rufus-treechecker 1.0.1 → 1.0.2

data/lib/rufus/treechecker.rb

@@ -125,7 +125,7 @@ module Rufus
   #
   class TreeChecker
 
-    VERSION = '1.0.1'
+    VERSION = '1.0.2'
 
     #
     # pretty-prints the sexp tree of the given rubycode
@@ -142,20 +142,19 @@ module Rufus
     #
     def initialize (&block)
 
-      @root_checks = []
-      @checks = []
-
-      @current_checks = @checks
+      @root_set = RuleSet.new
+      @set = RuleSet.new
+      @current_set = @set
 
       add_rules(&block)
     end
 
     def to_s
-      p self.class
-      puts '  root_checks :'
-      puts @root_checks.collect { |r| r.inspect }.join("\n")
-      puts '  checks :'
-      puts @checks.collect { |r| r.inspect }.join("\n")
+      s = "#{self.class} (#{self.object_id})\n"
+      s << "root_set :\n"
+      s << @root_set.to_s
+      s << "set :\n"
+      s << @set.to_s
     end
 
     #
@@ -167,9 +166,10 @@ module Rufus
 
       sexp = parse(rubycode)
 
-      @root_checks.each do |meth, *args|
-        send meth, sexp, args
-      end
+      #@root_checks.each do |meth, *args|
+      #  send meth, sexp, args
+      #end
+      @root_set.check(sexp)
 
       do_check(sexp)
     end
@@ -179,9 +179,10 @@ module Rufus
     #
     def clone
 
-      copy = TreeChecker.new
-      copy.instance_variable_set(:@checks, @checks.dup)
-      copy
+      tc = TreeChecker.new
+      tc.instance_variable_set(:@root_set, @root_set.clone)
+      tc.instance_variable_set(:@set, @set.clone)
+      tc
     end
 
     #
@@ -199,46 +200,117 @@ module Rufus
     #
     def freeze
       super
-      @root_checks.freeze
-      @root_checks.each { |c| c.freeze }
-      @checks.freeze
-      @checks.each { |c| c.freeze }
-    end
-
-    #
-    # generates a 'classic' tree checker
-    #
-    # Here is how it's built :
-    #
-    #    return TreeChecker.new do
-    #      exclude_fvccall :abort
-    #      exclude_fvccall :exit, :exit!
-    #      exclude_fvccall :system
-    #      exclude_eval
-    #      exclude_alias
-    #      exclude_global_vars
-    #      exclude_call_on File, FileUtils
-    #      exclude_class_tinkering
-    #      exclude_module_tinkering
-    #    end
-    #
-    def self.new_classic_tree_checker
-
-      return TreeChecker.new do
-        exclude_fvccall :abort
-        exclude_fvccall :exit, :exit!
-        exclude_fvccall :system
-        exclude_eval
-        exclude_alias
-        exclude_global_vars
-        exclude_call_on File, FileUtils
-        exclude_class_tinkering
-        exclude_module_tinkering
-      end
+      @root_set.freeze
+      @set.freeze
     end
 
     protected
 
+    class RuleSet
+
+      def initialize
+
+        @excluded_symbols = {} # symbol => exclusion_message
+        @accepted_patterns = {} # 1st elt of pattern => pattern
+        @excluded_patterns = {} # 1st elt of pattern => pattern, excl_message
+      end
+
+      def clone
+        rs = RuleSet.new
+        rs.instance_variable_set(:@excluded_symbols, @excluded_symbols.dup)
+        rs.instance_variable_set(:@accepted_patterns, @accepted_patterns.dup)
+        rs.instance_variable_set(:@excluded_patterns, @excluded_patterns.dup)
+        rs
+      end
+
+      def exclude_symbol (s, message)
+
+        @excluded_symbols[s] = (message || ":#{s} is excluded")
+      end
+
+      def accept_pattern (pat)
+
+        (@accepted_patterns[pat.first] ||= []) << pat
+      end
+
+      def exclude_pattern (pat, message)
+
+        (@excluded_patterns[pat.first] ||= []) << [
+          pat, message || "#{pat.inspect} is excluded" ]
+      end
+
+      def check (sexp)
+
+        if sexp.is_a?(Symbol)
+
+          m = @excluded_symbols[sexp]
+          raise SecurityError.new(m) if m
+
+        elsif sexp.is_a?(Array)
+
+          # accepted patterns are evaluated before excluded patterns
+          # if one is found the excluded patterns are skipped
+
+          pats = @accepted_patterns[sexp.first]
+          pats.each { |pat| return if check_pattern(sexp, pat) } if pats
+
+          pats = @excluded_patterns[sexp.first]
+          return unless pats
+
+          pats.each do |pat, msg|
+            raise SecurityError.new(msg) if check_pattern(sexp, pat)
+          end
+        end
+      end
+
+      def freeze
+
+        super
+
+        @excluded_symbols.freeze
+        @excluded_symbols.each { |k, v| k.freeze; v.freeze }
+        @accepted_patterns.freeze
+        @accepted_patterns.each { |k, v| k.freeze; v.freeze }
+        @excluded_patterns.freeze
+        @excluded_patterns.each { |k, v| k.freeze; v.freeze }
+      end
+
+      def to_s
+
+        s = "#{self.class} (#{self.object_id})\n"
+        s << "  excluded symbols :\n"
+        @excluded_symbols.each do |k, v|
+          s << "    - #{k.inspect}, #{v}\n"
+        end
+        s << "  accepted patterns :\n"
+        @accepted_patterns.each do |k, v|
+          v.each do |p|
+            s << "    - #{k.inspect}, #{p.inspect}\n"
+          end
+        end
+        s << "  excluded patterns :\n"
+        @excluded_patterns.each do |k, v|
+          v.each do |p|
+            s << "    - #{k.inspect}, #{p.inspect}\n"
+          end
+        end
+        s
+      end
+
+      protected
+
+      def check_pattern (sexp, pat)
+
+        return false if sexp.length < pat.length
+
+        (1..pat.length-1).each do |i|
+          return false if (pat[i] != :any and pat[i] != sexp[i])
+        end
+
+        return true # we have a match
+      end
+    end
+
     #--
     # the methods used to define the checks
     #++
@@ -249,9 +321,26 @@ module Rufus
     #
     def at_root (&block)
 
-      @current_checks = @root_checks
+      @current_set = @root_set
       add_rules(&block)
-      @current_checks = @checks
+      @current_set = @set
+    end
+
+    def extract_message (args)
+
+      message = nil
+      args = args.dup
+      message = args.pop if args.last.is_a?(String)
+      [ args, message ]
+    end
+
+    def expand_class (arg)
+
+      if arg.is_a?(Class) or arg.is_a?(Module)
+        [ parse(arg.to_s), parse("::#{arg.to_s}") ]
+      else
+        [ arg ]
+      end
     end
 
     #
@@ -266,33 +355,39 @@ module Rufus
     #
     def exclude_head (head, message=nil)
 
-      @current_checks << [ :do_exclude_head, head, message ]
+      @current_set.exclude_pattern(head, message)
     end
 
-    [
-      :exclude_symbol,
-      :exclude_fcall,
-      :exclude_vcall,
-      :exclude_fvcall,
-      :exclude_fvccall,
-      :exclude_call_on,
-      :exclude_call_to
+    def exclude_symbol (*args)
+      args, message = extract_message(args)
+      args.each { |a| @current_set.exclude_symbol(a, message) }
+    end
 
-    ].each do |m|
-      class_eval <<-EOS
-        def #{m} (*args)
+    def exclude_fcall (*args)
+      do_exclude_pair(:fcall, args)
+    end
 
-          message = args.last.is_a?(String) ? args.pop : nil
+    def exclude_vcall (*args)
+      do_exclude_pair(:vcall, args)
+    end
 
-          args.each do |a| 
+    def exclude_fvcall (*args)
+      do_exclude_pair(:fcall, args)
+      do_exclude_pair(:vcall, args)
+    end
 
-            a = [ Class, Module ].include?(a.class) ? \
-              parse(a.to_s) : a.to_sym
+    def exclude_call_on (*args)
+      do_exclude_pair(:call, args)
+    end
 
-            @current_checks << [ :do_#{m}, a, message ]
-          end
-        end
-      EOS
+    def exclude_call_to (*args)
+      args, message = extract_message(args)
+      args.each { |a| @current_set.exclude_pattern([ :call, :any, a], message) }
+    end
+
+    def exclude_fvccall (*args)
+      exclude_fvcall(*args)
+      exclude_call_to(*args)
     end
 
     #
@@ -306,14 +401,11 @@ module Rufus
     #     k = ::Kernel
     #
     def exclude_rebinding (*args)
-
-      message = args.last.is_a?(String) ? args.pop : nil
-
+      args, message = extract_message(args)
       args.each do |a|
-        c0 = parse(a.to_s)
-        c1 = parse("::#{a.to_s}")
-        @current_checks << [ :do_exclude_rebinding, c0, message ]
-        @current_checks << [ :do_exclude_rebinding, c1, message ]
+        expand_class(a).each do |c|
+          @current_set.exclude_pattern([ :lasgn, :any, c], message)
+        end
       end
     end
 
@@ -322,7 +414,6 @@ module Rufus
     # of classes
     #
     def exclude_access_to (*args)
-
       exclude_call_on *args
       exclude_rebinding *args
     end
@@ -332,8 +423,7 @@ module Rufus
     #
     def exclude_def
 
-      @current_checks << [
-        :do_exclude_symbol, :defn, 'method definitions are forbidden' ]
+      @current_set.exclude_symbol(:defn, 'method definitions are forbidden')
     end
 
     #
@@ -342,23 +432,21 @@ module Rufus
     # a list of exceptions (classes) can be passed. Subclassing those
     # exceptions is permitted.
     #
-    def exclude_class_tinkering (*exceptions)
-
-      #
-      # :class
+    #     exclude_class_tinkering :except => [ String, Array ]
+    #
+    def exclude_class_tinkering (*args)
 
-      @current_checks << [
-        :do_exclude_class_tinkering
-      ] + exceptions.collect { |e| parse(e.to_s) }
+      @current_set.exclude_pattern(
+        [ :sclass ], 'opening the metaclass of an instance is forbidden')
 
-      #
-      # :sclass
+      Array(args.last[:except]).each { |e|
+        expand_class(e).each do |c|
+          @current_set.accept_pattern([ :class, :any, c ])
+        end
+      } if args.last.is_a?(Hash)
 
-      @current_checks << [
-        :do_exclude_symbol,
-        :sclass,
-        'opening the metaclass of an instance is forbidde'
-      ]
+      @current_set.exclude_pattern(
+        [ :class ], 'defining a class is forbidden')
     end
 
     #
@@ -366,9 +454,8 @@ module Rufus
     #
     def exclude_module_tinkering
 
-      @current_checks << [
-        :do_exclude_symbol, :module, 'defining or opening a module is forbidden'
-      ]
+      @current_set.exclude_symbol(
+        :module, 'defining or opening a module is forbidden')
     end
 
     #
@@ -376,10 +463,8 @@ module Rufus
     #
     def exclude_global_vars
 
-      @current_checks << [
-        :do_exclude_symbol, :gvar, "global vars are forbidden" ]
-      @current_checks << [
-        :do_exclude_symbol, :gasgn, "global vars are forbidden" ]
+      @current_set.exclude_symbol(:gvar, 'global vars are forbidden')
+      @current_set.exclude_symbol(:gasgn, 'global vars are forbidden')
     end
 
     #
@@ -387,10 +472,8 @@ module Rufus
     #
     def exclude_alias
 
-      @current_checks << [
-        :do_exclude_symbol, :alias, "'alias' is forbidden" ]
-      @current_checks << [
-        :do_exclude_symbol, :alias_method, "'alias_method' is forbidden" ]
+      @current_set.exclude_symbol(:alias, "'alias' is forbidden")
+      @current_set.exclude_symbol(:alias_method, "'alias_method' is forbidden")
     end
 
     #
@@ -398,26 +481,17 @@ module Rufus
     #
     def exclude_eval
 
-      @current_checks << [
-        :do_exclude_fcall,
-        :eval,
-        "eval() is forbidden" ]
-      @current_checks << [
-        :do_exclude_call_to,
-        :instance_eval,
-        "instance_eval() is forbidden" ]
-      @current_checks << [
-        :do_exclude_call_to,
-        :module_eval,
-        "module_eval() is forbidden" ]
+      exclude_fcall(:eval, 'eval() is forbidden')
+      exclude_call_to(:module_eval, 'module_eval() is forbidden')
+      exclude_call_to(:instance_eval, 'instance_eval() is forbidden')
     end
 
     #
     # bans the use of backquotes
     #
     def exclude_backquotes
-      @current_checks << [
-        :do_exclude_symbol, :xstr, "backquotes are forbidden" ]
+
+      @current_set.exclude_symbol(:xstr, 'backquotes are forbidden')
     end
 
     #
@@ -425,8 +499,18 @@ module Rufus
     #
     def exclude_raise
 
-      @current_checks << [ :do_exclude_fvccall, :raise, "raise is forbidden" ]
-      @current_checks << [ :do_exclude_fvccall, :throw, "throw is forbidden" ]
+      exclude_fvccall(:raise, 'raise is forbidden')
+      exclude_fvccall(:throw, 'throw is forbidden')
+    end
+
+    def do_exclude_pair (first, args)
+
+      args, message = extract_message(args)
+      args.each do |a|
+        expand_class(a).each do |c|
+          @current_set.exclude_pattern([ first, c ], message)
+        end
+      end
     end
 
     #
@@ -434,9 +518,7 @@ module Rufus
     #
     def do_check (sexp)
 
-      @checks.each do |exclusion_method, *args|
-        send exclusion_method, sexp, args
-      end
+      @set.check(sexp)
 
       return unless sexp.is_a?(Array) # check over, seems fine...
 
@@ -445,125 +527,6 @@ module Rufus
       sexp.each { |c| do_check c }
     end
 
-    #
-    # the methods that actually perform the checks
-    # (and potentially raise security exceptions)
-
-    #
-    # constructs a new set of arguments by inserting the newhead at the
-    # beginning of the arguments
-    #
-    def cons (newhead, args)
-
-      newhead = Array(newhead)
-      newhead << args[0]
-
-      [ newhead ] + (args[1, -1] || [])
-    end
-
-    def do_exclude_fcall (sexp, args)
-
-      do_exclude_head(sexp, cons(:fcall, args))
-    end
-
-    def do_exclude_vcall (sexp, args)
-
-      do_exclude_head(sexp, cons(:vcall, args))
-    end
-
-    #
-    # excludes :fcall and :vcall
-    #
-    def do_exclude_fvcall (sexp, args)
-
-      do_exclude_fcall(sexp, args)
-      do_exclude_vcall(sexp, args)
-    end
-
-    #
-    # excludes :fcall and :vcall and :call (to)
-    #
-    def do_exclude_fvccall (sexp, args)
-
-      do_exclude_fvcall(sexp, args)
-      #do_exclude_head(sexp, cons([ :call, [ :const, :Kernel ] ], args))
-      do_exclude_call_to(sexp, args)
-    end
-
-    #
-    # raises a Rufus::SecurityError if the sexp is a reference to
-    # a certain symbol (like :gvar or :alias).
-    #
-    def do_exclude_symbol (sexp, args)
-
-      raise SecurityError.new(
-        args[1] || "symbol :#{excluded_symbol} is forbidden"
-      ) if sexp == args[0]
-    end
-
-    #
-    # raises a security error if the sexp is a call on a given constant or
-    # module (class)
-    #
-    def do_exclude_call_on (sexp, args)
-
-      do_exclude_head(sexp, [ [:call, args[0]] ] + (args[1, -1] || []))
-    end
-
-    #
-    # this method is called by all the methods checking composite sexps.
-    #
-    def do__exclude (sexp, args, default_error_message, &block)
-
-      return unless sexp.is_a?(Array)
-
-      raise SecurityError.new(
-        args[1] || default_error_message
-      ) if block.call(args)
-    end
-
-    #
-    # raises a security error if a call to a given method of any instance
-    # is found
-    #
-    def do_exclude_call_to (sexp, args)
-
-      do__exclude(sexp, args, "calls to '#{args[0]}' are forbidden") do
-
-        (sexp[0] == :call and sexp[2] == args[0])
-      end
-    end
-
-    def do_exclude_rebinding (sexp, args)
-
-      do__exclude(sexp, args, "rebinding '#{args[0]}' is forbidden") do
-
-        (sexp[0] == :lasgn and sexp[2] == args[0])
-      end
-    end
-
-    def do_exclude_head (sexp, args)
-
-      do__exclude(sexp, args, "#{args[0].inspect} is forbidden") do
-
-        (sexp[0, args[0].length] == args[0])
-      end
-    end
-
-    def do_exclude_class_tinkering (sexp, args)
-
-      return unless sexp.is_a?(Array) # lonely symbols are not class definitions
-
-      return unless sexp[0] == :class
-
-      raise SecurityError.new(
-        'defining or opening a class is forbidden'
-      ) if args.length == 0 or ( ! args.include?(sexp[2]))
-        #
-        # raise error if there are no exceptions or
-        # if the parent class is not a member of the exception list
-    end
-
     #
     # a simple parse (relies on ruby_parser currently)
     #

data/test/bm.rb

@@ -0,0 +1,95 @@
+
+require 'rubygems'
+
+require 'benchmark'
+include Benchmark
+
+require 'rufus/treechecker'
+
+Benchmark.benchmark do |b|
+
+  tc = nil
+
+  b.report do
+    tc = Rufus::TreeChecker.new do
+
+      exclude_fvccall :abort, :exit, :exit!
+      exclude_fvccall :system, :fork, :syscall, :trap, :require, :load
+
+      #exclude_call_to :class
+      exclude_fvcall :private, :public, :protected
+
+      #exclude_def               # no method definition
+      exclude_eval              # no eval, module_eval or instance_eval
+      exclude_backquotes        # no `rm -fR the/kitchen/sink`
+      exclude_alias             # no alias or aliast_method
+      exclude_global_vars       # $vars are off limits
+      exclude_module_tinkering  # no module opening
+      exclude_raise             # no raise or throw
+
+      exclude_rebinding Kernel # no 'k = Kernel'
+
+      exclude_access_to(
+        IO, File, FileUtils, Process, Signal, Thread, ThreadGroup)
+
+      #exclude_class_tinkering :except => OpenWFE::ProcessDefinition
+      exclude_class_tinkering :except => Rufus::TreeChecker
+        #
+        # excludes defining/opening any class except
+        # OpenWFE::ProcessDefinition
+
+      exclude_call_to :instance_variable_get, :instance_variable_set
+    end
+  end
+
+  DEF0 = <<-EOS
+    #class MyDef0 < OpenWFE::ProcessDefinition
+    class MyDef0 < Rufus::TreeChecker
+      sequence do
+        participant "alpha"
+        participant 'alpha'
+        alpha
+      end
+    end
+  EOS
+
+  N = 100
+  #N = 1
+
+  b.report do
+    N.times { tc.check(DEF0) }
+  end
+end
+
+#
+# before RuleSet (N=100)
+#
+# mettraux:rufus-treechecker[master]/$ date
+#   Tue Sep  2 09:33:06 JST 2008
+# mettraux:rufus-treechecker[master]/$ ruby -Ilib test/bm.rb
+#   0.000000   0.000000   0.000000 (  0.004252)
+#   5.680000   0.040000   5.720000 (  5.745755)
+# mettraux:rufus-treechecker[master]/$ ruby -Ilib test/bm.rb
+#   0.010000   0.000000   0.010000 (  0.004367)
+#   5.670000   0.040000   5.710000 (  5.731221)
+# mettraux:rufus-treechecker[master]/$ ruby -Ilib test/bm.rb
+#   0.010000   0.000000   0.010000 (  0.004247)
+#   5.670000   0.040000   5.710000 (  5.727363)
+#
+
+#
+# with RuleSet (N=100)
+#
+# mettraux:rufus-treechecker[master]/$ date
+#   Tue Sep  2 13:25:24 JST 2008
+# mettraux:rufus-treechecker[master]/$ ruby -Ilib test/bm.rb
+#   0.000000   0.000000   0.000000 (  0.006439)
+#   0.340000   0.000000   0.340000 (  0.342302)
+# mettraux:rufus-treechecker[master]/$ ruby -Ilib test/bm.rb
+#   0.000000   0.000000   0.000000 (  0.006269)
+#   0.340000   0.000000   0.340000 (  0.342301)
+# mettraux:rufus-treechecker[master]/$ ruby -Ilib test/bm.rb
+#   0.000000   0.000000   0.000000 (  0.006350)
+#   0.340000   0.000000   0.340000 (  0.342841)
+#
+

data/test/ft_0_basic.rb

@@ -68,6 +68,7 @@ class BasicTest < Test::Unit::TestCase
       exclude_call_on File, FileUtils
       exclude_call_on IO
     end
+    #puts tc.to_s
 
     assert_nok(tc, 'data = File.read("surf.txt")')
     assert_nok(tc, 'f = File.new("surf.txt")')
@@ -99,23 +100,9 @@ class BasicTest < Test::Unit::TestCase
   def test_5b_exclude_class_tinkering_with_exceptions
 
     tc = Rufus::TreeChecker.new do
-      exclude_class_tinkering String, Rufus::TreeChecker
-    end
-
-    assert_nok(tc, 'class String; def length; 3; end; end')
-
-    assert_ok(tc, 'class S2 < String; def length; 3; end; end')
-    assert_ok(tc, 'class Toto < Rufus::TreeChecker; def length; 3; end; end')
-
-    assert_nok(tc, 'class Toto; end')
-    assert_nok(tc, 'class Alpha::Toto; end')
-  end
-
-  def test_5c_exclude_class_tinkering_with_exceptions
-
-    tc = Rufus::TreeChecker.new do
-      exclude_class_tinkering 'String', 'Rufus::TreeChecker'
+      exclude_class_tinkering :except => [ String, Rufus::TreeChecker ]
     end
+    #puts tc.to_s
 
     assert_nok(tc, 'class String; def length; 3; end; end')
 
@@ -238,9 +225,12 @@ class BasicTest < Test::Unit::TestCase
       exclude_access_to File
     end
 
+    #puts tc.to_s
+
     assert_nok(tc, 'f = File')
     assert_nok(tc, 'f = ::File')
     assert_nok(tc, 'File.read "hello.txt"')
+    assert_nok(tc, '::File.read "hello.txt"')
   end
 
   #def test_X

data/test/ft_1_old_treechecker.rb

@@ -28,7 +28,7 @@ class OldTreeCheckerTest < Test::Unit::TestCase
       exclude_alias
       exclude_global_vars
       exclude_call_on File, FileUtils
-      exclude_class_tinkering Testy::Tasty
+      exclude_class_tinkering :except => Testy::Tasty
       exclude_module_tinkering
 
       exclude_fvcall :public

data/test/ft_2_clone.rb

@@ -0,0 +1,32 @@
+
+#
+# Testing rufus-treechecker
+#
+# jmettraux at gmail.org
+#
+# Tue Sep  2 14:28:01 JST 2008
+#
+
+require 'testmixin'
+
+class CloneTest < Test::Unit::TestCase
+  include TestMixin
+
+
+  def test_0
+
+    tc0 = Rufus::TreeChecker.new do
+      exclude_fvccall :abort
+    end
+
+    tc1 = tc0.clone
+    tc1.add_rules do
+      at_root do
+        exclude_head [ :block ]
+      end
+    end
+
+    assert_not_equal tc0.object_id, tc1.object_id
+  end
+end
+

data/test/test.rb

@@ -1,4 +1,5 @@
 
 require 'ft_0_basic'
 require 'ft_1_old_treechecker'
+require 'ft_2_clone'
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: rufus-treechecker
 version: !ruby/object:Gem::Version 
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors: 
 - John Mettraux
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-09-01 00:00:00 +09:00
+date: 2008-09-02 00:00:00 +09:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -33,8 +33,10 @@ extra_rdoc_files:
 files: 
 - lib/rufus
 - lib/rufus/treechecker.rb
+- test/bm.rb
 - test/ft_0_basic.rb
 - test/ft_1_old_treechecker.rb
+- test/ft_2_clone.rb
 - test/test.rb
 - test/testmixin.rb
 - README.txt