safe_ruby 1.0.4 → 1.0.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 4ce790170d44044ced28355157fe912c2946c0b8
4
- data.tar.gz: 70413aebb366da1589be48a52f9de33043f060a7
2
+ SHA256:
3
+ metadata.gz: 4e32c29746cab15458b47b0a08feeab95d23565a37c08a0dcad3f92c6974dd15
4
+ data.tar.gz: 8f154bd0d1c81592a13b5ce8002eac886ba003664387d8b9b2b699e6fe47805a
5
5
  SHA512:
6
- metadata.gz: ca7d1a1eb3485a8421634589e35f3d472c874991b2f4e06021a11694e041a4b062b9b0d01535134ca9eb01440a70035519c6315db5397a4cafa59272e940b7e4
7
- data.tar.gz: 93dc22473e7a05e26426549be7f8ee3051e217ca2f515e42c37f3480ec422bd3d470be2feb9999f7fdbba11f3ee04e5750ff6c877051fa219bd23dad471a922b
6
+ metadata.gz: 6e98dc02b58c8f05a563b416d39008cf41e8c6c80cc3be07db5d39b50d5d0e5417d35f94c3e5975ea9ceab9da9f2314047320bf3da42987fec5ac190c88fbe3e
7
+ data.tar.gz: 816aab9c7f037a6e6387276387702d8a8ce262d6cfe6b68cc0df7cecb169748c4acea47eca8d62a8d231d2fc858ee5245d7ce843cdaa45195782ce2c7be176b2
data/.gitignore CHANGED
@@ -1,3 +1,4 @@
1
1
  *.gem
2
2
  .DS_STORE
3
- lib/.DS_STORE
3
+ lib/.DS_STORE
4
+ /*.html
data/.gitlab-ci.yml ADDED
@@ -0,0 +1,42 @@
1
+ default:
2
+ image: ruby:3.3
3
+ before_script:
4
+ - apt-get update
5
+ - ruby -v
6
+ - which ruby
7
+ - gem install bundler --no-document
8
+ - bundle install --jobs $(nproc) "${FLAGS[@]}"
9
+
10
+ unit tests:
11
+ script:
12
+ - bundle exec rake spec
13
+
14
+ code_quality:
15
+ script:
16
+ - bundle exec rake quality:all
17
+
18
+ unit tests ruby2.7:
19
+ image: ruby:2.7
20
+ before_script:
21
+ - apt-get update
22
+ - ruby -v
23
+ - which ruby
24
+ - gem install bundler -v 2.4.22 --no-document
25
+ - bundle install --jobs $(nproc) "${FLAGS[@]}"
26
+ script:
27
+ - bundle exec rake spec
28
+
29
+ unit tests ruby3.0:
30
+ image: ruby:3.0
31
+ script:
32
+ - bundle exec rake spec
33
+
34
+ unit tests ruby3.1:
35
+ image: ruby:3.1
36
+ script:
37
+ - bundle exec rake spec
38
+
39
+ unit tests ruby3.2:
40
+ image: ruby:3.2
41
+ script:
42
+ - bundle exec rake spec
data/Gemfile CHANGED
@@ -1,3 +1,30 @@
1
- source 'https://rubygems.org'
1
+ # Copyright (c) 2018 Uku Taht
2
+ # frozen_string_literal: true
3
+
4
+ source('https://rubygems.org')
2
5
 
3
6
  gemspec
7
+
8
+ ruby RUBY_VERSION
9
+
10
+ group :development do
11
+ # to parse provided Rakefile
12
+ gem 'rake', '~> 13'
13
+ # tdd
14
+ gem 'rspec', '~> 3'
15
+ # code need to be clean
16
+ gem 'rubocop', '1.65'
17
+ # code need to be clean
18
+ gem 'rubocop-performance', '~> 1'
19
+ # Rakile needs to be clean
20
+ gem 'rubocop-rake', '~> 0'
21
+ # unit tests need to be clean
22
+ gem 'rubocop-rspec', '~> 3'
23
+ # What is tdd without code coverage ?
24
+ gem 'simplecov', '~> 0'
25
+ end
26
+
27
+ group :debugging do
28
+ # Sometimes, we need to debug
29
+ gem 'pry', '~> 0'
30
+ end
data/Gemfile.lock CHANGED
@@ -1,46 +1,93 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- safe_ruby (1.0.1)
5
- childprocess (>= 0.3.9)
4
+ safe_ruby (1.0.5)
5
+ childprocess (~> 5)
6
6
 
7
7
  GEM
8
8
  remote: https://rubygems.org/
9
9
  specs:
10
- childprocess (0.7.1)
11
- ffi (~> 1.0, >= 1.0.11)
12
- coderay (1.1.2)
13
- diff-lcs (1.3)
14
- ffi (1.9.18)
15
- method_source (0.8.2)
16
- pry (0.10.4)
17
- coderay (~> 1.1.0)
18
- method_source (~> 0.8.1)
19
- slop (~> 3.4)
20
- rake (12.1.0)
21
- rspec (3.6.0)
22
- rspec-core (~> 3.6.0)
23
- rspec-expectations (~> 3.6.0)
24
- rspec-mocks (~> 3.6.0)
25
- rspec-core (3.6.0)
26
- rspec-support (~> 3.6.0)
27
- rspec-expectations (3.6.0)
10
+ ast (2.4.2)
11
+ childprocess (5.0.0)
12
+ coderay (1.1.3)
13
+ diff-lcs (1.5.1)
14
+ docile (1.4.1)
15
+ json (2.7.2)
16
+ language_server-protocol (3.17.0.3)
17
+ method_source (1.1.0)
18
+ parallel (1.25.1)
19
+ parser (3.3.4.0)
20
+ ast (~> 2.4.1)
21
+ racc
22
+ pry (0.14.2)
23
+ coderay (~> 1.1)
24
+ method_source (~> 1.0)
25
+ racc (1.8.1)
26
+ rainbow (3.1.1)
27
+ rake (13.2.1)
28
+ regexp_parser (2.9.2)
29
+ rexml (3.3.4)
30
+ strscan
31
+ rspec (3.13.0)
32
+ rspec-core (~> 3.13.0)
33
+ rspec-expectations (~> 3.13.0)
34
+ rspec-mocks (~> 3.13.0)
35
+ rspec-core (3.13.0)
36
+ rspec-support (~> 3.13.0)
37
+ rspec-expectations (3.13.1)
28
38
  diff-lcs (>= 1.2.0, < 2.0)
29
- rspec-support (~> 3.6.0)
30
- rspec-mocks (3.6.0)
39
+ rspec-support (~> 3.13.0)
40
+ rspec-mocks (3.13.1)
31
41
  diff-lcs (>= 1.2.0, < 2.0)
32
- rspec-support (~> 3.6.0)
33
- rspec-support (3.6.0)
34
- slop (3.6.0)
42
+ rspec-support (~> 3.13.0)
43
+ rspec-support (3.13.1)
44
+ rubocop (1.65.0)
45
+ json (~> 2.3)
46
+ language_server-protocol (>= 3.17.0)
47
+ parallel (~> 1.10)
48
+ parser (>= 3.3.0.2)
49
+ rainbow (>= 2.2.2, < 4.0)
50
+ regexp_parser (>= 2.4, < 3.0)
51
+ rexml (>= 3.2.5, < 4.0)
52
+ rubocop-ast (>= 1.31.1, < 2.0)
53
+ ruby-progressbar (~> 1.7)
54
+ unicode-display_width (>= 2.4.0, < 3.0)
55
+ rubocop-ast (1.31.3)
56
+ parser (>= 3.3.1.0)
57
+ rubocop-performance (1.21.1)
58
+ rubocop (>= 1.48.1, < 2.0)
59
+ rubocop-ast (>= 1.31.1, < 2.0)
60
+ rubocop-rake (0.6.0)
61
+ rubocop (~> 1.0)
62
+ rubocop-rspec (3.0.3)
63
+ rubocop (~> 1.61)
64
+ ruby-progressbar (1.13.0)
65
+ simplecov (0.22.0)
66
+ docile (~> 1.1)
67
+ simplecov-html (~> 0.11)
68
+ simplecov_json_formatter (~> 0.1)
69
+ simplecov-html (0.12.3)
70
+ simplecov_json_formatter (0.1.4)
71
+ strscan (3.1.0)
72
+ unicode-display_width (2.5.0)
35
73
 
36
74
  PLATFORMS
37
75
  ruby
76
+ x86_64-linux
38
77
 
39
78
  DEPENDENCIES
40
- pry
41
- rake
42
- rspec
79
+ pry (~> 0)
80
+ rake (~> 13)
81
+ rspec (~> 3)
82
+ rubocop (= 1.65)
83
+ rubocop-performance (~> 1)
84
+ rubocop-rake (~> 0)
85
+ rubocop-rspec (~> 3)
43
86
  safe_ruby!
87
+ simplecov (~> 0)
88
+
89
+ RUBY VERSION
90
+ ruby 3.3.1p55
44
91
 
45
92
  BUNDLED WITH
46
- 1.15.4
93
+ 2.5.16
data/README.md CHANGED
@@ -2,8 +2,8 @@ Safe Ruby
2
2
  =========
3
3
 
4
4
  Safe Ruby provides a way to run untrusted ruby code outside of the current process in a safe environment.
5
- Creating this environment is largery based on jruby sandbox, whitelisting the methods one can use on potentially
6
- dangerous classes. Constants are also whitelisted, eliminating some core ruby functionality such as spawning
5
+ Creating this environment is largery based on jruby sandbox, allowlisting the methods one can use on potentially
6
+ dangerous classes. Constants are also allowlisted, eliminating some core ruby functionality such as spawning
7
7
  another process.
8
8
 
9
9
  Getting Started
data/Rakefile CHANGED
@@ -1,9 +1,18 @@
1
- #!/usr/bin/env rake
1
+ # Copyright (c) 2018 Uku Taht
2
+ # frozen_string_literal: true
2
3
 
3
- require 'bundler/gem_tasks'
4
- require 'rspec/core/rake_task'
4
+ Dir['tasks/**/*.rake'].each { |t| load t }
5
5
 
6
- RSpec::Core::RakeTask.new
6
+ desc 'Continous integration tasks'
7
+ task :ci do
8
+ [
9
+ 'test:spec',
10
+ :rubocop
11
+ ].each do |name|
12
+ puts "\n=== Running #{name}...\n"
13
+ Rake::Task[name].invoke
14
+ puts "\n=== Running #{name} -> Done\n"
15
+ end
16
+ end
7
17
 
8
- desc 'Run specs'
9
- task :default => :spec
18
+ task default: :ci
data/config/rspec ADDED
@@ -0,0 +1,4 @@
1
+ --format documentation
2
+ --format html --out rspec_results.html
3
+ --color
4
+ --require spec_helper
@@ -0,0 +1,76 @@
1
+ # The behavior of RuboCop can be controlled via the .rubocop.yml
2
+ # configuration file. It makes it possible to enable/disable
3
+ # certain cops (checks) and to alter their behavior if they accept
4
+ # any parameters. The file can be placed either in your home
5
+ # directory or in some project directory.
6
+ #
7
+ # RuboCop will start looking for the configuration file in the directory
8
+ # where the inspected file is and continue its way up to the root directory.
9
+ #
10
+ # See https://github.com/rubocop-hq/rubocop/blob/master/manual/configuration.md
11
+
12
+ require:
13
+ - rubocop-performance
14
+ - rubocop-rspec
15
+ - rubocop-rake
16
+
17
+ AllCops:
18
+ TargetRubyVersion: 2.7
19
+ EnabledByDefault: true
20
+ DisplayCopNames: true
21
+
22
+ Style/Copyright:
23
+ Enabled: true
24
+ AutocorrectNotice: '# Copyright (c) 2018 Uku Taht'
25
+
26
+ Lint/ConstantResolution: # Not available ins rubocop 0.81
27
+ Enabled: false
28
+
29
+ Style/DocumentationMethod:
30
+ Enabled: false
31
+
32
+ Style/StringHashKeys :
33
+ Enabled: true
34
+ Exclude:
35
+ - '*.gemspec'
36
+
37
+ Style/MissingElse:
38
+ EnforcedStyle: case
39
+
40
+ Metrics/ModuleLength :
41
+ Exclude:
42
+ - 'spec/**/*'
43
+
44
+ Metrics/BlockLength :
45
+ Exclude:
46
+ - 'spec/**/*'
47
+ - '*.gemspec'
48
+
49
+ Security/Eval :
50
+ Exclude:
51
+ - 'Rakefile'
52
+
53
+ # rubocop-rspec options
54
+ RSpec/MessageExpectation :
55
+ Enabled: true
56
+
57
+ RSpec/SpecFilePathFormat :
58
+ Enabled: true
59
+
60
+ RSpec/SpecFilePathSuffix :
61
+ Enabled: true
62
+
63
+ RSpec/NestedGroups:
64
+ Max: 4
65
+
66
+ Layout/RedundantLineBreak:
67
+ Enabled: false
68
+
69
+ Style/DisableCopsWithinSourceCodeDirective:
70
+ Enabled: true
71
+ AllowedCops: ['Style/OptionHash', 'Security/Eval', 'Security/MarshalLoad',
72
+ 'Metrics/AbcSize', 'Metrics/MethodLength']
73
+
74
+ Layout/EndOfLine:
75
+ EnforcedStyle: lf
76
+
@@ -0,0 +1,124 @@
1
+ # Copyright (c) 2018 Uku Taht
2
+ # frozen_string_literal: true
3
+
4
+ ALLOWED_CONSTANTS = %i[
5
+ Object
6
+ Module
7
+ Class
8
+ BasicObject
9
+ Kernel
10
+ NilClass
11
+ NIL
12
+ Data
13
+ TrueClass
14
+ TRUE
15
+ FalseClass
16
+ FALSE
17
+ Encoding
18
+
19
+ Comparable
20
+ Enumerable
21
+ String
22
+ Symbol
23
+ Exception
24
+ SystemExit
25
+ SignalException
26
+ Interrupt
27
+ StandardError
28
+ TypeError
29
+
30
+ ArgumentError
31
+ IndexError
32
+ KeyError
33
+ RangeError
34
+ ScriptError
35
+ SyntaxError
36
+ LoadError
37
+ NotImplementedError
38
+ NameError
39
+
40
+ NoMethodError
41
+ RuntimeError
42
+ SecurityError
43
+ NoMemoryError
44
+ EncodingError
45
+ SystemCallError
46
+ Errno
47
+ ZeroDivisionError
48
+
49
+ FloatDomainError
50
+ Numeric
51
+ Integer
52
+ Fixnum
53
+ Float
54
+ Bignum
55
+ Array
56
+ Hash
57
+
58
+ Struct
59
+ RegexpError
60
+ Regexp
61
+
62
+ MatchData
63
+ Marshal
64
+ Range
65
+ IOError
66
+ EOFError
67
+ IO
68
+ STDIN
69
+ STDOUT
70
+ STDERR
71
+ Time
72
+ Random
73
+
74
+ Signal
75
+ Proc
76
+ LocalJumpError
77
+ SystemStackError
78
+ Method
79
+ UnboundMethod
80
+ Binding
81
+ Math
82
+ Enumerator
83
+
84
+ StopIteration
85
+ RubyVM
86
+ Thread
87
+ TOPLEVEL_BINDING
88
+ ThreadGroup
89
+ Mutex
90
+ ThreadError
91
+ Fiber
92
+ FiberError
93
+ Rational
94
+ Complex
95
+
96
+ RUBY_VERSION
97
+ RUBY_RELEASE_DATE
98
+ RUBY_PLATFORM
99
+ RUBY_PATCHLEVEL
100
+ RUBY_REVISION
101
+ RUBY_DESCRIPTION
102
+ RUBY_COPYRIGHT
103
+ RUBY_ENGINE
104
+
105
+ TracePoint
106
+ ARGV
107
+ Gem
108
+ RbConfig
109
+ Config
110
+ CROSS_COMPILING
111
+ Date
112
+ ConditionVariable
113
+ Queue
114
+ SizedQueue
115
+ MonitorMixin
116
+ Monitor
117
+
118
+ Exception2MessageMapper
119
+ IRB
120
+ RubyToken
121
+ RubyLex
122
+ Readline
123
+ RUBYGEMS_ACTIVATION_MONITOR
124
+ ].freeze
@@ -1,51 +1,56 @@
1
- MAKE_SAFE_CODE = <<-STRING
2
- def keep_singleton_methods(klass, singleton_methods)
3
- klass = Object.const_get(klass)
4
- singleton_methods = singleton_methods.map(&:to_sym)
5
- undef_methods = (klass.singleton_methods - singleton_methods)
6
-
7
- undef_methods.each do |method|
8
- klass.singleton_class.send(:undef_method, method)
1
+ # Copyright (c) 2018 Uku Taht
2
+ # frozen_string_literal: true
3
+
4
+ require('constant_allowlist')
5
+ require('method_allowlist')
6
+
7
+ MAKE_SAFE_CODE = <<~STRING
8
+ def keep_singleton_methods(klass, singleton_methods)
9
+ klass = Object.const_get(klass)
10
+ singleton_methods = singleton_methods.map(&:to_sym)
11
+ undef_methods = (klass.singleton_methods - singleton_methods)
12
+
13
+ undef_methods.each do |method|
14
+ klass.singleton_class.send(:undef_method, method)
15
+ end
9
16
  end
10
17
 
11
- end
18
+ def keep_methods(klass, methods)
19
+ klass = Object.const_get(klass)
20
+ methods = methods.map(&:to_sym)
21
+ undef_methods = (klass.methods(false) - methods)
22
+ undef_methods.each do |method|
23
+ klass.send(:undef_method, method)
24
+ end
25
+ end
12
26
 
13
- def keep_methods(klass, methods)
14
- klass = Object.const_get(klass)
15
- methods = methods.map(&:to_sym)
16
- undef_methods = (klass.methods(false) - methods)
17
- undef_methods.each do |method|
18
- klass.send(:undef_method, method)
27
+ def clean_constants
28
+ (Object.constants - #{ALLOWED_CONSTANTS}).each do |const|
29
+ Object.send(:remove_const, const) if defined?(const)
30
+ end
19
31
  end
20
- end
21
32
 
22
- def clean_constants
23
- (Object.constants - #{ALLOWED_CONSTANTS}).each do |const|
24
- Object.send(:remove_const, const) if defined?(const)
33
+ keep_singleton_methods(:Kernel, #{KERNEL_S_METHODS})
34
+ keep_singleton_methods(:Symbol, #{SYMBOL_S_METHODS})
35
+ keep_singleton_methods(:String, #{STRING_S_METHODS})
36
+ keep_singleton_methods(:IO, #{IO_S_METHODS})
37
+
38
+ keep_methods(:Kernel, #{KERNEL_METHODS})
39
+ keep_methods(:NilClass, #{NILCLASS_METHODS})
40
+ keep_methods(:TrueClass, #{TRUECLASS_METHODS})
41
+ keep_methods(:FalseClass, #{FALSECLASS_METHODS})
42
+ keep_methods(:Enumerable, #{ENUMERABLE_METHODS})
43
+ keep_methods(:String, #{STRING_METHODS})
44
+ Kernel.class_eval do
45
+ def `(*args)
46
+ raise NoMethodError, "` is unavailable"
47
+ end
48
+
49
+ def system(*args)
50
+ raise NoMethodError, "system is unavailable"
51
+ end
25
52
  end
26
- end
27
-
28
- keep_singleton_methods(:Kernel, #{KERNEL_S_METHODS})
29
- keep_singleton_methods(:Symbol, #{SYMBOL_S_METHODS})
30
- keep_singleton_methods(:String, #{STRING_S_METHODS})
31
- keep_singleton_methods(:IO, #{IO_S_METHODS})
32
-
33
- keep_methods(:Kernel, #{KERNEL_METHODS})
34
- keep_methods(:NilClass, #{NILCLASS_METHODS})
35
- keep_methods(:TrueClass, #{TRUECLASS_METHODS})
36
- keep_methods(:FalseClass, #{FALSECLASS_METHODS})
37
- keep_methods(:Enumerable, #{ENUMERABLE_METHODS})
38
- keep_methods(:String, #{STRING_METHODS})
39
- Kernel.class_eval do
40
- def `(*args)
41
- raise NoMethodError, "` is unavailable"
42
- end
43
-
44
- def system(*args)
45
- raise NoMethodError, "system is unavailable"
46
- end
47
- end
48
-
49
- clean_constants
53
+
54
+ clean_constants
50
55
 
51
56
  STRING