safe_ruby 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7d4ffe979b9bf21d82a84ddcde617929e662043a
+  data.tar.gz: 4e4df66000d092c3dbf313bb7466864e3fbb6b80
+SHA512:
+  metadata.gz: 62d8d6995ba25aea59887d21b11ccc9dbd2429a930989cca4b04d854ad2271afbe0cb033e13c747a9222d43bc4773a0a1337fb8ec0b75311b28f9443ffdf4644
+  data.tar.gz: 45a67beadc6238612f86c4f99f49c160f7a0603687720c24b793d8ba9b5f22c85dfe0408b70199e43ea53024a3c10cf88e472b14fedf8d8a7f84f32e2ef0a344

data/lib/constant_whitelist.rb

@@ -0,0 +1,12 @@
+ALLOWED_CONSTANTS= 
+[ :Object, :Module, :Class, :BasicObject, :Kernel, :NilClass, :NIL, :Data, :TrueClass, :TRUE, :FalseClass, :FALSE, :Encoding, 
+	:Comparable, :Enumerable, :String, :Symbol, :Exception, :SystemExit, :SignalException, :Interrupt, :StandardError, :TypeError,
+ 	:ArgumentError, :IndexError, :KeyError, :RangeError, :ScriptError, :SyntaxError, :LoadError, :NotImplementedError, :NameError,
+  :NoMethodError, :RuntimeError, :SecurityError, :NoMemoryError, :EncodingError, :SystemCallError, :Errno, :ZeroDivisionError,
+  :FloatDomainError, :Numeric, :Integer, :Fixnum, :Float, :Bignum, :Array, :Hash,  :Struct, :RegexpError, :Regexp,
+  :MatchData, :Marshal, :Range, :IOError, :EOFError, :IO, :STDIN, :STDOUT, :STDERR, :Time, :Random,
+  :Signal, :Proc, :LocalJumpError, :SystemStackError, :Method, :UnboundMethod, :Binding, :Math, :Enumerator,
+  :StopIteration, :RubyVM, :Thread, :TOPLEVEL_BINDING, :ThreadGroup, :Mutex, :ThreadError, :Fiber, :FiberError, :Rational, :Complex,
+  :RUBY_VERSION, :RUBY_RELEASE_DATE, :RUBY_PLATFORM, :RUBY_PATCHLEVEL, :RUBY_REVISION, :RUBY_DESCRIPTION, :RUBY_COPYRIGHT, :RUBY_ENGINE,
+  :TracePoint, :ARGV, :Gem, :RbConfig, :Config, :CROSS_COMPILING, :Date, :ConditionVariable, :Queue, :SizedQueue, :MonitorMixin, :Monitor,
+  :Exception2MessageMapper, :IRB, :RubyToken, :RubyLex, :Readline, :RUBYGEMS_ACTIVATION_MONITOR]

data/lib/make_safe_code.rb

@@ -0,0 +1,51 @@
+MAKE_SAFE_CODE = <<-STRING
+def keep_singleton_methods(klass, singleton_methods)
+  klass = Object.const_get(klass)
+  singleton_methods = singleton_methods.map(&:to_sym)
+  undef_methods = (klass.singleton_methods - singleton_methods)
+
+  undef_methods.each do |method|
+    klass.singleton_class.send(:undef_method, method)
+  end
+
+end
+
+def keep_methods(klass, methods)
+  klass = Object.const_get(klass)
+  methods = methods.map(&:to_sym)
+  undef_methods = (klass.methods(false) - methods)
+  undef_methods.each do |method|
+    klass.send(:undef_method, method)
+  end  
+end
+
+def clean_constants
+  (Object.constants - #{ALLOWED_CONSTANTS}).each do |const|
+    Object.send(:remove_const, const) if defined?(const)
+  end
+end
+
+keep_singleton_methods(:Kernel, #{KERNEL_S_METHODS})
+keep_singleton_methods(:Symbol, #{SYMBOL_S_METHODS})
+keep_singleton_methods(:String, #{STRING_S_METHODS})
+keep_singleton_methods(:IO, #{IO_S_METHODS})
+
+keep_methods(:Kernel, #{KERNEL_METHODS})
+keep_methods(:NilClass, #{NILCLASS_METHODS})
+keep_methods(:TrueClass, #{TRUECLASS_METHODS})
+keep_methods(:FalseClass, #{FALSECLASS_METHODS})
+keep_methods(:Enumerable, #{ENUMERABLE_METHODS})
+keep_methods(:String, #{STRING_METHODS})
+Kernel.class_eval do
+ def `(*args)
+   raise NoMethodError, "` is unavailable"
+ end
+
+ def system(*args)
+   raise NoMethodError, "system is unavailable"
+ end
+end
+
+clean_constants
+
+STRING

data/lib/method_whitelist.rb

@@ -0,0 +1,271 @@
+IO_S_METHODS = %w[
+	new
+	foreach
+	open
+]
+
+KERNEL_S_METHODS = %w[
+	Array
+	binding
+	block_given?
+	catch
+	chomp
+	chomp!
+	chop
+	chop!
+	eval
+	fail
+	Float
+	format
+	global_variables
+	gsub
+	gsub!
+	Integer
+	iterator?
+	lambda
+	local_variables
+	loop
+	method_missing
+	proc
+	raise
+	scan
+	split
+	sprintf
+	String
+	sub
+	sub!
+	throw
+	].freeze
+
+SYMBOL_S_METHODS = %w[
+all_symbols
+].freeze
+
+STRING_S_METHODS = %w[
+new
+].freeze
+
+KERNEL_METHODS = %w[
+==
+
+ray
+nding
+ock_given?
+tch
+omp
+omp!
+op
+op!
+ass
+clone
+dup
+eql?
+equal?
+eval
+fail
+Float
+format
+freeze
+frozen?
+global_variables
+gsub
+gsub!
+hash
+id
+initialize_copy
+inspect
+instance_eval
+instance_of?
+instance_variables
+instance_variable_get
+instance_variable_set
+instance_variable_defined?
+Integer
+is_a?
+iterator?
+kind_of?
+lambda
+local_variables
+loop
+methods
+method_missing
+nil?
+private_methods
+print
+proc
+protected_methods
+public_methods
+raise
+remove_instance_variable
+respond_to?
+respond_to_missing?
+scan
+send
+singleton_methods
+singleton_method_added
+singleton_method_removed
+singleton_method_undefined
+split
+sprintf
+String
+sub
+sub!
+taint
+tainted?
+throw
+to_a
+to_s
+type
+untaint
+__send__
+].freeze
+
+NILCLASS_METHODS = %w[
+&
+inspect
+nil?
+to_a
+to_f
+to_i
+to_s
+^
+|
+].freeze
+
+SYMBOL_METHODS = %w[
+===
+id2name
+inspect
+to_i
+to_int
+to_s
+to_sym
+].freeze
+
+TRUECLASS_METHODS = %w[
+&
+to_s
+^
+|
+].freeze
+
+FALSECLASS_METHODS = %w[
+&
+to_s
+^
+|
+].freeze
+
+ENUMERABLE_METHODS = %w[
+all?
+any?
+collect
+detect
+each_with_index
+entries
+find
+find_all
+grep
+include?
+inject
+map
+max
+member?
+min
+partition
+reject
+select
+sort
+sort_by
+to_a
+zip
+].freeze
+
+STRING_METHODS = %w[
+%
+*
++
+<<
+<=>
+==
+=~
+capitalize
+capitalize!
+casecmp
+center
+chomp
+chomp!
+chop
+chop!
+concat
+count
+crypt
+delete
+delete!
+downcase
+downcase!
+dump
+each
+each_byte
+each_line
+empty?
+eql?
+gsub
+gsub!
+hash
+hex
+include?
+index
+initialize
+initialize_copy
+insert
+inspect
+intern
+length
+ljust
+lines
+lstrip
+lstrip!
+match
+next
+next!
+oct
+replace
+reverse
+reverse!
+rindex
+rjust
+rstrip
+rstrip!
+scan
+size
+slice
+slice!
+split
+squeeze
+squeeze!
+strip
+strip!
+start_with?
+sub
+sub!
+succ
+succ!
+sum
+swapcase
+swapcase!
+to_f
+to_i
+to_s
+to_str
+to_sym
+tr
+tr!
+tr_s
+tr_s!
+upcase
+upcase!
+upto
+[]
+[]=
+].freeze

data/lib/safe_ruby.rb

@@ -0,0 +1,9 @@
+require 'childprocess'
+require_relative 'method_whitelist'
+require_relative 'constant_whitelist'
+require_relative 'make_safe_code'
+require_relative 'safe_ruby_runner'
+
+class SafeRuby
+	VERSION = "0.0.0"
+end

data/lib/safe_ruby_runner.rb

@@ -0,0 +1,46 @@
+class SafeRuby
+  def initialize(code)
+    @code = code
+  end
+
+  def self.eval(code)
+    new(code).eval
+  end
+
+  def self.check(code, expected)
+    eval(code) == eval(expected)
+  end
+
+  def eval
+    temp = build_tempfile
+    read, write = IO.pipe
+    ChildProcess.build("ruby", temp.path).tap do |process|
+      process.io.stdout = write
+      process.io.stderr = write
+      process.start
+      process.wait
+      write.close
+    end
+
+    data = read.read
+    Marshal.load(data) rescue data
+  end
+
+  private
+
+  def build_tempfile
+    require 'tempfile'
+    file = Tempfile.new('saferuby')
+    file.write(MAKE_SAFE_CODE)
+    file.write <<-STRING
+      begin
+        result = eval('#{@code}')
+        puts Marshal.dump(result)
+      rescue => e
+        print e
+      end
+    STRING
+    file.rewind
+    file
+  end
+end

metadata

@@ -0,0 +1,62 @@
+--- !ruby/object:Gem::Specification
+name: safe_ruby
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Uku Taht
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-12-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: childprocess
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.3.9
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.3.9
+description: Whatever
+email: uku.taht@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/safe_ruby.rb
+- lib/constant_whitelist.rb
+- lib/make_safe_code.rb
+- lib/method_whitelist.rb
+- lib/safe_ruby_runner.rb
+homepage: http://rubygems.org/gems/safe_ruby
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.1.11
+signing_key: 
+specification_version: 4
+summary: Run untrusted ruby code in a safe environment
+test_files: []