safe_ruby 0.0.1 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/safe_ruby.rb +1 -1
- data/lib/safe_ruby_runner.rb +31 -16
- metadata +19 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: de496912b7b02e5c957d14dfd8f948ad61b67e91
|
4
|
+
data.tar.gz: dd35f9355735b7ea5c8b8142487b0e94543eb3bc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f99d15ed28e01b364fc7875be6cac1e6dbb0cf8f5e017b799c4e88219e8b62867f2dbc709cee31a831787918985ddd28644d11adffe97eee7d3b11f3cf38ffe0
|
7
|
+
data.tar.gz: 4e71378723c608036ac912b5b329a96d73dc2decfb100df314cef0fa27d9fa2514fa8c463bbd72d261dcc3832ab979dd33c65df8d1f9edee0c461dc9134e6cda
|
data/lib/safe_ruby.rb
CHANGED
data/lib/safe_ruby_runner.rb
CHANGED
@@ -1,14 +1,18 @@
|
|
1
|
+
class EvalError < StandardError
|
2
|
+
def initialize(msg); super; end
|
3
|
+
end
|
4
|
+
|
1
5
|
class SafeRuby
|
2
|
-
|
3
|
-
@code = code
|
4
|
-
end
|
6
|
+
DEFAULTS = { timeout: 5 }
|
5
7
|
|
6
|
-
def
|
7
|
-
|
8
|
+
def initialize(code, options={})
|
9
|
+
@code = code
|
10
|
+
options = DEFAULTS.merge(options)
|
11
|
+
@timeout = options[:timeout]
|
8
12
|
end
|
9
13
|
|
10
|
-
def self.
|
11
|
-
|
14
|
+
def self.eval(code, options={})
|
15
|
+
new(code, options).eval
|
12
16
|
end
|
13
17
|
|
14
18
|
def eval
|
@@ -18,14 +22,29 @@ class SafeRuby
|
|
18
22
|
process.io.stdout = write
|
19
23
|
process.io.stderr = write
|
20
24
|
process.start
|
21
|
-
|
25
|
+
begin
|
26
|
+
process.poll_for_exit(@timeout)
|
27
|
+
rescue ChildProcess::TimeoutError => e
|
28
|
+
process.stop # tries increasingly harsher methods to kill the process.
|
29
|
+
return e
|
30
|
+
end
|
22
31
|
write.close
|
32
|
+
temp.unlink
|
23
33
|
end
|
24
34
|
|
25
35
|
data = read.read
|
26
|
-
|
36
|
+
begin
|
37
|
+
Marshal.load(data)
|
38
|
+
rescue => e
|
39
|
+
raise data
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def self.check(code, expected)
|
44
|
+
eval(code) == eval(expected)
|
27
45
|
end
|
28
46
|
|
47
|
+
|
29
48
|
private
|
30
49
|
|
31
50
|
def build_tempfile
|
@@ -33,14 +52,10 @@ class SafeRuby
|
|
33
52
|
file = Tempfile.new('saferuby')
|
34
53
|
file.write(MAKE_SAFE_CODE)
|
35
54
|
file.write <<-STRING
|
36
|
-
|
37
|
-
|
38
|
-
puts Marshal.dump(result)
|
39
|
-
rescue => e
|
40
|
-
print e
|
41
|
-
end
|
55
|
+
result = eval('#{@code}')
|
56
|
+
print Marshal.dump(result)
|
42
57
|
STRING
|
43
58
|
file.rewind
|
44
59
|
file
|
45
60
|
end
|
46
|
-
end
|
61
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: safe_ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Uku Taht
|
@@ -24,7 +24,24 @@ dependencies:
|
|
24
24
|
- - '>='
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 0.3.9
|
27
|
-
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rspec
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 2.14.1
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 2.14.1
|
41
|
+
description: Evaluates ruby code by writing it to a tempfile and spawning a child
|
42
|
+
process. Uses a whitelist of methods and constants to keep, for example one cannot
|
43
|
+
run system commands in the environment created by this gem. The environment created
|
44
|
+
by the untrusted code does not leak out into the parent process.
|
28
45
|
email: uku.taht@gmail.com
|
29
46
|
executables: []
|
30
47
|
extensions: []
|