safe_ruby 0.0.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/safe_ruby.rb +1 -1
- data/lib/safe_ruby_runner.rb +31 -16
- metadata +19 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: de496912b7b02e5c957d14dfd8f948ad61b67e91
|
|
4
|
+
data.tar.gz: dd35f9355735b7ea5c8b8142487b0e94543eb3bc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f99d15ed28e01b364fc7875be6cac1e6dbb0cf8f5e017b799c4e88219e8b62867f2dbc709cee31a831787918985ddd28644d11adffe97eee7d3b11f3cf38ffe0
|
|
7
|
+
data.tar.gz: 4e71378723c608036ac912b5b329a96d73dc2decfb100df314cef0fa27d9fa2514fa8c463bbd72d261dcc3832ab979dd33c65df8d1f9edee0c461dc9134e6cda
|
data/lib/safe_ruby.rb
CHANGED
data/lib/safe_ruby_runner.rb
CHANGED
|
@@ -1,14 +1,18 @@
|
|
|
1
|
+
class EvalError < StandardError
|
|
2
|
+
def initialize(msg); super; end
|
|
3
|
+
end
|
|
4
|
+
|
|
1
5
|
class SafeRuby
|
|
2
|
-
|
|
3
|
-
@code = code
|
|
4
|
-
end
|
|
6
|
+
DEFAULTS = { timeout: 5 }
|
|
5
7
|
|
|
6
|
-
def
|
|
7
|
-
|
|
8
|
+
def initialize(code, options={})
|
|
9
|
+
@code = code
|
|
10
|
+
options = DEFAULTS.merge(options)
|
|
11
|
+
@timeout = options[:timeout]
|
|
8
12
|
end
|
|
9
13
|
|
|
10
|
-
def self.
|
|
11
|
-
|
|
14
|
+
def self.eval(code, options={})
|
|
15
|
+
new(code, options).eval
|
|
12
16
|
end
|
|
13
17
|
|
|
14
18
|
def eval
|
|
@@ -18,14 +22,29 @@ class SafeRuby
|
|
|
18
22
|
process.io.stdout = write
|
|
19
23
|
process.io.stderr = write
|
|
20
24
|
process.start
|
|
21
|
-
|
|
25
|
+
begin
|
|
26
|
+
process.poll_for_exit(@timeout)
|
|
27
|
+
rescue ChildProcess::TimeoutError => e
|
|
28
|
+
process.stop # tries increasingly harsher methods to kill the process.
|
|
29
|
+
return e
|
|
30
|
+
end
|
|
22
31
|
write.close
|
|
32
|
+
temp.unlink
|
|
23
33
|
end
|
|
24
34
|
|
|
25
35
|
data = read.read
|
|
26
|
-
|
|
36
|
+
begin
|
|
37
|
+
Marshal.load(data)
|
|
38
|
+
rescue => e
|
|
39
|
+
raise data
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def self.check(code, expected)
|
|
44
|
+
eval(code) == eval(expected)
|
|
27
45
|
end
|
|
28
46
|
|
|
47
|
+
|
|
29
48
|
private
|
|
30
49
|
|
|
31
50
|
def build_tempfile
|
|
@@ -33,14 +52,10 @@ class SafeRuby
|
|
|
33
52
|
file = Tempfile.new('saferuby')
|
|
34
53
|
file.write(MAKE_SAFE_CODE)
|
|
35
54
|
file.write <<-STRING
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
puts Marshal.dump(result)
|
|
39
|
-
rescue => e
|
|
40
|
-
print e
|
|
41
|
-
end
|
|
55
|
+
result = eval('#{@code}')
|
|
56
|
+
print Marshal.dump(result)
|
|
42
57
|
STRING
|
|
43
58
|
file.rewind
|
|
44
59
|
file
|
|
45
60
|
end
|
|
46
|
-
end
|
|
61
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: safe_ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Uku Taht
|
|
@@ -24,7 +24,24 @@ dependencies:
|
|
|
24
24
|
- - '>='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 0.3.9
|
|
27
|
-
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: rspec
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - '>='
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 2.14.1
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - '>='
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 2.14.1
|
|
41
|
+
description: Evaluates ruby code by writing it to a tempfile and spawning a child
|
|
42
|
+
process. Uses a whitelist of methods and constants to keep, for example one cannot
|
|
43
|
+
run system commands in the environment created by this gem. The environment created
|
|
44
|
+
by the untrusted code does not leak out into the parent process.
|
|
28
45
|
email: uku.taht@gmail.com
|
|
29
46
|
executables: []
|
|
30
47
|
extensions: []
|