safemode 1.2.1 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of safemode might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +5 -5
- data/VERSION +1 -1
- data/lib/safemode/parser.rb +6 -4
- data/safemode.gemspec +15 -16
- data/test/test_jail.rb +1 -0
- metadata +9 -11
- data/Gemfile.lock +0 -52
- data/test/test_all.rb +0 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 41adac17799367c9099304167a77d7a58a37faf0
|
4
|
+
data.tar.gz: eff2b6a1ab804d834a9b82b3dc0ada7430a5fc61
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: df3a0869f3e6b23a3cf52b434d7e0098a5c4035f7109e4a6fa659bbeaeac8fc88c464cf3a5e8cc71c6490889182d5f9a057b2918a3b7900ec8db50d5eb732e24
|
7
|
+
data.tar.gz: 9937ae32e17bdefe4dbd9777689a6f5953cd88421e6588a633fedc6941325e16567603669de557ec9b74263599940db09c12a5e2761c3e63adb66ccfdbc6e427
|
data/Gemfile
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
source "http://rubygems.org"
|
2
2
|
|
3
|
-
gem 'sexp_processor', ">= 4.
|
4
|
-
gem 'ruby2ruby', ">= 2.0.
|
5
|
-
gem "ruby_parser", ">= 3.0
|
3
|
+
gem 'sexp_processor', ">= 4.3.0"
|
4
|
+
gem 'ruby2ruby', ">= 2.0.6"
|
5
|
+
gem "ruby_parser", ">= 3.2.0"
|
6
6
|
|
7
7
|
# Add dependencies to develop your gem here.
|
8
8
|
# Include everything needed to run rake, tests, features, etc.
|
@@ -12,7 +12,7 @@ group :development do
|
|
12
12
|
gem "bundler", "~> 1.0"
|
13
13
|
gem "jeweler", "~> 1.8.3"
|
14
14
|
gem "rcov", :platforms => :ruby_18
|
15
|
-
gem "simplecov", :platforms => :ruby_19
|
16
|
-
gem "test-unit", :platforms => :ruby_19
|
15
|
+
gem "simplecov", :platforms => [:ruby_19, :ruby_20, :ruby_21]
|
16
|
+
gem "test-unit", :platforms => [:ruby_19, :ruby_20, :ruby_21]
|
17
17
|
gem "rake"
|
18
18
|
end
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2.
|
1
|
+
1.2.2
|
data/lib/safemode/parser.rb
CHANGED
@@ -82,6 +82,8 @@ module Safemode
|
|
82
82
|
:self,
|
83
83
|
# :args is now used for block parameters
|
84
84
|
:args,
|
85
|
+
# :colon2 is used for module constants
|
86
|
+
:colon2,
|
85
87
|
# unnecessarily advanced?
|
86
88
|
:argscat, :argspush, :splat, :block_pass,
|
87
89
|
:op_asgn1, :op_asgn2, :op_asgn_and, :op_asgn_or,
|
@@ -91,7 +93,7 @@ module Safemode
|
|
91
93
|
disallowed = [ # :self, # self doesn't seem to be needed for vcalls?
|
92
94
|
# see below for :const handling
|
93
95
|
:defn, :defs, :alias, :valias, :undef, :class, :attrset,
|
94
|
-
:module, :sclass, :
|
96
|
+
:module, :sclass, :colon3,
|
95
97
|
:fbody, :scope, :block_arg, :postexe,
|
96
98
|
:redo, :retry, :begin, :rescue, :resbody, :ensure,
|
97
99
|
:defined, :super, :zsuper, :return,
|
@@ -113,10 +115,10 @@ module Safemode
|
|
113
115
|
end
|
114
116
|
|
115
117
|
# handling of Encoding constants in ruby 1.9.
|
116
|
-
# Note: ruby_parser evaluates __ENCODING__ to :const Encoding
|
118
|
+
# Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8)
|
117
119
|
def process_const(arg)
|
118
|
-
raise_security_error("constant", super(arg)) unless (RUBY_VERSION >= "1.9" and arg.sexp_type
|
119
|
-
"
|
120
|
+
raise_security_error("constant", super(arg)) unless (RUBY_VERSION >= "1.9" and arg.sexp_type == :Encoding)
|
121
|
+
"#{super(arg).gsub('-', '_')}"
|
120
122
|
end
|
121
123
|
|
122
124
|
def raise_security_error(type, info)
|
data/safemode.gemspec
CHANGED
@@ -2,14 +2,16 @@
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
|
+
# stub: safemode 1.2.2 ruby lib
|
5
6
|
|
6
7
|
Gem::Specification.new do |s|
|
7
8
|
s.name = "safemode"
|
8
|
-
s.version = "1.2.
|
9
|
+
s.version = "1.2.2"
|
9
10
|
|
10
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
|
+
s.require_paths = ["lib"]
|
11
13
|
s.authors = ["Sven Fuchs", "Peter Cooper", "Matthias Viehweger", "Kingsley Hendrickse", "Ohad Levy", "Dmitri Dolguikh"]
|
12
|
-
s.date = "
|
14
|
+
s.date = "2014-11-27"
|
13
15
|
s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
|
14
16
|
s.email = "ohadlevy@gmail.com"
|
15
17
|
s.extra_rdoc_files = [
|
@@ -17,7 +19,6 @@ Gem::Specification.new do |s|
|
|
17
19
|
]
|
18
20
|
s.files = [
|
19
21
|
"Gemfile",
|
20
|
-
"Gemfile.lock",
|
21
22
|
"LICENCSE",
|
22
23
|
"README.markdown",
|
23
24
|
"Rakefile",
|
@@ -39,7 +40,6 @@ Gem::Specification.new do |s|
|
|
39
40
|
"lib/safemode/parser.rb",
|
40
41
|
"lib/safemode/scope.rb",
|
41
42
|
"safemode.gemspec",
|
42
|
-
"test/test_all.rb",
|
43
43
|
"test/test_erb_eval.rb",
|
44
44
|
"test/test_helper.rb",
|
45
45
|
"test/test_jail.rb",
|
@@ -48,17 +48,16 @@ Gem::Specification.new do |s|
|
|
48
48
|
]
|
49
49
|
s.homepage = "http://github.com/svenfuchs/safemode"
|
50
50
|
s.licenses = ["MIT"]
|
51
|
-
s.
|
52
|
-
s.rubygems_version = "1.8.24"
|
51
|
+
s.rubygems_version = "2.2.2"
|
53
52
|
s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
|
54
53
|
|
55
54
|
if s.respond_to? :specification_version then
|
56
|
-
s.specification_version =
|
55
|
+
s.specification_version = 4
|
57
56
|
|
58
57
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
59
|
-
s.add_runtime_dependency(%q<sexp_processor>, [">= 4.
|
60
|
-
s.add_runtime_dependency(%q<ruby2ruby>, [">= 2.0.
|
61
|
-
s.add_runtime_dependency(%q<ruby_parser>, [">= 3.0
|
58
|
+
s.add_runtime_dependency(%q<sexp_processor>, [">= 4.3.0"])
|
59
|
+
s.add_runtime_dependency(%q<ruby2ruby>, [">= 2.0.6"])
|
60
|
+
s.add_runtime_dependency(%q<ruby_parser>, [">= 3.2.0"])
|
62
61
|
s.add_development_dependency(%q<shoulda>, [">= 0"])
|
63
62
|
s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
|
64
63
|
s.add_development_dependency(%q<bundler>, ["~> 1.0"])
|
@@ -68,9 +67,9 @@ Gem::Specification.new do |s|
|
|
68
67
|
s.add_development_dependency(%q<test-unit>, [">= 0"])
|
69
68
|
s.add_development_dependency(%q<rake>, [">= 0"])
|
70
69
|
else
|
71
|
-
s.add_dependency(%q<sexp_processor>, [">= 4.
|
72
|
-
s.add_dependency(%q<ruby2ruby>, [">= 2.0.
|
73
|
-
s.add_dependency(%q<ruby_parser>, [">= 3.0
|
70
|
+
s.add_dependency(%q<sexp_processor>, [">= 4.3.0"])
|
71
|
+
s.add_dependency(%q<ruby2ruby>, [">= 2.0.6"])
|
72
|
+
s.add_dependency(%q<ruby_parser>, [">= 3.2.0"])
|
74
73
|
s.add_dependency(%q<shoulda>, [">= 0"])
|
75
74
|
s.add_dependency(%q<rdoc>, ["~> 3.12"])
|
76
75
|
s.add_dependency(%q<bundler>, ["~> 1.0"])
|
@@ -81,9 +80,9 @@ Gem::Specification.new do |s|
|
|
81
80
|
s.add_dependency(%q<rake>, [">= 0"])
|
82
81
|
end
|
83
82
|
else
|
84
|
-
s.add_dependency(%q<sexp_processor>, [">= 4.
|
85
|
-
s.add_dependency(%q<ruby2ruby>, [">= 2.0.
|
86
|
-
s.add_dependency(%q<ruby_parser>, [">= 3.0
|
83
|
+
s.add_dependency(%q<sexp_processor>, [">= 4.3.0"])
|
84
|
+
s.add_dependency(%q<ruby2ruby>, [">= 2.0.6"])
|
85
|
+
s.add_dependency(%q<ruby_parser>, [">= 3.2.0"])
|
87
86
|
s.add_dependency(%q<shoulda>, [">= 0"])
|
88
87
|
s.add_dependency(%q<rdoc>, ["~> 3.12"])
|
89
88
|
s.add_dependency(%q<bundler>, ["~> 1.0"])
|
data/test/test_jail.rb
CHANGED
@@ -20,6 +20,7 @@ class TestJail < Test::Unit::TestCase
|
|
20
20
|
|
21
21
|
def test_jail_instances_should_have_limited_methods
|
22
22
|
expected = ["class", "inspect", "method_missing", "methods", "respond_to?", "respond_to_missing?", "to_jail", "to_s", "instance_variable_get"]
|
23
|
+
expected.delete('respond_to_missing?') if RUBY_VERSION > '1.9.3' # respond_to_missing? is private in rubies above 1.9.3
|
23
24
|
objects.each do |object|
|
24
25
|
assert_equal expected.sort, reject_pretty_methods(object.to_jail.methods.map(&:to_s).sort)
|
25
26
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: safemode
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sven Fuchs
|
@@ -13,7 +13,7 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
|
-
date:
|
16
|
+
date: 2014-11-27 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
19
|
name: sexp_processor
|
@@ -21,42 +21,42 @@ dependencies:
|
|
21
21
|
requirements:
|
22
22
|
- - '>='
|
23
23
|
- !ruby/object:Gem::Version
|
24
|
-
version: 4.
|
24
|
+
version: 4.3.0
|
25
25
|
type: :runtime
|
26
26
|
prerelease: false
|
27
27
|
version_requirements: !ruby/object:Gem::Requirement
|
28
28
|
requirements:
|
29
29
|
- - '>='
|
30
30
|
- !ruby/object:Gem::Version
|
31
|
-
version: 4.
|
31
|
+
version: 4.3.0
|
32
32
|
- !ruby/object:Gem::Dependency
|
33
33
|
name: ruby2ruby
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
35
35
|
requirements:
|
36
36
|
- - '>='
|
37
37
|
- !ruby/object:Gem::Version
|
38
|
-
version: 2.0.
|
38
|
+
version: 2.0.6
|
39
39
|
type: :runtime
|
40
40
|
prerelease: false
|
41
41
|
version_requirements: !ruby/object:Gem::Requirement
|
42
42
|
requirements:
|
43
43
|
- - '>='
|
44
44
|
- !ruby/object:Gem::Version
|
45
|
-
version: 2.0.
|
45
|
+
version: 2.0.6
|
46
46
|
- !ruby/object:Gem::Dependency
|
47
47
|
name: ruby_parser
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
49
49
|
requirements:
|
50
50
|
- - '>='
|
51
51
|
- !ruby/object:Gem::Version
|
52
|
-
version: 3.0
|
52
|
+
version: 3.2.0
|
53
53
|
type: :runtime
|
54
54
|
prerelease: false
|
55
55
|
version_requirements: !ruby/object:Gem::Requirement
|
56
56
|
requirements:
|
57
57
|
- - '>='
|
58
58
|
- !ruby/object:Gem::Version
|
59
|
-
version: 3.0
|
59
|
+
version: 3.2.0
|
60
60
|
- !ruby/object:Gem::Dependency
|
61
61
|
name: shoulda
|
62
62
|
requirement: !ruby/object:Gem::Requirement
|
@@ -178,7 +178,6 @@ extra_rdoc_files:
|
|
178
178
|
- README.markdown
|
179
179
|
files:
|
180
180
|
- Gemfile
|
181
|
-
- Gemfile.lock
|
182
181
|
- LICENCSE
|
183
182
|
- README.markdown
|
184
183
|
- Rakefile
|
@@ -200,7 +199,6 @@ files:
|
|
200
199
|
- lib/safemode/parser.rb
|
201
200
|
- lib/safemode/scope.rb
|
202
201
|
- safemode.gemspec
|
203
|
-
- test/test_all.rb
|
204
202
|
- test/test_erb_eval.rb
|
205
203
|
- test/test_helper.rb
|
206
204
|
- test/test_jail.rb
|
@@ -228,7 +226,7 @@ requirements: []
|
|
228
226
|
rubyforge_project:
|
229
227
|
rubygems_version: 2.2.2
|
230
228
|
signing_key:
|
231
|
-
specification_version:
|
229
|
+
specification_version: 4
|
232
230
|
summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser
|
233
231
|
and Ruby2Ruby
|
234
232
|
test_files: []
|
data/Gemfile.lock
DELETED
@@ -1,52 +0,0 @@
|
|
1
|
-
GEM
|
2
|
-
remote: http://rubygems.org/
|
3
|
-
specs:
|
4
|
-
activesupport (3.2.8)
|
5
|
-
i18n (~> 0.6)
|
6
|
-
multi_json (~> 1.0)
|
7
|
-
git (1.2.5)
|
8
|
-
i18n (0.6.1)
|
9
|
-
jeweler (1.8.4)
|
10
|
-
bundler (~> 1.0)
|
11
|
-
git (>= 1.2.5)
|
12
|
-
rake
|
13
|
-
rdoc
|
14
|
-
json (1.7.5)
|
15
|
-
multi_json (1.3.6)
|
16
|
-
rake (0.9.2.2)
|
17
|
-
rcov (1.0.0)
|
18
|
-
rdoc (3.12)
|
19
|
-
json (~> 1.4)
|
20
|
-
ruby2ruby (2.0.1)
|
21
|
-
ruby_parser (~> 3.0.0)
|
22
|
-
sexp_processor (~> 4.0)
|
23
|
-
ruby_parser (3.0.1)
|
24
|
-
sexp_processor (~> 4.1)
|
25
|
-
sexp_processor (4.1.2)
|
26
|
-
shoulda (3.3.2)
|
27
|
-
shoulda-context (~> 1.0.1)
|
28
|
-
shoulda-matchers (~> 1.4.1)
|
29
|
-
shoulda-context (1.0.1)
|
30
|
-
shoulda-matchers (1.4.1)
|
31
|
-
activesupport (>= 3.0.0)
|
32
|
-
simplecov (0.7.1)
|
33
|
-
multi_json (~> 1.0)
|
34
|
-
simplecov-html (~> 0.7.1)
|
35
|
-
simplecov-html (0.7.1)
|
36
|
-
test-unit (2.5.2)
|
37
|
-
|
38
|
-
PLATFORMS
|
39
|
-
ruby
|
40
|
-
|
41
|
-
DEPENDENCIES
|
42
|
-
bundler (~> 1.0)
|
43
|
-
jeweler (~> 1.8.3)
|
44
|
-
rake
|
45
|
-
rcov
|
46
|
-
rdoc (~> 3.12)
|
47
|
-
ruby2ruby (>= 2.0.1)
|
48
|
-
ruby_parser (>= 3.0.1)
|
49
|
-
sexp_processor (>= 4.1.2)
|
50
|
-
shoulda
|
51
|
-
simplecov
|
52
|
-
test-unit
|
data/test/test_all.rb
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), 'test_helper')
|
2
|
-
Test::Unit.run = false
|
3
|
-
|
4
|
-
require File.join(File.dirname(__FILE__), 'test_jail')
|
5
|
-
require File.join(File.dirname(__FILE__), 'test_safemode_parser')
|
6
|
-
require File.join(File.dirname(__FILE__), 'test_safemode_eval')
|
7
|
-
require File.join(File.dirname(__FILE__), 'test_erb_eval')
|
8
|
-
|
9
|
-
# ['ParseTree', 'RubyParser'].each do |parser|
|
10
|
-
['RubyParser'].each do |parser|
|
11
|
-
Safemode::Parser.parser = parser
|
12
|
-
puts "Running suite with Safemode::Parser using #{parser}"
|
13
|
-
Test::Unit::AutoRunner.run
|
14
|
-
end
|