RubyGems - safe_ruby - Versions diffs - 1.0.2 → 1.0.5 - Mend

safe_ruby 1.0.2 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: ad9f4276a328e546e667a18999ec069185672e87
-  data.tar.gz: 79a532fd77ae5db3be47561e1f7adcac4eea0f2f
+SHA256:
+  metadata.gz: 4e32c29746cab15458b47b0a08feeab95d23565a37c08a0dcad3f92c6974dd15
+  data.tar.gz: 8f154bd0d1c81592a13b5ce8002eac886ba003664387d8b9b2b699e6fe47805a
 SHA512:
-  metadata.gz: 562a945aff8bbc1c005ea94fd4e070d275c8b8d6bab9e5f791a717444438f9d65b2d7a6d2272f492d07dfa95ba9a9865b75d1b8026a5bb5169d14c9c6c29eac3
-  data.tar.gz: 74c0f095b83446f66ecfe114592efd5589699583eb7f0a37208121f3b9c1d986693303a3193fcfe5b27d29cc27bc32cf302e1ff12603de5181e1a4155d575467
+  metadata.gz: 6e98dc02b58c8f05a563b416d39008cf41e8c6c80cc3be07db5d39b50d5d0e5417d35f94c3e5975ea9ceab9da9f2314047320bf3da42987fec5ac190c88fbe3e
+  data.tar.gz: 816aab9c7f037a6e6387276387702d8a8ce262d6cfe6b68cc0df7cecb169748c4acea47eca8d62a8d231d2fc858ee5245d7ce843cdaa45195782ce2c7be176b2

data/.gitignore CHANGED Viewed

@@ -1,3 +1,4 @@
 *.gem
 .DS_STORE
-lib/.DS_STORE
+lib/.DS_STORE
+/*.html

data/.gitlab-ci.yml ADDED Viewed

@@ -0,0 +1,42 @@
+default:
+  image: ruby:3.3
+  before_script:
+    - apt-get update
+    - ruby -v
+    - which ruby
+    - gem install bundler --no-document
+    - bundle install --jobs $(nproc) "${FLAGS[@]}"
+unit tests:
+  script:
+    - bundle exec rake spec
+code_quality:
+  script:
+    - bundle exec rake quality:all
+unit tests ruby2.7:
+  image: ruby:2.7
+  before_script:
+    - apt-get update
+    - ruby -v
+    - which ruby
+    - gem install bundler -v 2.4.22 --no-document
+    - bundle install --jobs $(nproc) "${FLAGS[@]}"
+  script:
+    - bundle exec rake spec
+unit tests ruby3.0:
+  image: ruby:3.0
+  script:
+    - bundle exec rake spec
+unit tests ruby3.1:
+  image: ruby:3.1
+  script:
+    - bundle exec rake spec
+unit tests ruby3.2:
+  image: ruby:3.2
+  script:
+    - bundle exec rake spec

data/Gemfile CHANGED Viewed

@@ -1,3 +1,30 @@
-source 'https://rubygems.org'
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+source('https://rubygems.org')
 gemspec
+ruby RUBY_VERSION
+group :development do
+  # to parse provided Rakefile
+  gem 'rake', '~> 13'
+  # tdd
+  gem 'rspec', '~> 3'
+  # code need to be clean
+  gem 'rubocop', '1.65'
+  # code need to be clean
+  gem 'rubocop-performance', '~> 1'
+  # Rakile needs to be clean
+  gem 'rubocop-rake', '~> 0'
+  # unit tests need to be clean
+  gem 'rubocop-rspec', '~> 3'
+  # What is tdd without code coverage ?
+  gem 'simplecov', '~> 0'
+end
+group :debugging do
+  # Sometimes, we need to debug
+  gem 'pry', '~> 0'
+end

data/Gemfile.lock CHANGED Viewed

@@ -1,46 +1,93 @@
 PATH
   remote: .
   specs:
-    safe_ruby (1.0.1)
-      childprocess (>= 0.3.9)
+    safe_ruby (1.0.5)
+      childprocess (~> 5)
 GEM
   remote: https://rubygems.org/
   specs:
-    childprocess (0.7.1)
-      ffi (~> 1.0, >= 1.0.11)
-    coderay (1.1.2)
-    diff-lcs (1.3)
-    ffi (1.9.18)
-    method_source (0.8.2)
-    pry (0.10.4)
-      coderay (~> 1.1.0)
-      method_source (~> 0.8.1)
-      slop (~> 3.4)
-    rake (12.1.0)
-    rspec (3.6.0)
-      rspec-core (~> 3.6.0)
-      rspec-expectations (~> 3.6.0)
-      rspec-mocks (~> 3.6.0)
-    rspec-core (3.6.0)
-      rspec-support (~> 3.6.0)
-    rspec-expectations (3.6.0)
+    ast (2.4.2)
+    childprocess (5.0.0)
+    coderay (1.1.3)
+    diff-lcs (1.5.1)
+    docile (1.4.1)
+    json (2.7.2)
+    language_server-protocol (3.17.0.3)
+    method_source (1.1.0)
+    parallel (1.25.1)
+    parser (3.3.4.0)
+      ast (~> 2.4.1)
+      racc
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    racc (1.8.1)
+    rainbow (3.1.1)
+    rake (13.2.1)
+    regexp_parser (2.9.2)
+    rexml (3.3.4)
+      strscan
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.6.0)
-    rspec-mocks (3.6.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.6.0)
-    rspec-support (3.6.0)
-    slop (3.6.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.1)
+    rubocop (1.65.0)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.4, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.31.3)
+      parser (>= 3.3.1.0)
+    rubocop-performance (1.21.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (3.0.3)
+      rubocop (~> 1.61)
+    ruby-progressbar (1.13.0)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    strscan (3.1.0)
+    unicode-display_width (2.5.0)
 PLATFORMS
   ruby
+  x86_64-linux
 DEPENDENCIES
-  pry
-  rake
-  rspec
+  pry (~> 0)
+  rake (~> 13)
+  rspec (~> 3)
+  rubocop (= 1.65)
+  rubocop-performance (~> 1)
+  rubocop-rake (~> 0)
+  rubocop-rspec (~> 3)
   safe_ruby!
+  simplecov (~> 0)
+RUBY VERSION
+   ruby 3.3.1p55
 BUNDLED WITH
-   1.15.4
+   2.5.16

data/README.md CHANGED Viewed

@@ -2,8 +2,8 @@ Safe Ruby
 =========
 Safe Ruby provides a way to run untrusted ruby code outside of the current process in a safe environment.
-Creating this environment is largery based on jruby sandbox, whitelisting the methods one can use on potentially
-dangerous classes. Constants are also whitelisted, eliminating some core ruby functionality such as spawning
+Creating this environment is largery based on jruby sandbox, allowlisting the methods one can use on potentially
+dangerous classes. Constants are also allowlisted, eliminating some core ruby functionality such as spawning
 another process.
 Getting Started

data/Rakefile CHANGED Viewed

@@ -1,9 +1,18 @@
-#!/usr/bin/env rake
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
+Dir['tasks/**/*.rake'].each { |t| load t }
-RSpec::Core::RakeTask.new
+desc 'Continous integration tasks'
+task :ci do
+  [
+    'test:spec',
+    :rubocop
+  ].each do |name|
+    puts "\n=== Running #{name}...\n"
+    Rake::Task[name].invoke
+    puts "\n=== Running #{name} -> Done\n"
+  end
+end
-desc 'Run specs'
-task :default => :spec
+task default: :ci

data/config/rspec ADDED Viewed

@@ -0,0 +1,4 @@
+--format documentation
+--format html --out rspec_results.html
+--color
+--require spec_helper

data/config/rubocop.yml ADDED Viewed

@@ -0,0 +1,76 @@
+# The behavior of RuboCop can be controlled via the .rubocop.yml
+# configuration file. It makes it possible to enable/disable
+# certain cops (checks) and to alter their behavior if they accept
+# any parameters. The file can be placed either in your home
+# directory or in some project directory.
+#
+# RuboCop will start looking for the configuration file in the directory
+# where the inspected file is and continue its way up to the root directory.
+#
+# See https://github.com/rubocop-hq/rubocop/blob/master/manual/configuration.md
+require:
+  - rubocop-performance
+  - rubocop-rspec
+  - rubocop-rake
+AllCops:
+  TargetRubyVersion: 2.7
+  EnabledByDefault: true
+  DisplayCopNames: true
+Style/Copyright:
+  Enabled: true
+  AutocorrectNotice: '# Copyright (c) 2018 Uku Taht'
+Lint/ConstantResolution: # Not available ins rubocop 0.81
+  Enabled: false
+Style/DocumentationMethod:
+  Enabled: false
+Style/StringHashKeys :
+  Enabled: true
+  Exclude:
+    - '*.gemspec'
+Style/MissingElse:
+  EnforcedStyle: case
+Metrics/ModuleLength :
+  Exclude:
+    - 'spec/**/*'
+Metrics/BlockLength :
+  Exclude:
+    - 'spec/**/*'
+    - '*.gemspec'
+Security/Eval :
+  Exclude:
+    - 'Rakefile'
+# rubocop-rspec options
+RSpec/MessageExpectation :
+  Enabled: true
+RSpec/SpecFilePathFormat :
+  Enabled: true
+RSpec/SpecFilePathSuffix :
+  Enabled: true
+RSpec/NestedGroups:
+  Max: 4
+Layout/RedundantLineBreak:
+  Enabled: false
+Style/DisableCopsWithinSourceCodeDirective:
+  Enabled: true
+  AllowedCops: ['Style/OptionHash', 'Security/Eval', 'Security/MarshalLoad',
+  'Metrics/AbcSize', 'Metrics/MethodLength']
+Layout/EndOfLine:
+  EnforcedStyle: lf

data/lib/constant_allowlist.rb ADDED Viewed

@@ -0,0 +1,124 @@
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+ALLOWED_CONSTANTS = %i[
+  Object
+  Module
+  Class
+  BasicObject
+  Kernel
+  NilClass
+  NIL
+  Data
+  TrueClass
+  TRUE
+  FalseClass
+  FALSE
+  Encoding
+  Comparable
+  Enumerable
+  String
+  Symbol
+  Exception
+  SystemExit
+  SignalException
+  Interrupt
+  StandardError
+  TypeError
+  ArgumentError
+  IndexError
+  KeyError
+  RangeError
+  ScriptError
+  SyntaxError
+  LoadError
+  NotImplementedError
+  NameError
+  NoMethodError
+  RuntimeError
+  SecurityError
+  NoMemoryError
+  EncodingError
+  SystemCallError
+  Errno
+  ZeroDivisionError
+  FloatDomainError
+  Numeric
+  Integer
+  Fixnum
+  Float
+  Bignum
+  Array
+  Hash
+  Struct
+  RegexpError
+  Regexp
+  MatchData
+  Marshal
+  Range
+  IOError
+  EOFError
+  IO
+  STDIN
+  STDOUT
+  STDERR
+  Time
+  Random
+  Signal
+  Proc
+  LocalJumpError
+  SystemStackError
+  Method
+  UnboundMethod
+  Binding
+  Math
+  Enumerator
+  StopIteration
+  RubyVM
+  Thread
+  TOPLEVEL_BINDING
+  ThreadGroup
+  Mutex
+  ThreadError
+  Fiber
+  FiberError
+  Rational
+  Complex
+  RUBY_VERSION
+  RUBY_RELEASE_DATE
+  RUBY_PLATFORM
+  RUBY_PATCHLEVEL
+  RUBY_REVISION
+  RUBY_DESCRIPTION
+  RUBY_COPYRIGHT
+  RUBY_ENGINE
+  TracePoint
+  ARGV
+  Gem
+  RbConfig
+  Config
+  CROSS_COMPILING
+  Date
+  ConditionVariable
+  Queue
+  SizedQueue
+  MonitorMixin
+  Monitor
+  Exception2MessageMapper
+  IRB
+  RubyToken
+  RubyLex
+  Readline
+  RUBYGEMS_ACTIVATION_MONITOR
+].freeze

data/lib/make_safe_code.rb CHANGED Viewed

@@ -1,51 +1,56 @@
-MAKE_SAFE_CODE = <<-STRING
-def keep_singleton_methods(klass, singleton_methods)
-  klass = Object.const_get(klass)
-  singleton_methods = singleton_methods.map(&:to_sym)
-  undef_methods = (klass.singleton_methods - singleton_methods)
-  undef_methods.each do |method|
-    klass.singleton_class.send(:undef_method, method)
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+require('constant_allowlist')
+require('method_allowlist')
+MAKE_SAFE_CODE = <<~STRING
+  def keep_singleton_methods(klass, singleton_methods)
+    klass = Object.const_get(klass)
+    singleton_methods = singleton_methods.map(&:to_sym)
+    undef_methods = (klass.singleton_methods - singleton_methods)
+    undef_methods.each do |method|
+      klass.singleton_class.send(:undef_method, method)
+    end
   end
-end
+  def keep_methods(klass, methods)
+    klass = Object.const_get(klass)
+    methods = methods.map(&:to_sym)
+    undef_methods = (klass.methods(false) - methods)
+    undef_methods.each do |method|
+      klass.send(:undef_method, method)
+    end
+  end
-def keep_methods(klass, methods)
-  klass = Object.const_get(klass)
-  methods = methods.map(&:to_sym)
-  undef_methods = (klass.methods(false) - methods)
-  undef_methods.each do |method|
-    klass.send(:undef_method, method)
+  def clean_constants
+    (Object.constants - #{ALLOWED_CONSTANTS}).each do |const|
+      Object.send(:remove_const, const) if defined?(const)
+    end
   end
-end
-def clean_constants
-  (Object.constants - #{ALLOWED_CONSTANTS}).each do |const|
-    Object.send(:remove_const, const) if defined?(const)
+  keep_singleton_methods(:Kernel, #{KERNEL_S_METHODS})
+  keep_singleton_methods(:Symbol, #{SYMBOL_S_METHODS})
+  keep_singleton_methods(:String, #{STRING_S_METHODS})
+  keep_singleton_methods(:IO, #{IO_S_METHODS})
+  keep_methods(:Kernel, #{KERNEL_METHODS})
+  keep_methods(:NilClass, #{NILCLASS_METHODS})
+  keep_methods(:TrueClass, #{TRUECLASS_METHODS})
+  keep_methods(:FalseClass, #{FALSECLASS_METHODS})
+  keep_methods(:Enumerable, #{ENUMERABLE_METHODS})
+  keep_methods(:String, #{STRING_METHODS})
+  Kernel.class_eval do
+   def `(*args)
+     raise NoMethodError, "` is unavailable"
+   end
+   def system(*args)
+     raise NoMethodError, "system is unavailable"
+   end
   end
-end
-keep_singleton_methods(:Kernel, #{KERNEL_S_METHODS})
-keep_singleton_methods(:Symbol, #{SYMBOL_S_METHODS})
-keep_singleton_methods(:String, #{STRING_S_METHODS})
-keep_singleton_methods(:IO, #{IO_S_METHODS})
-keep_methods(:Kernel, #{KERNEL_METHODS})
-keep_methods(:NilClass, #{NILCLASS_METHODS})
-keep_methods(:TrueClass, #{TRUECLASS_METHODS})
-keep_methods(:FalseClass, #{FALSECLASS_METHODS})
-keep_methods(:Enumerable, #{ENUMERABLE_METHODS})
-keep_methods(:String, #{STRING_METHODS})
-Kernel.class_eval do
- def `(*args)
-   raise NoMethodError, "` is unavailable"
- end
- def system(*args)
-   raise NoMethodError, "system is unavailable"
- end
-end
-clean_constants
+  clean_constants
 STRING