safe_ruby 0.0.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7d4ffe979b9bf21d82a84ddcde617929e662043a
-  data.tar.gz: 4e4df66000d092c3dbf313bb7466864e3fbb6b80
+  metadata.gz: de496912b7b02e5c957d14dfd8f948ad61b67e91
+  data.tar.gz: dd35f9355735b7ea5c8b8142487b0e94543eb3bc
 SHA512:
-  metadata.gz: 62d8d6995ba25aea59887d21b11ccc9dbd2429a930989cca4b04d854ad2271afbe0cb033e13c747a9222d43bc4773a0a1337fb8ec0b75311b28f9443ffdf4644
-  data.tar.gz: 45a67beadc6238612f86c4f99f49c160f7a0603687720c24b793d8ba9b5f22c85dfe0408b70199e43ea53024a3c10cf88e472b14fedf8d8a7f84f32e2ef0a344
+  metadata.gz: f99d15ed28e01b364fc7875be6cac1e6dbb0cf8f5e017b799c4e88219e8b62867f2dbc709cee31a831787918985ddd28644d11adffe97eee7d3b11f3cf38ffe0
+  data.tar.gz: 4e71378723c608036ac912b5b329a96d73dc2decfb100df314cef0fa27d9fa2514fa8c463bbd72d261dcc3832ab979dd33c65df8d1f9edee0c461dc9134e6cda

data/lib/safe_ruby.rb

@@ -5,5 +5,5 @@ require_relative 'make_safe_code'
 require_relative 'safe_ruby_runner'
 
 class SafeRuby
-	VERSION = "0.0.0"
+	VERSION = "1.0.0"
 end

data/lib/safe_ruby_runner.rb

@@ -1,14 +1,18 @@
+class EvalError < StandardError
+  def initialize(msg); super; end
+end
+
 class SafeRuby
-  def initialize(code)
-    @code = code
-  end
+  DEFAULTS = { timeout: 5 }
 
-  def self.eval(code)
-    new(code).eval
+  def initialize(code, options={})
+    @code = code
+    options = DEFAULTS.merge(options)
+    @timeout = options[:timeout]
   end
 
-  def self.check(code, expected)
-    eval(code) == eval(expected)
+  def self.eval(code, options={})
+    new(code, options).eval
   end
 
   def eval
@@ -18,14 +22,29 @@ class SafeRuby
       process.io.stdout = write
       process.io.stderr = write
       process.start
-      process.wait
+      begin
+        process.poll_for_exit(@timeout)
+      rescue ChildProcess::TimeoutError => e
+        process.stop # tries increasingly harsher methods to kill the process.
+        return e
+      end
       write.close
+      temp.unlink
     end
 
     data = read.read
-    Marshal.load(data) rescue data
+    begin
+      Marshal.load(data)
+    rescue => e
+      raise data
+    end
+  end
+
+  def self.check(code, expected)
+    eval(code) == eval(expected)
   end
 
+
   private
 
   def build_tempfile
@@ -33,14 +52,10 @@ class SafeRuby
     file = Tempfile.new('saferuby')
     file.write(MAKE_SAFE_CODE)
     file.write <<-STRING
-      begin
-        result = eval('#{@code}')
-        puts Marshal.dump(result)
-      rescue => e
-        print e
-      end
+      result = eval('#{@code}')
+      print Marshal.dump(result)
     STRING
     file.rewind
     file
   end
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safe_ruby
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 1.0.0
 platform: ruby
 authors:
 - Uku Taht
@@ -24,7 +24,24 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: 0.3.9
-description: Whatever
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 2.14.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 2.14.1
+description: Evaluates ruby code by writing it to a tempfile and spawning a child
+  process. Uses a whitelist of methods and constants to keep, for example one cannot
+  run system commands in the environment created by this gem. The environment created
+  by the untrusted code does not leak out into the parent process.
 email: uku.taht@gmail.com
 executables: []
 extensions: []