safe_ruby 1.0.2 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: ad9f4276a328e546e667a18999ec069185672e87
4
- data.tar.gz: 79a532fd77ae5db3be47561e1f7adcac4eea0f2f
2
+ SHA256:
3
+ metadata.gz: 4e32c29746cab15458b47b0a08feeab95d23565a37c08a0dcad3f92c6974dd15
4
+ data.tar.gz: 8f154bd0d1c81592a13b5ce8002eac886ba003664387d8b9b2b699e6fe47805a
5
5
  SHA512:
6
- metadata.gz: 562a945aff8bbc1c005ea94fd4e070d275c8b8d6bab9e5f791a717444438f9d65b2d7a6d2272f492d07dfa95ba9a9865b75d1b8026a5bb5169d14c9c6c29eac3
7
- data.tar.gz: 74c0f095b83446f66ecfe114592efd5589699583eb7f0a37208121f3b9c1d986693303a3193fcfe5b27d29cc27bc32cf302e1ff12603de5181e1a4155d575467
6
+ metadata.gz: 6e98dc02b58c8f05a563b416d39008cf41e8c6c80cc3be07db5d39b50d5d0e5417d35f94c3e5975ea9ceab9da9f2314047320bf3da42987fec5ac190c88fbe3e
7
+ data.tar.gz: 816aab9c7f037a6e6387276387702d8a8ce262d6cfe6b68cc0df7cecb169748c4acea47eca8d62a8d231d2fc858ee5245d7ce843cdaa45195782ce2c7be176b2
data/.gitignore CHANGED
@@ -1,3 +1,4 @@
1
1
  *.gem
2
2
  .DS_STORE
3
- lib/.DS_STORE
3
+ lib/.DS_STORE
4
+ /*.html
data/.gitlab-ci.yml ADDED
@@ -0,0 +1,42 @@
1
+ default:
2
+ image: ruby:3.3
3
+ before_script:
4
+ - apt-get update
5
+ - ruby -v
6
+ - which ruby
7
+ - gem install bundler --no-document
8
+ - bundle install --jobs $(nproc) "${FLAGS[@]}"
9
+
10
+ unit tests:
11
+ script:
12
+ - bundle exec rake spec
13
+
14
+ code_quality:
15
+ script:
16
+ - bundle exec rake quality:all
17
+
18
+ unit tests ruby2.7:
19
+ image: ruby:2.7
20
+ before_script:
21
+ - apt-get update
22
+ - ruby -v
23
+ - which ruby
24
+ - gem install bundler -v 2.4.22 --no-document
25
+ - bundle install --jobs $(nproc) "${FLAGS[@]}"
26
+ script:
27
+ - bundle exec rake spec
28
+
29
+ unit tests ruby3.0:
30
+ image: ruby:3.0
31
+ script:
32
+ - bundle exec rake spec
33
+
34
+ unit tests ruby3.1:
35
+ image: ruby:3.1
36
+ script:
37
+ - bundle exec rake spec
38
+
39
+ unit tests ruby3.2:
40
+ image: ruby:3.2
41
+ script:
42
+ - bundle exec rake spec
data/Gemfile CHANGED
@@ -1,3 +1,30 @@
1
- source 'https://rubygems.org'
1
+ # Copyright (c) 2018 Uku Taht
2
+ # frozen_string_literal: true
3
+
4
+ source('https://rubygems.org')
2
5
 
3
6
  gemspec
7
+
8
+ ruby RUBY_VERSION
9
+
10
+ group :development do
11
+ # to parse provided Rakefile
12
+ gem 'rake', '~> 13'
13
+ # tdd
14
+ gem 'rspec', '~> 3'
15
+ # code need to be clean
16
+ gem 'rubocop', '1.65'
17
+ # code need to be clean
18
+ gem 'rubocop-performance', '~> 1'
19
+ # Rakile needs to be clean
20
+ gem 'rubocop-rake', '~> 0'
21
+ # unit tests need to be clean
22
+ gem 'rubocop-rspec', '~> 3'
23
+ # What is tdd without code coverage ?
24
+ gem 'simplecov', '~> 0'
25
+ end
26
+
27
+ group :debugging do
28
+ # Sometimes, we need to debug
29
+ gem 'pry', '~> 0'
30
+ end
data/Gemfile.lock CHANGED
@@ -1,46 +1,93 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- safe_ruby (1.0.1)
5
- childprocess (>= 0.3.9)
4
+ safe_ruby (1.0.5)
5
+ childprocess (~> 5)
6
6
 
7
7
  GEM
8
8
  remote: https://rubygems.org/
9
9
  specs:
10
- childprocess (0.7.1)
11
- ffi (~> 1.0, >= 1.0.11)
12
- coderay (1.1.2)
13
- diff-lcs (1.3)
14
- ffi (1.9.18)
15
- method_source (0.8.2)
16
- pry (0.10.4)
17
- coderay (~> 1.1.0)
18
- method_source (~> 0.8.1)
19
- slop (~> 3.4)
20
- rake (12.1.0)
21
- rspec (3.6.0)
22
- rspec-core (~> 3.6.0)
23
- rspec-expectations (~> 3.6.0)
24
- rspec-mocks (~> 3.6.0)
25
- rspec-core (3.6.0)
26
- rspec-support (~> 3.6.0)
27
- rspec-expectations (3.6.0)
10
+ ast (2.4.2)
11
+ childprocess (5.0.0)
12
+ coderay (1.1.3)
13
+ diff-lcs (1.5.1)
14
+ docile (1.4.1)
15
+ json (2.7.2)
16
+ language_server-protocol (3.17.0.3)
17
+ method_source (1.1.0)
18
+ parallel (1.25.1)
19
+ parser (3.3.4.0)
20
+ ast (~> 2.4.1)
21
+ racc
22
+ pry (0.14.2)
23
+ coderay (~> 1.1)
24
+ method_source (~> 1.0)
25
+ racc (1.8.1)
26
+ rainbow (3.1.1)
27
+ rake (13.2.1)
28
+ regexp_parser (2.9.2)
29
+ rexml (3.3.4)
30
+ strscan
31
+ rspec (3.13.0)
32
+ rspec-core (~> 3.13.0)
33
+ rspec-expectations (~> 3.13.0)
34
+ rspec-mocks (~> 3.13.0)
35
+ rspec-core (3.13.0)
36
+ rspec-support (~> 3.13.0)
37
+ rspec-expectations (3.13.1)
28
38
  diff-lcs (>= 1.2.0, < 2.0)
29
- rspec-support (~> 3.6.0)
30
- rspec-mocks (3.6.0)
39
+ rspec-support (~> 3.13.0)
40
+ rspec-mocks (3.13.1)
31
41
  diff-lcs (>= 1.2.0, < 2.0)
32
- rspec-support (~> 3.6.0)
33
- rspec-support (3.6.0)
34
- slop (3.6.0)
42
+ rspec-support (~> 3.13.0)
43
+ rspec-support (3.13.1)
44
+ rubocop (1.65.0)
45
+ json (~> 2.3)
46
+ language_server-protocol (>= 3.17.0)
47
+ parallel (~> 1.10)
48
+ parser (>= 3.3.0.2)
49
+ rainbow (>= 2.2.2, < 4.0)
50
+ regexp_parser (>= 2.4, < 3.0)
51
+ rexml (>= 3.2.5, < 4.0)
52
+ rubocop-ast (>= 1.31.1, < 2.0)
53
+ ruby-progressbar (~> 1.7)
54
+ unicode-display_width (>= 2.4.0, < 3.0)
55
+ rubocop-ast (1.31.3)
56
+ parser (>= 3.3.1.0)
57
+ rubocop-performance (1.21.1)
58
+ rubocop (>= 1.48.1, < 2.0)
59
+ rubocop-ast (>= 1.31.1, < 2.0)
60
+ rubocop-rake (0.6.0)
61
+ rubocop (~> 1.0)
62
+ rubocop-rspec (3.0.3)
63
+ rubocop (~> 1.61)
64
+ ruby-progressbar (1.13.0)
65
+ simplecov (0.22.0)
66
+ docile (~> 1.1)
67
+ simplecov-html (~> 0.11)
68
+ simplecov_json_formatter (~> 0.1)
69
+ simplecov-html (0.12.3)
70
+ simplecov_json_formatter (0.1.4)
71
+ strscan (3.1.0)
72
+ unicode-display_width (2.5.0)
35
73
 
36
74
  PLATFORMS
37
75
  ruby
76
+ x86_64-linux
38
77
 
39
78
  DEPENDENCIES
40
- pry
41
- rake
42
- rspec
79
+ pry (~> 0)
80
+ rake (~> 13)
81
+ rspec (~> 3)
82
+ rubocop (= 1.65)
83
+ rubocop-performance (~> 1)
84
+ rubocop-rake (~> 0)
85
+ rubocop-rspec (~> 3)
43
86
  safe_ruby!
87
+ simplecov (~> 0)
88
+
89
+ RUBY VERSION
90
+ ruby 3.3.1p55
44
91
 
45
92
  BUNDLED WITH
46
- 1.15.4
93
+ 2.5.16
data/README.md CHANGED
@@ -2,8 +2,8 @@ Safe Ruby
2
2
  =========
3
3
 
4
4
  Safe Ruby provides a way to run untrusted ruby code outside of the current process in a safe environment.
5
- Creating this environment is largery based on jruby sandbox, whitelisting the methods one can use on potentially
6
- dangerous classes. Constants are also whitelisted, eliminating some core ruby functionality such as spawning
5
+ Creating this environment is largery based on jruby sandbox, allowlisting the methods one can use on potentially
6
+ dangerous classes. Constants are also allowlisted, eliminating some core ruby functionality such as spawning
7
7
  another process.
8
8
 
9
9
  Getting Started
data/Rakefile CHANGED
@@ -1,9 +1,18 @@
1
- #!/usr/bin/env rake
1
+ # Copyright (c) 2018 Uku Taht
2
+ # frozen_string_literal: true
2
3
 
3
- require 'bundler/gem_tasks'
4
- require 'rspec/core/rake_task'
4
+ Dir['tasks/**/*.rake'].each { |t| load t }
5
5
 
6
- RSpec::Core::RakeTask.new
6
+ desc 'Continous integration tasks'
7
+ task :ci do
8
+ [
9
+ 'test:spec',
10
+ :rubocop
11
+ ].each do |name|
12
+ puts "\n=== Running #{name}...\n"
13
+ Rake::Task[name].invoke
14
+ puts "\n=== Running #{name} -> Done\n"
15
+ end
16
+ end
7
17
 
8
- desc 'Run specs'
9
- task :default => :spec
18
+ task default: :ci
data/config/rspec ADDED
@@ -0,0 +1,4 @@
1
+ --format documentation
2
+ --format html --out rspec_results.html
3
+ --color
4
+ --require spec_helper
@@ -0,0 +1,76 @@
1
+ # The behavior of RuboCop can be controlled via the .rubocop.yml
2
+ # configuration file. It makes it possible to enable/disable
3
+ # certain cops (checks) and to alter their behavior if they accept
4
+ # any parameters. The file can be placed either in your home
5
+ # directory or in some project directory.
6
+ #
7
+ # RuboCop will start looking for the configuration file in the directory
8
+ # where the inspected file is and continue its way up to the root directory.
9
+ #
10
+ # See https://github.com/rubocop-hq/rubocop/blob/master/manual/configuration.md
11
+
12
+ require:
13
+ - rubocop-performance
14
+ - rubocop-rspec
15
+ - rubocop-rake
16
+
17
+ AllCops:
18
+ TargetRubyVersion: 2.7
19
+ EnabledByDefault: true
20
+ DisplayCopNames: true
21
+
22
+ Style/Copyright:
23
+ Enabled: true
24
+ AutocorrectNotice: '# Copyright (c) 2018 Uku Taht'
25
+
26
+ Lint/ConstantResolution: # Not available ins rubocop 0.81
27
+ Enabled: false
28
+
29
+ Style/DocumentationMethod:
30
+ Enabled: false
31
+
32
+ Style/StringHashKeys :
33
+ Enabled: true
34
+ Exclude:
35
+ - '*.gemspec'
36
+
37
+ Style/MissingElse:
38
+ EnforcedStyle: case
39
+
40
+ Metrics/ModuleLength :
41
+ Exclude:
42
+ - 'spec/**/*'
43
+
44
+ Metrics/BlockLength :
45
+ Exclude:
46
+ - 'spec/**/*'
47
+ - '*.gemspec'
48
+
49
+ Security/Eval :
50
+ Exclude:
51
+ - 'Rakefile'
52
+
53
+ # rubocop-rspec options
54
+ RSpec/MessageExpectation :
55
+ Enabled: true
56
+
57
+ RSpec/SpecFilePathFormat :
58
+ Enabled: true
59
+
60
+ RSpec/SpecFilePathSuffix :
61
+ Enabled: true
62
+
63
+ RSpec/NestedGroups:
64
+ Max: 4
65
+
66
+ Layout/RedundantLineBreak:
67
+ Enabled: false
68
+
69
+ Style/DisableCopsWithinSourceCodeDirective:
70
+ Enabled: true
71
+ AllowedCops: ['Style/OptionHash', 'Security/Eval', 'Security/MarshalLoad',
72
+ 'Metrics/AbcSize', 'Metrics/MethodLength']
73
+
74
+ Layout/EndOfLine:
75
+ EnforcedStyle: lf
76
+
@@ -0,0 +1,124 @@
1
+ # Copyright (c) 2018 Uku Taht
2
+ # frozen_string_literal: true
3
+
4
+ ALLOWED_CONSTANTS = %i[
5
+ Object
6
+ Module
7
+ Class
8
+ BasicObject
9
+ Kernel
10
+ NilClass
11
+ NIL
12
+ Data
13
+ TrueClass
14
+ TRUE
15
+ FalseClass
16
+ FALSE
17
+ Encoding
18
+
19
+ Comparable
20
+ Enumerable
21
+ String
22
+ Symbol
23
+ Exception
24
+ SystemExit
25
+ SignalException
26
+ Interrupt
27
+ StandardError
28
+ TypeError
29
+
30
+ ArgumentError
31
+ IndexError
32
+ KeyError
33
+ RangeError
34
+ ScriptError
35
+ SyntaxError
36
+ LoadError
37
+ NotImplementedError
38
+ NameError
39
+
40
+ NoMethodError
41
+ RuntimeError
42
+ SecurityError
43
+ NoMemoryError
44
+ EncodingError
45
+ SystemCallError
46
+ Errno
47
+ ZeroDivisionError
48
+
49
+ FloatDomainError
50
+ Numeric
51
+ Integer
52
+ Fixnum
53
+ Float
54
+ Bignum
55
+ Array
56
+ Hash
57
+
58
+ Struct
59
+ RegexpError
60
+ Regexp
61
+
62
+ MatchData
63
+ Marshal
64
+ Range
65
+ IOError
66
+ EOFError
67
+ IO
68
+ STDIN
69
+ STDOUT
70
+ STDERR
71
+ Time
72
+ Random
73
+
74
+ Signal
75
+ Proc
76
+ LocalJumpError
77
+ SystemStackError
78
+ Method
79
+ UnboundMethod
80
+ Binding
81
+ Math
82
+ Enumerator
83
+
84
+ StopIteration
85
+ RubyVM
86
+ Thread
87
+ TOPLEVEL_BINDING
88
+ ThreadGroup
89
+ Mutex
90
+ ThreadError
91
+ Fiber
92
+ FiberError
93
+ Rational
94
+ Complex
95
+
96
+ RUBY_VERSION
97
+ RUBY_RELEASE_DATE
98
+ RUBY_PLATFORM
99
+ RUBY_PATCHLEVEL
100
+ RUBY_REVISION
101
+ RUBY_DESCRIPTION
102
+ RUBY_COPYRIGHT
103
+ RUBY_ENGINE
104
+
105
+ TracePoint
106
+ ARGV
107
+ Gem
108
+ RbConfig
109
+ Config
110
+ CROSS_COMPILING
111
+ Date
112
+ ConditionVariable
113
+ Queue
114
+ SizedQueue
115
+ MonitorMixin
116
+ Monitor
117
+
118
+ Exception2MessageMapper
119
+ IRB
120
+ RubyToken
121
+ RubyLex
122
+ Readline
123
+ RUBYGEMS_ACTIVATION_MONITOR
124
+ ].freeze
@@ -1,51 +1,56 @@
1
- MAKE_SAFE_CODE = <<-STRING
2
- def keep_singleton_methods(klass, singleton_methods)
3
- klass = Object.const_get(klass)
4
- singleton_methods = singleton_methods.map(&:to_sym)
5
- undef_methods = (klass.singleton_methods - singleton_methods)
6
-
7
- undef_methods.each do |method|
8
- klass.singleton_class.send(:undef_method, method)
1
+ # Copyright (c) 2018 Uku Taht
2
+ # frozen_string_literal: true
3
+
4
+ require('constant_allowlist')
5
+ require('method_allowlist')
6
+
7
+ MAKE_SAFE_CODE = <<~STRING
8
+ def keep_singleton_methods(klass, singleton_methods)
9
+ klass = Object.const_get(klass)
10
+ singleton_methods = singleton_methods.map(&:to_sym)
11
+ undef_methods = (klass.singleton_methods - singleton_methods)
12
+
13
+ undef_methods.each do |method|
14
+ klass.singleton_class.send(:undef_method, method)
15
+ end
9
16
  end
10
17
 
11
- end
18
+ def keep_methods(klass, methods)
19
+ klass = Object.const_get(klass)
20
+ methods = methods.map(&:to_sym)
21
+ undef_methods = (klass.methods(false) - methods)
22
+ undef_methods.each do |method|
23
+ klass.send(:undef_method, method)
24
+ end
25
+ end
12
26
 
13
- def keep_methods(klass, methods)
14
- klass = Object.const_get(klass)
15
- methods = methods.map(&:to_sym)
16
- undef_methods = (klass.methods(false) - methods)
17
- undef_methods.each do |method|
18
- klass.send(:undef_method, method)
27
+ def clean_constants
28
+ (Object.constants - #{ALLOWED_CONSTANTS}).each do |const|
29
+ Object.send(:remove_const, const) if defined?(const)
30
+ end
19
31
  end
20
- end
21
32
 
22
- def clean_constants
23
- (Object.constants - #{ALLOWED_CONSTANTS}).each do |const|
24
- Object.send(:remove_const, const) if defined?(const)
33
+ keep_singleton_methods(:Kernel, #{KERNEL_S_METHODS})
34
+ keep_singleton_methods(:Symbol, #{SYMBOL_S_METHODS})
35
+ keep_singleton_methods(:String, #{STRING_S_METHODS})
36
+ keep_singleton_methods(:IO, #{IO_S_METHODS})
37
+
38
+ keep_methods(:Kernel, #{KERNEL_METHODS})
39
+ keep_methods(:NilClass, #{NILCLASS_METHODS})
40
+ keep_methods(:TrueClass, #{TRUECLASS_METHODS})
41
+ keep_methods(:FalseClass, #{FALSECLASS_METHODS})
42
+ keep_methods(:Enumerable, #{ENUMERABLE_METHODS})
43
+ keep_methods(:String, #{STRING_METHODS})
44
+ Kernel.class_eval do
45
+ def `(*args)
46
+ raise NoMethodError, "` is unavailable"
47
+ end
48
+
49
+ def system(*args)
50
+ raise NoMethodError, "system is unavailable"
51
+ end
25
52
  end
26
- end
27
-
28
- keep_singleton_methods(:Kernel, #{KERNEL_S_METHODS})
29
- keep_singleton_methods(:Symbol, #{SYMBOL_S_METHODS})
30
- keep_singleton_methods(:String, #{STRING_S_METHODS})
31
- keep_singleton_methods(:IO, #{IO_S_METHODS})
32
-
33
- keep_methods(:Kernel, #{KERNEL_METHODS})
34
- keep_methods(:NilClass, #{NILCLASS_METHODS})
35
- keep_methods(:TrueClass, #{TRUECLASS_METHODS})
36
- keep_methods(:FalseClass, #{FALSECLASS_METHODS})
37
- keep_methods(:Enumerable, #{ENUMERABLE_METHODS})
38
- keep_methods(:String, #{STRING_METHODS})
39
- Kernel.class_eval do
40
- def `(*args)
41
- raise NoMethodError, "` is unavailable"
42
- end
43
-
44
- def system(*args)
45
- raise NoMethodError, "system is unavailable"
46
- end
47
- end
48
-
49
- clean_constants
53
+
54
+ clean_constants
50
55
 
51
56
  STRING