safe_ruby 1.0.4 → 1.0.5

data/lib/method_allowlist.rb

@@ -0,0 +1,272 @@
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
+IO_S_METHODS = %w[
+  new
+  foreach
+  open
+].freeze
+
+KERNEL_S_METHODS = %w[
+  Array
+  binding
+  block_given?
+  catch
+  chomp
+  chomp!
+  chop
+  chop!
+  eval
+  fail
+  Float
+  format
+  global_variables
+  gsub
+  gsub!
+  Integer
+  iterator?
+  lambda
+  local_variables
+  loop
+  method_missing
+  proc
+  raise
+  scan
+  split
+  sprintf
+  String
+  sub
+  sub!
+  throw
+].freeze
+
+SYMBOL_S_METHODS = %w[
+  all_symbols
+].freeze
+
+STRING_S_METHODS = [].freeze
+
+KERNEL_METHODS = %w[
+  ==
+
+  ray
+  nding
+  ock_given?
+  tch
+  omp
+  omp!
+  op
+  op!
+  ass
+  clone
+  dup
+  eql?
+  equal?
+  eval
+  fail
+  Float
+  format
+  freeze
+  frozen?
+  global_variables
+  gsub
+  gsub!
+  hash
+  id
+  initialize_copy
+  inspect
+  instance_eval
+  instance_of?
+  instance_variables
+  instance_variable_get
+  instance_variable_set
+  instance_variable_defined?
+  Integer
+  is_a?
+  iterator?
+  kind_of?
+  lambda
+  local_variables
+  loop
+  methods
+  method_missing
+  nil?
+  private_methods
+  print
+  proc
+  protected_methods
+  public_methods
+  raise
+  remove_instance_variable
+  respond_to?
+  respond_to_missing?
+  scan
+  send
+  singleton_methods
+  singleton_method_added
+  singleton_method_removed
+  singleton_method_undefined
+  split
+  sprintf
+  String
+  sub
+  sub!
+  taint
+  tainted?
+  throw
+  to_a
+  to_s
+  type
+  untaint
+  __send__
+].freeze
+
+NILCLASS_METHODS = %w[
+  &
+  inspect
+  nil?
+  to_a
+  to_f
+  to_i
+  to_s
+  ^
+  |
+].freeze
+
+SYMBOL_METHODS = %w[
+  ===
+  id2name
+  inspect
+  to_i
+  to_int
+  to_s
+  to_sym
+].freeze
+
+TRUECLASS_METHODS = %w[
+  &
+  to_s
+  ^
+  |
+].freeze
+
+FALSECLASS_METHODS = %w[
+  &
+  to_s
+  ^
+  |
+].freeze
+
+ENUMERABLE_METHODS = %w[
+  all?
+  any?
+  collect
+  detect
+  each_with_index
+  entries
+  find
+  find_all
+  grep
+  include?
+  inject
+  map
+  max
+  member?
+  min
+  partition
+  reject
+  select
+  sort
+  sort_by
+  to_a
+  zip
+].freeze
+
+STRING_METHODS = %w[
+  %
+  *
+  +
+  <<
+  <=>
+  ==
+  =~
+  capitalize
+  capitalize!
+  casecmp
+  center
+  chomp
+  chomp!
+  chop
+  chop!
+  concat
+  count
+  crypt
+  delete
+  delete!
+  downcase
+  downcase!
+  dump
+  each
+  each_byte
+  each_line
+  empty?
+  eql?
+  gsub
+  gsub!
+  hash
+  hex
+  include?
+  index
+  initialize
+  initialize_copy
+  insert
+  inspect
+  intern
+  length
+  ljust
+  lines
+  lstrip
+  lstrip!
+  match
+  next
+  next!
+  oct
+  replace
+  reverse
+  reverse!
+  rindex
+  rjust
+  rstrip
+  rstrip!
+  scan
+  size
+  slice
+  slice!
+  split
+  squeeze
+  squeeze!
+  strip
+  strip!
+  start_with?
+  sub
+  sub!
+  succ
+  succ!
+  sum
+  swapcase
+  swapcase!
+  to_f
+  to_i
+  to_s
+  to_str
+  to_sym
+  tr
+  tr!
+  tr_s
+  tr_s!
+  upcase
+  upcase!
+  upto
+  []
+  []=
+].freeze

data/lib/safe_ruby/runner.rb

@@ -1,36 +1,56 @@
-require 'tempfile'
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
+require('childprocess')
+require('tempfile')
 
 class EvalError < StandardError
-  def initialize(msg); super; end
 end
 
+# main class
 class SafeRuby
-  DEFAULTS = { timeout: 5,
-               raise_errors: true }
+  DEFAULTS = {
+    timeout: 5,
+    raise_errors: true
+  }.freeze
+  private_constant :DEFAULTS
 
-  def initialize(code, options={})
+  # rubocop:disable Style/OptionHash
+  def self.eval(code, options = {})
+    new(code, options).eval
+  end
+  # rubocop:enable Style/OptionHash
+
+  def self.check(code, expected)
+    # rubocop:disable Security/Eval
+    eval(code) == eval(expected)
+    # rubocop:enable Security/Eval
+  end
+
+  # rubocop:disable Style/OptionHash
+  def initialize(code, options = {})
     options = DEFAULTS.merge(options)
 
     @code         = code
     @raise_errors = options[:raise_errors]
     @timeout      = options[:timeout]
   end
+  # rubocop:enable Style/OptionHash
 
-  def self.eval(code, options={})
-    new(code, options).eval
-  end
-
+  # rubocop:disable Metrics/AbcSize
+  # rubocop:disable Metrics/MethodLength
   def eval
     temp = build_tempfile
     read, write = IO.pipe
-    ChildProcess.build("ruby", temp.path).tap do |process|
+    ChildProcess.build('ruby', temp.path).tap do |process|
       process.io.stdout = write
       process.io.stderr = write
       process.start
       begin
         process.poll_for_exit(@timeout)
       rescue ChildProcess::TimeoutError => e
-        process.stop # tries increasingly harsher methods to kill the process.
+        # tries increasingly harsher methods to kill the process.
+        process.stop
         return e.message
       end
       write.close
@@ -39,30 +59,29 @@ class SafeRuby
 
     data = read.read
     begin
+      # rubocop:disable Security/MarshalLoad
       Marshal.load(data)
-    rescue => e
-      if @raise_errors
-        raise data
-      else
-        return data
-      end
-    end
-  end
+      # rubocop:enable Security/MarshalLoad
+    rescue StandardError
+      raise(data) if @raise_errors
 
-  def self.check(code, expected)
-    eval(code) == eval(expected)
+      data
+    end
   end
-
+  # rubocop:enable Metrics/AbcSize
+  # rubocop:enable Metrics/MethodLength
 
   private
 
   def build_tempfile
     file = Tempfile.new('saferuby')
     file.write(MAKE_SAFE_CODE)
-    file.write <<-STRING
-      result = eval(%q(#{@code}))
-      print Marshal.dump(result)
-    STRING
+    file.write(
+      <<~STRING
+        result = eval(%q(#{@code}))
+        print Marshal.dump(result)
+      STRING
+    )
     file.rewind
     file
   end

data/lib/safe_ruby/version.rb

@@ -1,7 +1,16 @@
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
+# main class
 class SafeRuby
   MAJOR_VERSION = 1
   MINOR_VERSION = 0
-  RELEASE_VERSION = 4
+  RELEASE_VERSION = 5
+
+  private_constant :MAJOR_VERSION
+  private_constant :MINOR_VERSION
+  private_constant :RELEASE_VERSION
 
   VERSION = [MAJOR_VERSION, MINOR_VERSION, RELEASE_VERSION].join('.')
+  public_constant :VERSION
 end

data/lib/safe_ruby.rb

@@ -1,9 +1,6 @@
-require 'childprocess'
-require_relative 'method_whitelist'
-require_relative 'constant_whitelist'
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
 require_relative 'make_safe_code'
 require_relative 'safe_ruby/runner'
 require_relative 'safe_ruby/version'
-
-class SafeRuby
-end

data/safe_ruby.gemspec

@@ -1,27 +1,30 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'safe_ruby/version'
 
 Gem::Specification.new do |s|
+  s.required_ruby_version = '>= 2.7'
   s.name        = 'safe_ruby'
   s.version     = SafeRuby::VERSION
-  s.authors     = ["Uku Taht"]
-  s.email       = 'uku.taht@gmail.com'
+  s.authors     = ['Jérôme Arbez-Gindre', 'Uku Taht']
+  s.email       = 'jeromearbezgindre@gmail.com'
 
-  s.summary     = "Run untrusted ruby code in a safe environment"
-  s.description = "Evaluates ruby code by writing it to a tempfile and spawning a child process. Uses a whitelist of methods and constants to keep, for example one cannot run system commands in the environment created by this gem. The environment created by the untrusted code does not leak out into the parent process."
-  s.homepage    = 'http://rubygems.org/gems/safe_ruby'
+  s.summary     = 'Run untrusted ruby code in a safe environment'
+  s.description = 'Evaluates ruby code by writing it to a tempfile and spawning a child ' \
+                  'process. Uses a allowlist of methods and constants to keep, for example ' \
+                  'one cannot run system commands in the environment created by this gem. ' \
+                  'The environment created by the untrusted code does not leak out into ' \
+                  'the parent process.'
+  s.homepage    = 'https://gitlab.com/defmastership/safe_ruby/'
   s.license     = 'MIT'
 
-  s.executables    = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.executables    = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.files          = `git ls-files`.split("\n")
-  s.test_files     = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.require_paths = ["lib"]
-
-  s.add_runtime_dependency 'childprocess', '>= 0.3.9'
+  s.require_paths = ['lib']
 
-  s.add_development_dependency 'pry'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'rspec'
+  s.add_dependency('childprocess', '~> 5')
+  s.metadata['rubygems_mfa_required'] = 'true'
 end

data/spec/safe_ruby_spec.rb

@@ -1,73 +1,81 @@
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
 require 'spec_helper'
 
+MALICIOUS_OPERATIONS = [
+  "system('rm *')",
+  '`rm *`',
+  'Kernel.abort',
+  'cat spec/spec_helper.rb',
+  'File.class_eval { `echo Hello` }',
+  'FileUtils.class_eval { `echo Hello` }',
+  'Dir.class_eval { `echo Hello` }',
+  'FileTest.class_eval { `echo Hello` }',
+  'File.eval "`echo Hello`"',
+  'FileUtils.eval "`echo Hello`"',
+  'Dir.eval "`echo Hello`"',
+  'FileTest.eval "`echo Hello`"',
+  'File.instance_eval { `echo Hello` }',
+  'FileUtils.instance_eval { `echo Hello` }',
+  'Dir.instance_eval { `echo Hello` }',
+  'FileTest.instance_eval { `echo Hello` }',
+  "f=IO.popen('uname'); f.readlines; f.close",
+  "IO.binread('/etc/passwd')",
+  "IO.read('/etc/passwd')"
+].freeze
+
 describe SafeRuby do
   describe '#eval' do
     it 'allows basic operations' do
-      expect(SafeRuby.eval('4 + 5')).to eq 9
-      expect(SafeRuby.eval('[4, 5].map{|n| n+1}')).to eq [5 ,6]
+      expect(described_class.eval('4 + 5')).to(eq(9))
     end
 
-    it 'returns correct object' do
-      expect(SafeRuby.eval('[1,2,3]')).to eq [1,2,3]
+    it 'allows basic operations with map' do
+      expect(described_class.eval('[4, 5].map{|n| n+1}')).to(eq([5, 6]))
     end
 
-    MALICIOUS_OPERATIONS = [
-      "system('rm *')",
-      "`rm *`",
-      "Kernel.abort",
-      "cat spec/spec_helper.rb",
-      "File.class_eval { `echo Hello` }",
-      "FileUtils.class_eval { `echo Hello` }",
-      "Dir.class_eval { `echo Hello` }",
-      "FileTest.class_eval { `echo Hello` }",
-      "File.eval \"`echo Hello`\"",
-      "FileUtils.eval \"`echo Hello`\"",
-      "Dir.eval \"`echo Hello`\"",
-      "FileTest.eval \"`echo Hello`\"",
-      "File.instance_eval { `echo Hello` }",
-      "FileUtils.instance_eval { `echo Hello` }",
-      "Dir.instance_eval { `echo Hello` }",
-      "FileTest.instance_eval { `echo Hello` }",
-      "f=IO.popen('uname'); f.readlines; f.close",
-      "IO.binread('/etc/passwd')",
-      "IO.read('/etc/passwd')",
-    ]
+    it 'returns correct object' do
+      expect(described_class.eval('[1,2,3]')).to(eq([1, 2, 3]))
+    end
 
     MALICIOUS_OPERATIONS.each do |op|
       it "protects from malicious operations like (#{op})" do
-        expect{
-          SafeRuby.eval(op) 
-        }.to raise_error RuntimeError
+        expect { described_class.eval(op) }
+          .to(raise_error(RuntimeError))
       end
     end
 
-    describe "options" do
-      describe "timeout" do
+    describe 'options' do
+      describe 'timeout' do
         it 'defaults to a 5 second timeout' do
-          time = Benchmark.realtime do
-            SafeRuby.eval('(1..100000).map {|n| n**100}')
-          end
-          expect(time).to be_within(0.5).of(5)
+          time =
+            Benchmark.realtime do
+              described_class.eval('(1..100000).map {|n| n**100}')
+            end
+          expect(time).to(be_within(0.5).of(5))
         end
 
         it 'allows custom timeout' do
-          time = Benchmark.realtime do
-            SafeRuby.eval('(1..100000).map {|n| n**100}', timeout: 1)
-          end
-          expect(time).to be_within(0.5).of(1)
+          time =
+            Benchmark.realtime do
+              described_class.eval('(1..100000).map {|n| n**100}', timeout: 1)
+            end
+          expect(time).to(be_within(0.5).of(1))
         end
       end
 
-      describe "raising errors" do
-        it "defaults to raising errors" do
-          expect{ SafeRuby.eval("asdasdasd") }.to raise_error RuntimeError
+      describe 'raising errors' do
+        it 'defaults to raising errors' do
+          expect { described_class.eval('asdasdasd') }
+            .to(raise_error(RuntimeError))
         end
 
-        it "allows not raising errors" do
-          expect {SafeRuby.eval("asdasd", raise_errors: false)}.to_not raise_error
+        it 'allows not raising errors' do
+          expect { described_class.eval('asdasd', raise_errors: false) }
+            .not_to(raise_error)
         end
       end
     end
-
   end
 end

data/spec/spec_helper.rb

@@ -1,9 +1,12 @@
-require 'safe_ruby'
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
 require 'benchmark'
+require 'safe_ruby'
 
 RSpec.configure do |config|
   config.run_all_when_everything_filtered = true
-  config.filter_run :focus
+  config.filter_run(:focus)
 
   config.order = 'random'
 end

data/tasks/console.rake

@@ -0,0 +1,8 @@
+# Copyright (c) 2023 Jerome Arbez-Gindre
+# frozen_string_literal: true
+
+desc 'Starts the interactive console'
+task :console do
+  require 'pry'
+  Pry.start
+end

data/tasks/package.rake

@@ -0,0 +1,4 @@
+# Copyright (c) 2023 Jerome Arbez-Gindre
+# frozen_string_literal: true
+
+require('bundler/gem_tasks')

data/tasks/smelling_code.rake

@@ -0,0 +1,23 @@
+# Copyright (c) 2023 Jerome Arbez-Gindre
+# frozen_string_literal: true
+
+namespace 'quality' do
+  begin
+    require('rubocop/rake_task')
+
+    RuboCop::RakeTask.new do |task|
+      task.options << '--display-cop-names'
+      task.options << '--config=config/rubocop.yml'
+    end
+  rescue LoadError
+    task(:rubocop) do
+      puts('Install rubocop to run its rake tasks')
+    end
+  end
+
+  desc 'Runs all quality code check'
+  task(all: ['quality:rubocop'])
+end
+
+desc 'Synonym for quality:rubocop'
+task(rubocop: 'quality:rubocop')

data/tasks/test.rake

@@ -0,0 +1,19 @@
+# Copyright (c) 2023 Jerome Arbez-Gindre
+# frozen_string_literal: true
+
+require('rspec/core/rake_task')
+
+namespace 'test' do
+  RSpec::Core::RakeTask.new(:spec) do |t|
+    t.rspec_opts = ['--options config/rspec']
+  end
+
+  desc 'Runs all unit tests and acceptance tests'
+  task(all: ['test:spec'])
+end
+
+desc 'Synonym for test:spec'
+task(spec: 'test:spec')
+
+desc 'Synonym for test:all'
+task(test: 'test:all')