rufus-treechecker 1.0

data/README.txt

@@ -0,0 +1,96 @@
+
+= 'rufus-treechecker'
+
+== what is it ?
+
+Initialize a Rufus::TreeChecker and pass some ruby code to make sure it's safe before calling eval().
+
+
+== getting it
+
+    sudo gem install -y rufus-treechecker
+
+or download[http://rubyforge.org/frs/?group_id=4812] it from RubyForge.
+
+
+== usage
+
+The treechecker uses ruby_parser (http://rubyforge.org/projects/parsetree)
+to turn Ruby code into s-expressions, the treechecker then 
+checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern 
+is spotted.
+
+The excluded patterns are defined at the initialization of the TreeChecker
+instance by listing rules.
+
+    require 'rubygems'
+    require 'rufus-treechecker'
+
+    tc = Rufus::TreeChecker.new do
+      exclude_fvcall :abort
+      exclude_fvcall :exit, :exit!
+    end
+    
+    tc.check("1 + 1; abort")               # will raise a SecurityError
+    tc.check("puts (1..10).to_a.inspect")  # OK
+
+
+Nice, but how do I know what to exclude ?
+
+    require 'rubygems'
+    require 'rufus-treechecker'
+
+    Rufus::TreeChecker.new.ptree('a = 5 + 6; puts a')
+
+will yield
+
+    "a = 5 + 6; puts a"
+     => 
+     [:block, 
+       [:lasgn, :a, [:call, [:lit, 5], :+, [:array, [:lit, 6]]]], 
+       [:fcall, :puts, [:array, [:lvar, :a]]]
+     ]
+
+
+For more documentation, see http://github.com/jmettraux/rufus-treechecker/tree/master/lib/rufus/treechecker.rb
+
+
+== dependencies
+
+the 'rogue-parser' gem
+
+
+== mailing list
+
+On the Rufus-Ruby list[http://groups.google.com/group/rufus-ruby] :
+
+    http://groups.google.com/group/rufus-ruby
+
+
+== issue tracker
+
+    http://rubyforge.org/tracker/?atid=18584&group_id=4812&func=browse
+
+
+== source
+
+http://github.com/jmettraux/rufus-treechecker
+
+    git clone git://github.com/jmettraux/rufus-treechecker.git
+
+
+== author
+
+John Mettraux, jmettraux@gmail.com,
+http://jmettraux.wordpress.com
+
+
+== the rest of Rufus
+
+http://rufus.rubyforge.org
+
+
+== license
+
+MIT
+

data/lib/rufus/treechecker.rb

@@ -0,0 +1,529 @@
+#
+#--
+# Copyright (c) 2008, John Mettraux, jmettraux@gmail.com
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#++
+#
+
+#
+# "made in Japan" (as opposed to "swiss made")
+#
+
+require 'ruby_parser' # gem 'rogue_parser'
+
+
+module Rufus
+
+  #
+  # Instances of this error class are thrown when the ruby code being
+  # checked contains exclude stuff
+  #
+  class SecurityError < RuntimeError
+  end
+
+  #
+  # TreeChecker relies on ruby_parser to turns a piece of ruby code (a string)
+  # into a bunch of sexpression and then TreeChecker will check that
+  # sexpression tree and raise a Rufus::SecurityException if an excluded
+  # pattern is spotted.
+  #
+  # The TreeChecker is meant to be useful for people writing DSLs directly
+  # in Ruby (not via their own parser) that want to check and prevent
+  # bad things from happening in this code.
+  #
+  #   tc = Rufus::TreeChecker.new do
+  #     exclude_fvcall :abort
+  #     exclude_fvcall :exit, :exit!
+  #   end
+  #
+  #   tc.check("1 + 1; abort")               # will raise a SecurityError
+  #   tc.check("puts (1..10).to_a.inspect")  # OK
+  #
+  #
+  # == featured exclusion methods
+  #
+  # === call / vcall / fcall ?
+  #
+  # What the difference between those ? Well, here is how those various piece
+  # of code look like :
+  #
+  #   "exit"          => [:vcall, :exit]
+  #   "Kernel.exit"   => [:call, [:const, :Kernel], :exit]
+  #   "Kernel::exit"  => [:call, [:const, :Kernel], :exit]
+  #   "k.exit"        => [:call, [:vcall, :k], :exit]
+  #   "exit -1"       => [:fcall, :exit, [:array, [:lit, -1]]]
+  #
+  # Obviously :fcall could be labelled as "function call", :call is a call
+  # on to some instance, while vcall might either be a variable dereference
+  # or a function call with no arguments.
+  #
+  # === low-level rules
+  #
+  # - exclude_symbol : bans the usage of a given symbol (very low-level,
+  #                    mostly used by other rules
+  # - exclude_head
+  # - exclude_fcall
+  # - exclude_vcall
+  # - exclude_fvcall
+  # - exclude_fvkcall
+  # - exclude_call_on
+  # - exclude_call_to
+  # - exclude_def
+  # - exclude_class_tinkering
+  # - exclude_module_tinkering
+  #
+  # - at_root
+  #
+  # === higher level rules
+  #
+  # Those rules take no arguments
+  #
+  # - exclude_eval : bans eval, module_eval and instance_eval
+  # - exclude_global_vars : bans calling or modifying global vars
+  # - exclude_alias : bans calls to alias and alias_method
+  # - exclude_vm_exiting : bans exit, abort, ...
+  # - exclude_raise : bans calls to raise or throw
+  #
+  #
+  # == a bit further
+  #
+  # It's possible to clone a TreeChecker and to add some more rules to it :
+  #
+  #   tc0 = Rufus::TreeChecker.new do
+  #     #
+  #     # calls to eval, module_eval and instance_eval are not allowed
+  #     #
+  #     exclude_eval
+  #   end
+  #
+  #   tc1 = tc0.clone
+  #   tc1.add_rules do
+  #     #
+  #     # calls to any method on File and FileUtils classes are not allowed
+  #     #
+  #     exclude_call_on File, FileUtils
+  #   end
+  #
+  class TreeChecker
+
+    VERSION = '1.0'
+
+    #
+    # pretty-prints the sexp tree of the given rubycode
+    #
+    def ptree (rubycode)
+      puts
+      puts rubycode.inspect
+      puts " => "
+      puts parse(rubycode).inspect
+    end
+
+    #
+    # initializes the TreeChecker, expects a block
+    #
+    def initialize (&block)
+
+      @root_checks = []
+      @checks = []
+
+      @current_checks = @checks
+
+      add_rules(&block)
+    end
+
+    def to_s
+      p self.class
+      puts '  root_checks :'
+      puts @root_checks.collect { |r| r.inspect }.join("\n")
+      puts '  checks :'
+      puts @checks.collect { |r| r.inspect }.join("\n")
+    end
+
+    #
+    # Performs the check on the given String of ruby code. Will raise a
+    # Rufus::SecurityError if there is something excluded by the rules
+    # specified at the initialization of the TreeChecker instance.
+    #
+    def check (rubycode)
+
+      sexp = parse(rubycode)
+
+      @root_checks.each do |meth, *args|
+        send meth, sexp, args
+      end
+
+      do_check(sexp)
+    end
+
+    #
+    # return a copy of this TreeChecker instance
+    #
+    def clone
+
+      copy = TreeChecker.new
+      copy.instance_variable_set(:@checks, @checks.dup)
+      copy
+    end
+
+    #
+    # adds a set of checks (rules) to this treechecker. Returns self.
+    #
+    def add_rules (&block)
+
+      instance_eval(&block) if block
+
+      self
+    end
+
+    #
+    # freezes the treechecker instance "in depth"
+    #
+    def freeze
+      super
+      @root_checks.freeze
+      @root_checks.each { |c| c.freeze }
+      @checks.freeze
+      @checks.each { |c| c.freeze }
+    end
+
+    #
+    # generates a 'classic' tree checker
+    #
+    # Here is how it's built :
+    #
+    #    return TreeChecker.new do
+    #      exclude_fvkcall :abort
+    #      exclude_fvkcall :exit, :exit!
+    #      exclude_fvkcall :system
+    #      exclude_eval
+    #      exclude_alias
+    #      exclude_global_vars
+    #      exclude_call_on File, FileUtils
+    #      exclude_class_tinkering
+    #      exclude_module_tinkering
+    #    end
+    #
+    def self.new_classic_tree_checker
+
+      return TreeChecker.new do
+        exclude_fvkcall :abort
+        exclude_fvkcall :exit, :exit!
+        exclude_fvkcall :system
+        exclude_eval
+        exclude_alias
+        exclude_global_vars
+        exclude_call_on File, FileUtils
+        exclude_class_tinkering
+        exclude_module_tinkering
+      end
+    end
+
+    protected
+
+    #--
+    # the methods used to define the checks
+    #++
+
+    #
+    # within the 'at_root' block, rules are added to the @root_checks, ie
+    # they are evaluated only for the toplevel (root) sexp.
+    #
+    def at_root (&block)
+
+      @current_checks = @root_checks
+      add_rules(&block)
+      @current_checks = @checks
+    end
+
+    #
+    # adds a rule that will forbid sexps that begin with the given head
+    #
+    #     tc = TreeChecker.new do
+    #       exclude_head [ :block ]
+    #     end
+    #
+    #     tc.check('a = 2')         # ok
+    #     tc.check('a = 2; b = 5')  # will raise an error as it's a block
+    #
+    def exclude_head (head, message=nil)
+
+      @current_checks << [ :do_exclude_head, head, message ]
+    end
+
+    [
+      :exclude_symbol,
+      :exclude_fcall,
+      :exclude_vcall,
+      :exclude_fvcall,
+      :exclude_fvkcall,
+      :exclude_call_on,
+      :exclude_call_to
+
+    ].each do |m|
+      class_eval <<-EOS
+        def #{m} (*args)
+
+          message = args.last.is_a?(String) ? args.pop : nil
+
+          args.each do |a| 
+
+            a = [ Class, Module ].include?(a.class) ? \
+              parse(a.to_s) : a.to_sym
+
+            @current_checks << [ :do_#{m}, a, message ]
+          end
+        end
+      EOS
+    end
+
+    #
+    # bans method definitions
+    #
+    def exclude_def
+
+      @current_checks << [
+        :do_exclude_symbol, :defn, 'method definitions are forbidden' ]
+    end
+
+    #
+    # bans the defintion and the [re]openening of classes
+    #
+    # a list of exceptions (classes) can be passed. Subclassing those
+    # exceptions is permitted.
+    #
+    def exclude_class_tinkering (*exceptions)
+
+      #
+      # :class
+
+      @current_checks << [
+        :do_exclude_class_tinkering
+      ] + exceptions.collect { |e| parse(e.to_s) }
+
+      #
+      # :sclass
+
+      @current_checks << [
+        :do_exclude_symbol,
+        :sclass,
+        'opening the metaclass of an instance is forbidde'
+      ]
+    end
+
+    #
+    # bans the definition or the opening of modules
+    #
+    def exclude_module_tinkering
+
+      @current_checks << [
+        :do_exclude_symbol, :module, 'defining or opening a module is forbidden'
+      ]
+    end
+
+    #
+    # bans referencing or setting the value of global variables
+    #
+    def exclude_global_vars
+
+      @current_checks << [
+        :do_exclude_symbol, :gvar, "global vars are forbidden" ]
+      @current_checks << [
+        :do_exclude_symbol, :gasgn, "global vars are forbidden" ]
+    end
+
+    #
+    # bans the usage of 'alias'
+    #
+    def exclude_alias
+
+      @current_checks << [
+        :do_exclude_symbol, :alias, "'alias' is forbidden" ]
+      @current_checks << [
+        :do_exclude_symbol, :alias_method, "'alias_method' is forbidden" ]
+    end
+
+    #
+    # bans the use of 'eval', 'module_eval' and 'instance_eval'
+    #
+    def exclude_eval
+
+      @current_checks << [
+        :do_exclude_fcall,
+        :eval,
+        "eval() is forbidden" ]
+      @current_checks << [
+        :do_exclude_call_to,
+        :instance_eval,
+        "instance_eval() is forbidden" ]
+      @current_checks << [
+        :do_exclude_call_to,
+        :module_eval,
+        "module_eval() is forbidden" ]
+    end
+
+    #
+    # bans the use of backquotes
+    #
+    def exclude_backquotes
+      @current_checks << [
+        :do_exclude_symbol, :xstr, "backquotes are forbidden" ]
+    end
+
+    #
+    # bans raise and throw
+    #
+    def exclude_raise
+
+      @current_checks << [ :do_exclude_fvkcall, :raise, "raise is forbidden" ]
+      @current_checks << [ :do_exclude_fvkcall, :throw, "throw is forbidden" ]
+    end
+
+    #
+    # the actual check method, check() is rather a bootstrap one...
+    #
+    def do_check (sexp)
+
+      @checks.each do |exclusion_method, *args|
+        send exclusion_method, sexp, args
+      end
+
+      return unless sexp.is_a?(Array) # check over, seems fine...
+
+      # check children
+
+      sexp.each { |c| do_check c }
+    end
+
+    #
+    # the methods that actually perform the checks
+    # (and potentially raise security exceptions)
+
+    #
+    # constructs a new set of arguments by inserting the newhead at the
+    # beginning of the arguments
+    #
+    def cons (newhead, args)
+
+      newhead = Array(newhead)
+      newhead << args[0]
+
+      [ newhead ] + (args[1, -1] || [])
+    end
+
+    def do_exclude_fcall (sexp, args)
+
+      do_exclude_head(sexp, cons(:fcall, args))
+    end
+
+    def do_exclude_vcall (sexp, args)
+
+      do_exclude_head(sexp, cons(:vcall, args))
+    end
+
+    #
+    # excludes :fcall and :vcall
+    #
+    def do_exclude_fvcall (sexp, args)
+
+      do_exclude_fcall(sexp, args)
+      do_exclude_vcall(sexp, args)
+    end
+
+    #
+    # excludes :fcall and :vcall and :call on Kernel
+    #
+    def do_exclude_fvkcall (sexp, args)
+
+      do_exclude_fvcall(sexp, args)
+      do_exclude_head(sexp, cons([ :call, [ :const, :Kernel ] ], args))
+    end
+
+    #
+    # raises a Rufus::SecurityError if the sexp is a reference to
+    # a certain symbol (like :gvar or :alias).
+    #
+    def do_exclude_symbol (sexp, args)
+
+      raise SecurityError.new(
+        args[1] || "symbol :#{excluded_symbol} is forbidden"
+      ) if sexp == args[0]
+    end
+
+    #
+    # raises a security error if the sexp is a call on a given constant or
+    # module (class)
+    #
+    def do_exclude_call_on (sexp, args)
+
+      do_exclude_head(sexp, [ [:call, args[0]] ] + (args[1, -1] || []))
+    end
+
+    #
+    # raises a security error if a call to a given method of any instance
+    # is found
+    #
+    def do_exclude_call_to (sexp, args)
+
+      return unless sexp.is_a?(Array)
+
+      raise SecurityError.new(
+        args[1] || "calls to '#{args[0]}' are forbidden"
+      ) if sexp[0] == :call and sexp[2] == args[0]
+    end
+
+    def do_exclude_head (sexp, args)
+
+      return unless sexp.is_a?(Array)
+
+      head = args[0]
+
+      raise SecurityError.new(
+        args[1] || "#{head.inspect} is forbidden"
+      ) if sexp[0, head.length] == head
+    end
+
+    def do_exclude_class_tinkering (sexp, args)
+
+      return unless sexp.is_a?(Array) # lonely symbols are not class definitions
+
+      return unless sexp[0] == :class
+
+      raise SecurityError.new(
+        'defining or opening a class is forbidden'
+      ) if args.length == 0 or ( ! args.include?(sexp[2]))
+        #
+        # raise error if there are no exceptions or
+        # if the parent class is not a member of the exception list
+    end
+
+    #
+    # a simple parse (relies on ruby_parser currently)
+    #
+    def parse (rubycode)
+
+      #(@parser ||= RubyParser.new).parse(rubycode).to_a
+        #
+        # parser goes ballistic after a while, seems having a new parser
+        # each is not heavy at all
+
+      RubyParser.new.parse(rubycode).to_a
+    end
+  end
+end

data/test/ft_0_basic.rb

@@ -0,0 +1,241 @@
+
+#
+# Testing rufus-treechecker
+#
+# jmettraux at gmail.org
+#
+# Fri Aug 29 10:13:33 JST 2008
+#
+
+require 'testmixin'
+
+
+class BasicTest < Test::Unit::TestCase
+  include TestMixin
+
+
+  def test_0
+
+    tc = Rufus::TreeChecker.new do
+      exclude_vcall :abort
+      exclude_fcall :abort
+      exclude_fvcall :exit, :exit!
+      exclude_call_to :exit
+    end
+
+    assert_nok(tc, 'exit')
+    assert_nok(tc, 'exit()')
+    assert_nok(tc, 'exit!')
+    assert_nok(tc, 'abort')
+    assert_nok(tc, 'abort()')
+    assert_nok(tc, 'Kernel.exit')
+    assert_nok(tc, 'Kernel.exit()')
+    assert_nok(tc, 'Kernel::exit')
+    assert_nok(tc, 'Kernel::exit()')
+    assert_nok(tc, '::Kernel.exit')
+
+    assert_ok(tc, '1 + 1')
+  end
+
+  def test_0b_vm_exiting
+
+    # TODO : implement me !
+  end
+
+  def test_1_global_vars
+
+    tc = Rufus::TreeChecker.new do
+      exclude_global_vars
+    end
+
+    assert_nok(tc, '$ENV')
+    assert_nok(tc, '$ENV = {}')
+    assert_nok(tc, "$ENV['HOME'] = 'away'")
+  end
+
+  def test_2_aliases
+
+    tc = Rufus::TreeChecker.new do
+      exclude_alias
+    end
+
+    assert_nok(tc, 'alias :a :b')
+  end
+
+  def test_3_exclude_calls_on
+
+    tc = Rufus::TreeChecker.new do
+      exclude_call_on File, FileUtils
+      exclude_call_on IO
+    end
+
+    assert_nok(tc, 'data = File.read("surf.txt")')
+    assert_nok(tc, 'f = File.new("surf.txt")')
+    assert_nok(tc, 'FileUtils.rm_f("bondzoi.txt")')
+    assert_nok(tc, 'IO.foreach("testfile") {|x| print "GOT ", x }')
+  end
+
+  def test_4_exclude_def
+
+    tc = Rufus::TreeChecker.new do
+      exclude_def
+    end
+
+    assert_nok(tc, 'def drink; "water"; end')
+    assert_nok(tc, 'class Toto; def drink; "water"; end; end')
+  end
+
+  def test_5_exclude_class_tinkering
+
+    tc = Rufus::TreeChecker.new do
+      exclude_class_tinkering
+    end
+
+    assert_nok(tc, 'class << instance; def length; 3; end; end')
+    assert_nok(tc, 'class Toto; end')
+    assert_nok(tc, 'class Alpha::Toto; end')
+  end
+
+  def test_5b_exclude_class_tinkering_with_exceptions
+
+    tc = Rufus::TreeChecker.new do
+      exclude_class_tinkering String, Rufus::TreeChecker
+    end
+
+    assert_nok(tc, 'class String; def length; 3; end; end')
+
+    assert_ok(tc, 'class S2 < String; def length; 3; end; end')
+    assert_ok(tc, 'class Toto < Rufus::TreeChecker; def length; 3; end; end')
+
+    assert_nok(tc, 'class Toto; end')
+    assert_nok(tc, 'class Alpha::Toto; end')
+  end
+
+  def test_5c_exclude_class_tinkering_with_exceptions
+
+    tc = Rufus::TreeChecker.new do
+      exclude_class_tinkering 'String', 'Rufus::TreeChecker'
+    end
+
+    assert_nok(tc, 'class String; def length; 3; end; end')
+
+    assert_ok(tc, 'class S2 < String; def length; 3; end; end')
+    assert_ok(tc, 'class Toto < Rufus::TreeChecker; def length; 3; end; end')
+
+    assert_nok(tc, 'class Toto; end')
+    assert_nok(tc, 'class Alpha::Toto; end')
+  end
+
+  def test_6_exclude_module_tinkering
+
+    tc = Rufus::TreeChecker.new do
+      exclude_module_tinkering
+    end
+
+    assert_nok(tc, 'module Alpha; end')
+    assert_nok(tc, 'module Momo::Alpha; end')
+  end
+
+  def test_7_exclude_eval
+
+    tc = Rufus::TreeChecker.new do
+      exclude_eval
+    end
+
+    assert_nok(tc, 'eval("code")')
+    assert_nok(tc, 'toto.instance_eval("code")')
+    assert_nok(tc, 'Toto.module_eval("code")')
+  end
+
+  def test_8_exclude_backquotes
+
+    tc = Rufus::TreeChecker.new do
+      exclude_backquotes
+    end
+
+    assert_nok(tc, '`kill -9 whatever`')
+  end
+
+  def test_9_exclude_raise_and_throw
+
+    tc = Rufus::TreeChecker.new do
+      exclude_raise
+    end
+
+    assert_nok(tc, 'raise')
+    assert_nok(tc, 'raise "error"')
+    assert_nok(tc, 'Kernel.raise')
+    assert_nok(tc, 'Kernel.raise "error"')
+    assert_ok(tc, 'Kernel.puts "error"')
+    assert_nok(tc, 'throw')
+    assert_nok(tc, 'throw :halt')
+  end
+
+  def test_10_exclude_public
+
+    tc = Rufus::TreeChecker.new do
+      exclude_fvcall :public
+      exclude_fvcall :protected
+      exclude_fvcall :private
+    end
+
+    assert_nok(tc, 'public')
+    assert_nok(tc, 'public :surf')
+    assert_nok(tc, 'class Toto; public :car; end')
+    assert_nok(tc, 'private')
+    assert_nok(tc, 'private :surf')
+    assert_nok(tc, 'class Toto; private :car; end')
+  end
+
+  def test_11_is_not
+
+    tc = Rufus::TreeChecker.new do
+      exclude_head [ :block ]
+      exclude_head [ :lasgn ]
+      exclude_head [ :dasgn_curr ]
+    end
+
+    assert_nok(tc, 'a; b; c')
+    assert_nok(tc, 'lambda { a; b; c }')
+
+    assert_nok(tc, 'a = 2')
+    assert_nok(tc, 'lambda { a = 2 }')
+  end
+
+  def test_12_at_root
+
+    tc = Rufus::TreeChecker.new do
+      at_root do
+        exclude_head [ :block ]
+        exclude_head [ :lasgn ]
+      end
+    end
+
+    assert_nok(tc, 'a; b; c')
+    assert_ok(tc, 'lambda { a; b; c }')
+
+    assert_nok(tc, 'a = 2')
+    assert_ok(tc, 'lambda { a = 2 }')
+  end
+
+  def test_12_freeze
+
+    # TODO : are there some rules with composite values ?
+    #        can't remember of any :(
+  end
+
+  #def test_X
+  #  tc = Rufus::TreeChecker.new do
+  #  end
+  #  #tc.ptree 'load "surf"'
+  #  tc.ptree 'class Toto; load "nada"; end'
+  #  tc.ptree 'class Toto; def m; load "nada"; end; end'
+  #  tc.ptree 'class << toto; def m; load "nada"; end; end'
+  #  #tc.ptree 'lambda { a; b; c }'
+  #  #tc.ptree 'lambda { a = c }'
+  #  #tc.ptree 'c = 0; a = c'
+  #  #tc.ptree 'c = a = 0'
+  #  tc.ptree 'a = 5 + 6; puts a'
+  #end
+end
+

data/test/ft_1_old_treechecker.rb

@@ -0,0 +1,72 @@
+
+#
+# Testing rufus-treechecker
+#
+# jmettraux at gmail.org
+#
+# Fri Aug 29 10:13:33 JST 2008
+#
+
+require 'testmixin'
+
+module Testy
+  class Tasty
+  end
+end
+
+class OldTreeCheckerTest < Test::Unit::TestCase
+  include TestMixin
+
+
+  def test_0
+
+    tc = Rufus::TreeChecker.new do
+      exclude_fvkcall :abort
+      exclude_fvkcall :exit, :exit!
+      exclude_fvkcall :system
+      exclude_eval
+      exclude_alias
+      exclude_global_vars
+      exclude_call_on File, FileUtils
+      exclude_class_tinkering Testy::Tasty
+      exclude_module_tinkering
+
+      exclude_fvcall :public
+      exclude_fvcall :protected
+      exclude_fvcall :private
+      exclude_fcall :load
+      exclude_fcall :require
+    end
+
+    assert_nocompile tc, "def surf }"
+
+    assert_ok tc, "puts 'toto'"
+
+    assert_nok tc, "exit"
+    assert_nok tc, "puts $BATEAU"
+    assert_nok tc, "abort"
+    assert_nok tc, "abort; puts 'ok'"
+    assert_nok tc, "puts 'ok'; abort"
+
+    assert_nok tc, "exit 0"
+    assert_nok tc, "system('whatever')"
+
+    assert_nok tc, "alias :a :b"
+    assert_nok tc, "alias_method :a, :b"
+
+    assert_nok tc, "File.open('x')"
+    assert_nok tc, "FileUtils.rm('x')"
+
+    assert_nok tc, "eval 'nada'"
+    assert_nok tc, "M.module_eval 'nada'"
+    assert_nok tc, "o.instance_eval 'nada'"
+
+    assert_ok tc, "puts 'toto'"
+
+    assert_ok tc, "class Toto < Testy::Tasty\nend"
+    assert_nok tc, "class String\nend"
+    assert_nok tc, "module Whatever\nend"
+    assert_nok tc, "class << e\nend"
+  end
+end
+

data/test/test.rb

@@ -0,0 +1,4 @@
+
+require 'ft_0_basic'
+require 'ft_1_old_treechecker'
+

data/test/testmixin.rb

@@ -0,0 +1,31 @@
+
+#
+# Testing rufus-treechecker
+#
+# jmettraux at gmail.org
+#
+# Fri Aug 29 18:30:03 JST 2008
+#
+
+require 'test/unit'
+require 'rubygems'
+require 'rufus/treechecker'
+
+
+module TestMixin
+
+  def assert_ok (tc, rubycode)
+    tc.check(rubycode)
+  end
+  def assert_nok (tc, rubycode)
+    assert_raise Rufus::SecurityError do
+      tc.check(rubycode)
+    end
+  end
+  def assert_nocompile (tc, rubycode)
+    assert_raise Racc::ParseError do
+      tc.check(rubycode)
+    end
+  end
+end
+

metadata

@@ -0,0 +1,68 @@
+--- !ruby/object:Gem::Specification 
+name: rufus-treechecker
+version: !ruby/object:Gem::Version 
+  version: "1.0"
+platform: ruby
+authors: 
+- John Mettraux
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2008-09-01 00:00:00 +09:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rogue_parser
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: 
+email: john at openwfe dot org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.txt
+files: 
+- lib/rufus
+- lib/rufus/treechecker.rb
+- test/ft_0_basic.rb
+- test/ft_1_old_treechecker.rb
+- test/test.rb
+- test/testmixin.rb
+- README.txt
+has_rdoc: true
+homepage: http://rufus.rubyforge.org/rufus-treechecker
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: 
+- rogue_parser
+rubyforge_project: rufus
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: checking ruby code before eval()
+test_files: 
+- test/test.rb