safe_ruby 1.0.4 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 4ce790170d44044ced28355157fe912c2946c0b8
-  data.tar.gz: 70413aebb366da1589be48a52f9de33043f060a7
+SHA256:
+  metadata.gz: 4e32c29746cab15458b47b0a08feeab95d23565a37c08a0dcad3f92c6974dd15
+  data.tar.gz: 8f154bd0d1c81592a13b5ce8002eac886ba003664387d8b9b2b699e6fe47805a
 SHA512:
-  metadata.gz: ca7d1a1eb3485a8421634589e35f3d472c874991b2f4e06021a11694e041a4b062b9b0d01535134ca9eb01440a70035519c6315db5397a4cafa59272e940b7e4
-  data.tar.gz: 93dc22473e7a05e26426549be7f8ee3051e217ca2f515e42c37f3480ec422bd3d470be2feb9999f7fdbba11f3ee04e5750ff6c877051fa219bd23dad471a922b
+  metadata.gz: 6e98dc02b58c8f05a563b416d39008cf41e8c6c80cc3be07db5d39b50d5d0e5417d35f94c3e5975ea9ceab9da9f2314047320bf3da42987fec5ac190c88fbe3e
+  data.tar.gz: 816aab9c7f037a6e6387276387702d8a8ce262d6cfe6b68cc0df7cecb169748c4acea47eca8d62a8d231d2fc858ee5245d7ce843cdaa45195782ce2c7be176b2

data/.gitignore

@@ -1,3 +1,4 @@
 *.gem
 .DS_STORE
-lib/.DS_STORE
+lib/.DS_STORE
+/*.html

data/.gitlab-ci.yml

@@ -0,0 +1,42 @@
+default:
+  image: ruby:3.3
+  before_script:
+    - apt-get update
+    - ruby -v
+    - which ruby
+    - gem install bundler --no-document
+    - bundle install --jobs $(nproc) "${FLAGS[@]}"
+
+unit tests:
+  script:
+    - bundle exec rake spec
+
+code_quality:
+  script:
+    - bundle exec rake quality:all
+
+unit tests ruby2.7:
+  image: ruby:2.7
+  before_script:
+    - apt-get update
+    - ruby -v
+    - which ruby
+    - gem install bundler -v 2.4.22 --no-document
+    - bundle install --jobs $(nproc) "${FLAGS[@]}"
+  script:
+    - bundle exec rake spec
+
+unit tests ruby3.0:
+  image: ruby:3.0
+  script:
+    - bundle exec rake spec
+
+unit tests ruby3.1:
+  image: ruby:3.1
+  script:
+    - bundle exec rake spec
+
+unit tests ruby3.2:
+  image: ruby:3.2
+  script:
+    - bundle exec rake spec

data/Gemfile

@@ -1,3 +1,30 @@
-source 'https://rubygems.org'
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
+source('https://rubygems.org')
 
 gemspec
+
+ruby RUBY_VERSION
+
+group :development do
+  # to parse provided Rakefile
+  gem 'rake', '~> 13'
+  # tdd
+  gem 'rspec', '~> 3'
+  # code need to be clean
+  gem 'rubocop', '1.65'
+  # code need to be clean
+  gem 'rubocop-performance', '~> 1'
+  # Rakile needs to be clean
+  gem 'rubocop-rake', '~> 0'
+  # unit tests need to be clean
+  gem 'rubocop-rspec', '~> 3'
+  # What is tdd without code coverage ?
+  gem 'simplecov', '~> 0'
+end
+
+group :debugging do
+  # Sometimes, we need to debug
+  gem 'pry', '~> 0'
+end

data/Gemfile.lock

@@ -1,46 +1,93 @@
 PATH
   remote: .
   specs:
-    safe_ruby (1.0.1)
-      childprocess (>= 0.3.9)
+    safe_ruby (1.0.5)
+      childprocess (~> 5)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    childprocess (0.7.1)
-      ffi (~> 1.0, >= 1.0.11)
-    coderay (1.1.2)
-    diff-lcs (1.3)
-    ffi (1.9.18)
-    method_source (0.8.2)
-    pry (0.10.4)
-      coderay (~> 1.1.0)
-      method_source (~> 0.8.1)
-      slop (~> 3.4)
-    rake (12.1.0)
-    rspec (3.6.0)
-      rspec-core (~> 3.6.0)
-      rspec-expectations (~> 3.6.0)
-      rspec-mocks (~> 3.6.0)
-    rspec-core (3.6.0)
-      rspec-support (~> 3.6.0)
-    rspec-expectations (3.6.0)
+    ast (2.4.2)
+    childprocess (5.0.0)
+    coderay (1.1.3)
+    diff-lcs (1.5.1)
+    docile (1.4.1)
+    json (2.7.2)
+    language_server-protocol (3.17.0.3)
+    method_source (1.1.0)
+    parallel (1.25.1)
+    parser (3.3.4.0)
+      ast (~> 2.4.1)
+      racc
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    racc (1.8.1)
+    rainbow (3.1.1)
+    rake (13.2.1)
+    regexp_parser (2.9.2)
+    rexml (3.3.4)
+      strscan
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.6.0)
-    rspec-mocks (3.6.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.6.0)
-    rspec-support (3.6.0)
-    slop (3.6.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.1)
+    rubocop (1.65.0)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.4, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.31.3)
+      parser (>= 3.3.1.0)
+    rubocop-performance (1.21.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (3.0.3)
+      rubocop (~> 1.61)
+    ruby-progressbar (1.13.0)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    strscan (3.1.0)
+    unicode-display_width (2.5.0)
 
 PLATFORMS
   ruby
+  x86_64-linux
 
 DEPENDENCIES
-  pry
-  rake
-  rspec
+  pry (~> 0)
+  rake (~> 13)
+  rspec (~> 3)
+  rubocop (= 1.65)
+  rubocop-performance (~> 1)
+  rubocop-rake (~> 0)
+  rubocop-rspec (~> 3)
   safe_ruby!
+  simplecov (~> 0)
+
+RUBY VERSION
+   ruby 3.3.1p55
 
 BUNDLED WITH
-   1.15.4
+   2.5.16

data/README.md

@@ -2,8 +2,8 @@ Safe Ruby
 =========
 
 Safe Ruby provides a way to run untrusted ruby code outside of the current process in a safe environment.
-Creating this environment is largery based on jruby sandbox, whitelisting the methods one can use on potentially
-dangerous classes. Constants are also whitelisted, eliminating some core ruby functionality such as spawning
+Creating this environment is largery based on jruby sandbox, allowlisting the methods one can use on potentially
+dangerous classes. Constants are also allowlisted, eliminating some core ruby functionality such as spawning
 another process.
 
 Getting Started

data/Rakefile

@@ -1,9 +1,18 @@
-#!/usr/bin/env rake
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
 
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
+Dir['tasks/**/*.rake'].each { |t| load t }
 
-RSpec::Core::RakeTask.new
+desc 'Continous integration tasks'
+task :ci do
+  [
+    'test:spec',
+    :rubocop
+  ].each do |name|
+    puts "\n=== Running #{name}...\n"
+    Rake::Task[name].invoke
+    puts "\n=== Running #{name} -> Done\n"
+  end
+end
 
-desc 'Run specs'
-task :default => :spec
+task default: :ci

data/config/rspec

@@ -0,0 +1,4 @@
+--format documentation
+--format html --out rspec_results.html
+--color
+--require spec_helper

data/config/rubocop.yml

@@ -0,0 +1,76 @@
+# The behavior of RuboCop can be controlled via the .rubocop.yml
+# configuration file. It makes it possible to enable/disable
+# certain cops (checks) and to alter their behavior if they accept
+# any parameters. The file can be placed either in your home
+# directory or in some project directory.
+#
+# RuboCop will start looking for the configuration file in the directory
+# where the inspected file is and continue its way up to the root directory.
+#
+# See https://github.com/rubocop-hq/rubocop/blob/master/manual/configuration.md
+
+require:
+  - rubocop-performance
+  - rubocop-rspec
+  - rubocop-rake
+
+AllCops:
+  TargetRubyVersion: 2.7
+  EnabledByDefault: true
+  DisplayCopNames: true
+
+Style/Copyright:
+  Enabled: true
+  AutocorrectNotice: '# Copyright (c) 2018 Uku Taht'
+
+Lint/ConstantResolution: # Not available ins rubocop 0.81
+  Enabled: false
+
+Style/DocumentationMethod:
+  Enabled: false
+
+Style/StringHashKeys :
+  Enabled: true
+  Exclude:
+    - '*.gemspec'
+
+Style/MissingElse:
+  EnforcedStyle: case
+
+Metrics/ModuleLength :
+  Exclude:
+    - 'spec/**/*'
+
+Metrics/BlockLength :
+  Exclude:
+    - 'spec/**/*'
+    - '*.gemspec'
+
+Security/Eval :
+  Exclude:
+    - 'Rakefile'
+
+# rubocop-rspec options
+RSpec/MessageExpectation :
+  Enabled: true
+
+RSpec/SpecFilePathFormat :
+  Enabled: true
+
+RSpec/SpecFilePathSuffix :
+  Enabled: true
+
+RSpec/NestedGroups:
+  Max: 4
+
+Layout/RedundantLineBreak:
+  Enabled: false
+  
+Style/DisableCopsWithinSourceCodeDirective:
+  Enabled: true
+  AllowedCops: ['Style/OptionHash', 'Security/Eval', 'Security/MarshalLoad',
+  'Metrics/AbcSize', 'Metrics/MethodLength']
+
+Layout/EndOfLine:
+  EnforcedStyle: lf
+  

data/lib/constant_allowlist.rb

@@ -0,0 +1,124 @@
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
+ALLOWED_CONSTANTS = %i[
+  Object
+  Module
+  Class
+  BasicObject
+  Kernel
+  NilClass
+  NIL
+  Data
+  TrueClass
+  TRUE
+  FalseClass
+  FALSE
+  Encoding
+
+  Comparable
+  Enumerable
+  String
+  Symbol
+  Exception
+  SystemExit
+  SignalException
+  Interrupt
+  StandardError
+  TypeError
+
+  ArgumentError
+  IndexError
+  KeyError
+  RangeError
+  ScriptError
+  SyntaxError
+  LoadError
+  NotImplementedError
+  NameError
+
+  NoMethodError
+  RuntimeError
+  SecurityError
+  NoMemoryError
+  EncodingError
+  SystemCallError
+  Errno
+  ZeroDivisionError
+
+  FloatDomainError
+  Numeric
+  Integer
+  Fixnum
+  Float
+  Bignum
+  Array
+  Hash
+
+  Struct
+  RegexpError
+  Regexp
+
+  MatchData
+  Marshal
+  Range
+  IOError
+  EOFError
+  IO
+  STDIN
+  STDOUT
+  STDERR
+  Time
+  Random
+
+  Signal
+  Proc
+  LocalJumpError
+  SystemStackError
+  Method
+  UnboundMethod
+  Binding
+  Math
+  Enumerator
+
+  StopIteration
+  RubyVM
+  Thread
+  TOPLEVEL_BINDING
+  ThreadGroup
+  Mutex
+  ThreadError
+  Fiber
+  FiberError
+  Rational
+  Complex
+
+  RUBY_VERSION
+  RUBY_RELEASE_DATE
+  RUBY_PLATFORM
+  RUBY_PATCHLEVEL
+  RUBY_REVISION
+  RUBY_DESCRIPTION
+  RUBY_COPYRIGHT
+  RUBY_ENGINE
+
+  TracePoint
+  ARGV
+  Gem
+  RbConfig
+  Config
+  CROSS_COMPILING
+  Date
+  ConditionVariable
+  Queue
+  SizedQueue
+  MonitorMixin
+  Monitor
+
+  Exception2MessageMapper
+  IRB
+  RubyToken
+  RubyLex
+  Readline
+  RUBYGEMS_ACTIVATION_MONITOR
+].freeze

data/lib/make_safe_code.rb

@@ -1,51 +1,56 @@
-MAKE_SAFE_CODE = <<-STRING
-def keep_singleton_methods(klass, singleton_methods)
-  klass = Object.const_get(klass)
-  singleton_methods = singleton_methods.map(&:to_sym)
-  undef_methods = (klass.singleton_methods - singleton_methods)
-
-  undef_methods.each do |method|
-    klass.singleton_class.send(:undef_method, method)
+# Copyright (c) 2018 Uku Taht
+# frozen_string_literal: true
+
+require('constant_allowlist')
+require('method_allowlist')
+
+MAKE_SAFE_CODE = <<~STRING
+  def keep_singleton_methods(klass, singleton_methods)
+    klass = Object.const_get(klass)
+    singleton_methods = singleton_methods.map(&:to_sym)
+    undef_methods = (klass.singleton_methods - singleton_methods)
+
+    undef_methods.each do |method|
+      klass.singleton_class.send(:undef_method, method)
+    end
   end
 
-end
+  def keep_methods(klass, methods)
+    klass = Object.const_get(klass)
+    methods = methods.map(&:to_sym)
+    undef_methods = (klass.methods(false) - methods)
+    undef_methods.each do |method|
+      klass.send(:undef_method, method)
+    end
+  end
 
-def keep_methods(klass, methods)
-  klass = Object.const_get(klass)
-  methods = methods.map(&:to_sym)
-  undef_methods = (klass.methods(false) - methods)
-  undef_methods.each do |method|
-    klass.send(:undef_method, method)
+  def clean_constants
+    (Object.constants - #{ALLOWED_CONSTANTS}).each do |const|
+      Object.send(:remove_const, const) if defined?(const)
+    end
   end
-end
 
-def clean_constants
-  (Object.constants - #{ALLOWED_CONSTANTS}).each do |const|
-    Object.send(:remove_const, const) if defined?(const)
+  keep_singleton_methods(:Kernel, #{KERNEL_S_METHODS})
+  keep_singleton_methods(:Symbol, #{SYMBOL_S_METHODS})
+  keep_singleton_methods(:String, #{STRING_S_METHODS})
+  keep_singleton_methods(:IO, #{IO_S_METHODS})
+
+  keep_methods(:Kernel, #{KERNEL_METHODS})
+  keep_methods(:NilClass, #{NILCLASS_METHODS})
+  keep_methods(:TrueClass, #{TRUECLASS_METHODS})
+  keep_methods(:FalseClass, #{FALSECLASS_METHODS})
+  keep_methods(:Enumerable, #{ENUMERABLE_METHODS})
+  keep_methods(:String, #{STRING_METHODS})
+  Kernel.class_eval do
+   def `(*args)
+     raise NoMethodError, "` is unavailable"
+   end
+
+   def system(*args)
+     raise NoMethodError, "system is unavailable"
+   end
   end
-end
-
-keep_singleton_methods(:Kernel, #{KERNEL_S_METHODS})
-keep_singleton_methods(:Symbol, #{SYMBOL_S_METHODS})
-keep_singleton_methods(:String, #{STRING_S_METHODS})
-keep_singleton_methods(:IO, #{IO_S_METHODS})
-
-keep_methods(:Kernel, #{KERNEL_METHODS})
-keep_methods(:NilClass, #{NILCLASS_METHODS})
-keep_methods(:TrueClass, #{TRUECLASS_METHODS})
-keep_methods(:FalseClass, #{FALSECLASS_METHODS})
-keep_methods(:Enumerable, #{ENUMERABLE_METHODS})
-keep_methods(:String, #{STRING_METHODS})
-Kernel.class_eval do
- def `(*args)
-   raise NoMethodError, "` is unavailable"
- end
-
- def system(*args)
-   raise NoMethodError, "system is unavailable"
- end
-end
-
-clean_constants
+
+  clean_constants
 
 STRING