.txt")',
+      'IO.foreach("testfile") {|x| print "GOT ", x }'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_def' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_def
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'def drink; "water"; end',
+      'class Toto; def drink; "water"; end; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_fvccall (public/protected/private)' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_fvccall :public
+        exclude_fvccall :protected
+        exclude_fvccall :private
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'public',
+      'public :surf',
+      'class Toto; public :car; end',
+      'private',
+      'private :surf',
+      'class Toto; private :car; end'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'exclude_head' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_head [ :block ]
+        exclude_head [ :lasgn ]
+        exclude_head [ :dasgn_curr ]
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'a; b; c',
+      'lambda { a; b; c }',
+      'a = 2',
+      'lambda { a = 2 }'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+  describe 'at_root { }' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        at_root do
+          exclude_head [ :block ]
+          exclude_head [ :lasgn ]
+        end
+      end
+    end
+    it 'does not block "1 + 1"' do
+      lambda { tc.check("1 + 1") }.should_not raise_error
+    end
+    [
+      'lambda { a; b; c }',
+      'lambda { a = 2 }'
+    ].each do |code|
+      it "doesn't block '#{code}'" do
+        lambda { tc.check(code) }.should_not raise_error
+      end
+    end
+    [
+      'a; b; c',
+      'a = 2'
+    ].each do |code|
+      it "blocks '#{code}'" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+end

data/spec/misc_spec.rb ADDED Viewed

@@ -0,0 +1,44 @@
+#
+# Specifying rufus-treechecker
+#
+# Wed Dec 22 16:58:11 JST 2010
+#
+require File.join(File.dirname(__FILE__), 'spec_base')
+describe Rufus::TreeChecker do
+  describe '.parse' do
+    it 'returns the AST as an array' do
+      Rufus::TreeChecker.parse('1 + 1').should ==
+        [ :call, [ :lit, 1 ], :+, [ :arglist, [ :lit, 1 ] ] ]
+    end
+  end
+  describe '.clone' do
+    it "returns a copy of the TreeChecker" do
+      tc0 = Rufus::TreeChecker.new do
+        exclude_fvccall :abort
+      end
+      tc1 = tc0.clone
+      class << tc0
+        attr_reader :set, :root_set
+      end
+      class << tc1
+        attr_reader :set, :root_set
+      end
+      tc1.set.object_id.should_not == tc0.set.object_id
+      tc1.root_set.object_id.should_not == tc0.root_set.object_id
+    end
+  end
+end

data/spec/ruleset_spec.rb ADDED Viewed

@@ -0,0 +1,94 @@
+#
+# Specifying rufus-treechecker
+#
+# Wed Dec 22 17:06:17 JST 2010
+#
+require File.join(File.dirname(__FILE__), 'spec_base')
+module Testy
+  class Tasty
+  end
+end
+describe Rufus::TreeChecker do
+  context 'as a [complete] ruleset' do
+    let :tc do
+      Rufus::TreeChecker.new do
+        exclude_fvccall :abort
+        exclude_fvccall :exit, :exit!
+        exclude_fvccall :system
+        exclude_fvccall :at_exit
+        exclude_eval
+        exclude_alias
+        exclude_global_vars
+        exclude_call_on File, FileUtils
+        exclude_class_tinkering :except => Testy::Tasty
+        exclude_module_tinkering
+        exclude_fvcall :public
+        exclude_fvcall :protected
+        exclude_fvcall :private
+        exclude_fcall :load
+        exclude_fcall :require
+      end
+    end
+    [
+      '1 + 1',
+      'puts "toto"',
+      "class Toto < Testy::Tasty\nend",
+      "class Toto < Testy::Tasty; end"
+    ].each do |code|
+      it "doesn't block #{code.inspect}" do
+        lambda { tc.check(code) }.should_not raise_error
+      end
+    end
+    [
+      "exit",
+      "puts $BATEAU",
+      "abort",
+      "abort; puts 'ok'",
+      "puts 'ok'; abort",
+      "exit 0",
+      "system('whatever')",
+      "alias :a :b",
+      "alias_method :a, :b",
+      "File.open('x')",
+      "FileUtils.rm('x')",
+      "eval 'nada'",
+      "M.module_eval 'nada'",
+      "o.instance_eval 'nada'",
+      "class String\nend",
+      "module Whatever\nend",
+      "class << e\nend",
+      "class String; end",
+      "module Whatever; end",
+      "class << e; end",
+      "at_exit { puts 'over.' }",
+      "Kernel.at_exit { puts 'over.' }"
+    ].each do |code|
+      it "blocks #{code.inspect}" do
+        lambda { tc.check(code) }.should raise_error(Rufus::SecurityError)
+      end
+    end
+  end
+end

data/spec/spec_base.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'fileutils'
+$:.unshift(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib')))
+require 'rufus-treechecker'
+#
+# rspec helpers
+#Dir[File.join(File.dirname(__FILE__), 'support/*.rb')].each { |f| require(f) }
+#
+#RSpec.configure do |config|
+#  #config.include DollarHelper
+#end