safemode 1.3.4 → 1.3.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 1d69a75cc9139f0dadbbbf989a27d061a66f1c31
-  data.tar.gz: e1768cc678e89314de3dcb09073d9d60adf96f12
+SHA256:
+  metadata.gz: 9bdba4c6031653f1249ce8730385b47d60e917bd089809dfb405612c9a5200d4
+  data.tar.gz: a36f91fec355baf6e0f89c8354f538cfeea2fa6f2838ba6de1416f51d832af9c
 SHA512:
-  metadata.gz: 10b2726affaaf8869d5c23e09dae6fc5c69bb37b556547a2917cd0d2642840dd6d30c2efd5f5a1a694a031cf4cccc402bd06fecabb6efb9fb655e76f660b8eb8
-  data.tar.gz: d42aca89049c0c6c81d754bcd78268516b4710daa6b41011e277dc49cefe46a726f65b2803c24951c8bc12cdfd954ca55230db76643a6a02097a30fdd6700ddd
+  metadata.gz: 20b1b1ef4ab2a9b8ac59d281688e118d264bc96f2b2fe0dec48aa3b4ce0c4fdcf0e1612d47a958f0434e5f155219372dc485b32be807bf7b40593ff2a1bc198e
+  data.tar.gz: 33c6602e612d265c4fb227de48ac6f204eb6d473bf35027b181335227584331a80b6fb57e424e5d7c658e3179296505c6800aa0a3a294f33a0e4efc44ac5518a

data/Gemfile

@@ -1,17 +1,17 @@
-source "http://rubygems.org"
+# frozen_string_literal: true
 
-gem 'sexp_processor', ">= 4.10.0"
-gem 'ruby2ruby', ">= 2.4.0"
-gem "ruby_parser", ">= 3.10.1"
+source 'http://rubygems.org'
+
+gem 'ruby2ruby', '>= 2.4.0'
+gem 'ruby_parser', '>= 3.10.1'
+gem 'sexp_processor', '>= 4.10.0'
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
 group :development do
-  gem "rdoc", "~> 3.12"
-  gem "bundler", "~> 1.0"
-  gem "jeweler", RUBY_VERSION.start_with?("1.8") ? "~> 1.0" : ">= 0"
-  gem "rcov", :platforms => :ruby_18
-  gem "simplecov", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23, :ruby_24, :jruby]
-  gem "test-unit", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23, :ruby_24, :jruby]
-  gem "rake", RUBY_VERSION.start_with?("1.8") ? "< 11" : ">= 0"
+  gem 'jeweler'
+  gem 'rake'
+  gem 'rdoc', '~> 3.12'
+  gem 'simplecov'
+  gem 'test-unit'
 end

data/README.markdown

@@ -3,6 +3,8 @@
 A library for safe evaluation of Ruby code based on RubyParser and
 Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.
 
+[![Build Status](https://travis-ci.org/svenfuchs/safemode.svg?branch=master)](https://travis-ci.org/svenfuchs/safemode)
+
 ### Word of warning
 
 This library is still highly experimental. Only use it at your own risk for
@@ -52,9 +54,9 @@ class is only accessible when returned by a method or passed into a template.
 For more details about the concepts behind Safemode please refer to the 
 following blog posts until a more comprehensive writeup is available:
 
-* Initial reasoning: [http://www.artweb-design.de/2008/2/5/sexy-theme-templating-with-haml-safemode-finally](http://www.artweb-design.de/2008/2/5/sexy-theme-templating-with-haml-safemode-finally)
-* Refined concept: [http://www.artweb-design.de/2008/2/17/sending-ruby-to-the-jail-an-attemp-on-a-haml-safemode](http://www.artweb-design.de/2008/2/17/sending-ruby-to-the-jail-an-attemp-on-a-haml-safemode)
-* ActionView ERB handler: [http://www.artweb-design.de/2008/4/22/an-erb-safemode-handler-for-actionview](http://www.artweb-design.de/2008/4/22/an-erb-safemode-handler-for-actionview)
+* Initial reasoning: http://www.artweb-design.de/2008/2/5/sexy-theme-templating-with-haml-safemode-finally
+* Refined concept: http://www.artweb-design.de/2008/2/17/sending-ruby-to-the-jail-an-attemp-on-a-haml-safemode
+* ActionView ERB handler: http://www.artweb-design.de/2008/4/22/an-erb-safemode-handler-for-actionview
 
 ### Dependencies
 
@@ -64,14 +66,14 @@ Requires the gems:
 * Ruby2Ruby
 
 As of writing RubyParser alters StringIO and thus breaks usage with Rails.
-See [http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html](http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html)
+See http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html
 
 A patch is included that fixes this issue and can be applied to RubyParser.
 See lib/ruby\_parser\_string\_io\_patch.diff
 
 ### Credits
 
-* Sven Fuchs - Maintainer
+* Sven Fuchs - Initial Maintainer
 * Peter Cooper
 * Matthias Viehweger
 * Ohad Levy

data/Rakefile

@@ -23,7 +23,7 @@ require 'jeweler'
 Jeweler::Tasks.new do |gem|
   # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
   gem.name = "safemode"
-  gem.homepage = "http://github.com/svenfuchs/safemode"
+  gem.homepage = "https://github.com/svenfuchs/safemode"
   gem.license = "MIT"
   gem.summary = %Q{A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby}
   gem.description = %Q{A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.}
@@ -36,6 +36,7 @@ Jeweler::Tasks.new do |gem|
     "Ohad Levy",
     "Dmitri Dolguikh",
   ]
+  gem.files.exclude '.travis.yml'
   # dependencies defined in Gemfile
 end
 Jeweler::RubygemsDotOrgTasks.new
@@ -47,20 +48,10 @@ Rake::TestTask.new(:test) do |test|
   test.verbose = true
 end
 
-if RUBY_VERSION >= "1.9"
-  desc "Generate coverage report for tests"
-  task :coverage do |cov|
-    ENV['COVERAGE'] = 'true'
-    Rake::Task[:test].execute
-  end
-else
-  require 'rcov/rcovtask'
-  Rcov::RcovTask.new do |test|
-    test.libs << 'test'
-    test.pattern = 'test/**/test_*.rb'
-    test.verbose = true
-    test.rcov_opts << '--exclude "gems/*"'
-  end
+desc "Generate coverage report for tests"
+task :coverage do |cov|
+  ENV['COVERAGE'] = 'true'
+  Rake::Task[:test].execute
 end
 
 task :default => :test

data/VERSION

@@ -1 +1 @@
-1.3.4
+1.3.6

data/lib/action_view/template_handlers/safe_erb.rb

@@ -20,9 +20,9 @@ module ActionView
 
         # code = ::ERB.new(src, nil, @view.erb_trim_mode).src
         code = ::ERB.new("<% __in_erb_template=true %>#{src}", nil, erb_trim_mode, '@output_buffer').src
-        # Ruby 1.9 prepends an encoding to the source. However this is
+        # Ruby 1.9+ prepends an encoding to the source. However this is
         # useless because you can only set an encoding on the first line
-        RUBY_VERSION >= '1.9' ? src.sub(/\A#coding:.*\n/, '') : src
+        src.sub(/\A#coding:.*\n/, '') : src
 
         code.gsub!('\\','\\\\\\') # backslashes would disappear in compile_template/modul_eval, so we escape them
 

data/lib/safemode/blankslate.rb

@@ -1,7 +1,7 @@
 module Safemode
   class Blankslate
     @@allow_instance_methods = ['class', 'methods', 'respond_to?', 'respond_to_missing?', 'to_s', 'instance_variable_get']
-    @@allow_class_methods    = ['methods', 'new', 'name', '<', 'ancestors', '==']  # < needed in Rails Object#subclasses_of
+    @@allow_class_methods    = ['singleton_class?', 'methods', 'new', 'name', '<', 'ancestors', '==']  # < needed in Rails Object#subclasses_of
     if defined?(JRUBY_VERSION)
       # JRuby seems to silently fail to remove method_missing
       # (also see https://github.com/jruby/jruby/blob/9.1.7.0/core/src/main/java/org/jruby/RubyModule.java#L1109)

data/lib/safemode/core_jails.rb

@@ -41,18 +41,18 @@ module Safemode
   # these methods are allowed in all classes if they are present
   @@default_methods = %w( % & * ** + +@ - -@ / < << <= <=> ! != == === > >= >> ^ | ~
                           eql? equal? new methods is_a? kind_of? nil?
-                          [] []= to_a to_jail to_s inspect to_param not)
+                          [] []= to_a to_jail to_s inspect to_param not freeze)
 
   # whitelisted methods for core classes ... kind of arbitrary selection
   @@methods_whitelist = {
     'Array'      => %w(any? assoc at blank? collect collect! compact compact!
                     concat delete delete_at delete_if each each_index empty?
                     fetch fill first flatten flatten! hash include? index
-                    indexes indices inject insert join last length map map!
+                    indexes indices inject insert join last length map map! max min
                     nitems pop push present? rassoc reject reject! reverse
                     reverse! reverse_each rindex select shift size slice
-                    slice! sort sort! transpose uniq uniq! unshift values_at
-                    zip),
+                    slice! sort sort! transpose to_sentence uniq uniq! unshift
+                    values_at zip),
 
     'Bignum'     => %w(abs blank? ceil chr coerce div divmod downto floor hash
                     integer? modulo next nonzero? present? quo remainder round
@@ -70,7 +70,7 @@ module Safemode
                     to_int to_s truncate zero?),
 
     'Hash'       => %w(any? blank? clear delete delete_if each each_key
-                    each_pair each_value empty? fetch has_key? has_value?
+                    each_pair each_value empty? fetch dig has_key? has_value?
                     include? index invert key? keys length member? merge merge!
                     present? rec_merge! rehash reject reject! select shift
                     size sort store update value? values values_at),

data/lib/safemode/jail.rb

@@ -1,17 +1,17 @@
-module Safemode    
-  class Jail < Blankslate 
+module Safemode
+  class Jail < Blankslate
     def initialize(source = nil)
       @source = source
     end
-  
+
     def to_jail
       self
     end
-  
+
     def to_s
       @source.to_s
     end
-  
+
     def method_missing(method, *args, &block)
       if @source.is_a?(Class)
         unless self.class.allowed_class_method?(method)
@@ -22,7 +22,7 @@ module Safemode
           raise Safemode::NoMethodError.new("##{method}", self.class.name, @source.class.name)
         end
       end
-      
+
       # As every call to an object in the eval'ed string will be jailed by the
       # parser we don't need to "proactively" jail arrays and hashes. Likewise we
       # don't need to jail objects returned from a jail. Doing so would provide
@@ -31,11 +31,6 @@ module Safemode
       @source.send(method, *args, &block)
     end
 
-    # needed for compatibility with 1.8.7; remove this method once 1.8.7 support has been dropped
-    def respond_to?(method, *)
-      respond_to_missing?(method)
-    end
-
     def respond_to_missing?(method_name, include_private = false)
       self.class.allowed_instance_method?(method_name)
     end

data/lib/safemode/parser.rb

@@ -121,8 +121,8 @@ module Safemode
 
     def process_const(arg)
       sexp_type = arg.sexp_body.sexp_type # constants are encoded as: "s(:const, :Encoding)"
-      if RUBY_VERSION >= "1.9" && sexp_type == :Encoding
-        # handling of Encoding constants in ruby 1.9.
+      if sexp_type == :Encoding
+        # handling of Encoding constants.
         # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8)
         "#{super(arg).gsub('-', '_')}"
       elsif sexp_type == :String

data/safemode.gemspec

@@ -2,25 +2,25 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: safemode 1.3.4 ruby lib
+# stub: safemode 1.3.7 ruby lib
 
 Gem::Specification.new do |s|
-  s.name = "safemode"
-  s.version = "1.3.4"
+  s.name = "safemode".freeze
+  s.version = "1.3.7"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib"]
-  s.authors = ["Sven Fuchs", "Peter Cooper", "Matthias Viehweger", "Kingsley Hendrickse", "Ohad Levy", "Dmitri Dolguikh"]
-  s.date = "2018-01-18"
-  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
-  s.email = "ohadlevy@gmail.com"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
+  s.date = "2022-04-26"
+  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
+  s.email = "ohadlevy@gmail.com".freeze
   s.extra_rdoc_files = [
+    "LICENSE",
     "README.markdown"
   ]
   s.files = [
-    ".travis.yml",
     "Gemfile",
-    "LICENCSE",
+    "LICENSE",
     "README.markdown",
     "Rakefile",
     "VERSION",
@@ -47,48 +47,42 @@ Gem::Specification.new do |s|
     "test/test_safemode_eval.rb",
     "test/test_safemode_parser.rb"
   ]
-  s.homepage = "http://github.com/svenfuchs/safemode"
-  s.licenses = ["MIT"]
-  s.rubygems_version = "2.5.1"
-  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
+  s.homepage = "https://github.com/svenfuchs/safemode".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "2.7.6".freeze
+  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
 
   if s.respond_to? :specification_version then
     s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<sexp_processor>, [">= 4.10.0"])
-      s.add_runtime_dependency(%q<ruby2ruby>, [">= 2.4.0"])
-      s.add_runtime_dependency(%q<ruby_parser>, [">= 3.10.1"])
-      s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
-      s.add_development_dependency(%q<bundler>, ["~> 1.0"])
-      s.add_development_dependency(%q<jeweler>, [">= 0"])
-      s.add_development_dependency(%q<rcov>, [">= 0"])
-      s.add_development_dependency(%q<simplecov>, [">= 0"])
-      s.add_development_dependency(%q<test-unit>, [">= 0"])
-      s.add_development_dependency(%q<rake>, [">= 0"])
+      s.add_runtime_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
+      s.add_runtime_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
+      s.add_runtime_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
+      s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rake>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
+      s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
+      s.add_development_dependency(%q<test-unit>.freeze, [">= 0"])
     else
-      s.add_dependency(%q<sexp_processor>, [">= 4.10.0"])
-      s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
-      s.add_dependency(%q<ruby_parser>, [">= 3.10.1"])
-      s.add_dependency(%q<rdoc>, ["~> 3.12"])
-      s.add_dependency(%q<bundler>, ["~> 1.0"])
-      s.add_dependency(%q<jeweler>, [">= 0"])
-      s.add_dependency(%q<rcov>, [">= 0"])
-      s.add_dependency(%q<simplecov>, [">= 0"])
-      s.add_dependency(%q<test-unit>, [">= 0"])
-      s.add_dependency(%q<rake>, [">= 0"])
+      s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
+      s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
+      s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
+      s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_dependency(%q<rake>.freeze, [">= 0"])
+      s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
+      s.add_dependency(%q<simplecov>.freeze, [">= 0"])
+      s.add_dependency(%q<test-unit>.freeze, [">= 0"])
     end
   else
-    s.add_dependency(%q<sexp_processor>, [">= 4.10.0"])
-    s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
-    s.add_dependency(%q<ruby_parser>, [">= 3.10.1"])
-    s.add_dependency(%q<rdoc>, ["~> 3.12"])
-    s.add_dependency(%q<bundler>, ["~> 1.0"])
-    s.add_dependency(%q<jeweler>, [">= 0"])
-    s.add_dependency(%q<rcov>, [">= 0"])
-    s.add_dependency(%q<simplecov>, [">= 0"])
-    s.add_dependency(%q<test-unit>, [">= 0"])
-    s.add_dependency(%q<rake>, [">= 0"])
+    s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
+    s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
+    s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
+    s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+    s.add_dependency(%q<rake>.freeze, [">= 0"])
+    s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
+    s.add_dependency(%q<simplecov>.freeze, [">= 0"])
+    s.add_dependency(%q<test-unit>.freeze, [">= 0"])
   end
 end
 

data/test/test_helper.rb

@@ -1,4 +1,4 @@
-if RUBY_VERSION >= '1.9'and ENV['COVERAGE']
+if ENV['COVERAGE']
   require 'simplecov'
   SimpleCov.start {add_filter 'test_'}
 end
@@ -22,7 +22,7 @@ module TestHelper
         '@article.comment_class.new',
         'String.instance_variable_set :@a, :a' ]
     end
-    
+
     def security_error_raising_calls
       [ "class A\n end",
         'File.open("/etc/passwd")',
@@ -42,10 +42,10 @@ module TestHelper
         "attr_reader :a",
         'URI("http://google.com")',
         "`ls -a`", "exec('echo *')", "syscall 4, 1, 'hello', 5", "system('touch /tmp/helloworld')",
-        "abort", 
+        "abort",
         "exit(0)", "exit!(0)", "at_exit{'goodbye'}",
         "autoload(::MyModule, 'my_module.rb')",
-        "binding",                                    
+        "binding",
         "callcc{|cont| cont.call}",
         'eval %Q(send(:system, "ls -a"))',
         "fork",
@@ -58,12 +58,12 @@ module TestHelper
         "open('/etc/passwd'){|f| f.read}",
         "p 'text'", "pretty_inspect",
         # "print 'text'", "puts 'text'", allowed and buffered these (see ScopeObject)
-        "printf 'text'", "putc 'a'", 
+        "printf 'text'", "putc 'a'",
         "raise RuntimeError, 'should not happen'",
-        "rand(0)", "srand(0)",                           
+        "rand(0)", "srand(0)",
         "set_trace_func proc{|event| puts event}", "trace_var :$_, proc {|v| puts v }", "untrace_var :$_",
-        "sleep", "sleep(0)",                           
-        "test(1, a, b)",                           
+        "sleep", "sleep(0)",
+        "test(1, a, b)",
         "Signal.trap(0, proc { puts 'Terminating: #{$$}' })",
         "warn 'warning'",
         'Array.new' ]
@@ -77,31 +77,31 @@ module TestHelper
   def assert_raise_security(code = nil, assigns = {}, locals = {}, &block)
     assert_raise_safemode_error(Safemode::SecurityError, code, assigns, locals, &block)
   end
-  
+
   def assert_raise_safemode_error(error, code, assigns = {}, locals = {})
     code = yield(code) if block_given?
     assert_raise(error, code) { safebox_eval(code, assigns, locals) }
   end
-  
+
   def safebox_eval(code, assigns = {}, locals = {})
     # puts Safemode::Parser.jail(code)
     Safemode::Box.new.eval code, assigns, locals
-  end  
+  end
 end
 
 class Article
   def is_article?
     true
   end
-  
+
   def title
     'an article title'
   end
-  
+
   def to_jail
     Article::Jail.new self
   end
-  
+
   def comments
     [Comment.new(self), Comment.new(self)]
   end
@@ -117,15 +117,15 @@ end
 
 class Comment
   attr_reader :article
-  
+
   def initialize(article)
     @article = article
   end
-  
+
   def text
     "comment #{object_id}"
   end
-  
+
   def to_jail
     Comment::Jail.new self
   end
@@ -145,7 +145,7 @@ end
 
 class Article::Jail < Safemode::Jail
   allow :title, :comments, :is_article?, :comment_class
-  
+
   def author_name
     "this article's author name"
   end
@@ -155,6 +155,21 @@ class Article::ExtendedJail < Article::Jail
 end
 
 class Comment::Jail < Safemode::Jail
-  allow :article, :text
+  allow :article, :text, :object_id
   allow_class_method :all
 end
+
+class ExtendedComment < Comment
+  def extended_text
+    "extended comment #{object_id}"
+  end
+
+  def to_jail
+    ExtendedComment::Jail.new self
+  end
+
+  class Jail < Comment::Jail
+    allow :extended_text
+  end
+end
+

data/test/test_jail.rb

@@ -5,6 +5,7 @@ class TestJail < Test::Unit::TestCase
     @article = Article.new.to_jail
     @comment = @article.comments.first
     @comment_class = Comment.to_jail
+    @extended_comment = ExtendedComment.new(@article).to_jail
   end
 
   def test_explicitly_allowed_instance_methods_should_be_accessible
@@ -24,8 +25,7 @@ class TestJail < Test::Unit::TestCase
   end
 
   def test_jail_instances_should_have_limited_methods
-    expected = ["class", "method_missing", "methods", "respond_to?", "respond_to_missing?", "to_jail", "to_s", "instance_variable_get"]
-    expected.delete('respond_to_missing?') if RUBY_VERSION > '1.9.3' # respond_to_missing? is private in rubies above 1.9.3
+    expected = ["class", "method_missing", "methods", "respond_to?", "to_jail", "to_s", "instance_variable_get"]
     objects.each do |object|
       assert_equal expected.sort, reject_pretty_methods(object.to_jail.methods.map(&:to_s).sort)
     end
@@ -37,7 +37,8 @@ class TestJail < Test::Unit::TestCase
                 "allow_instance_method", "allow_class_method", "allowed_instance_method?",
                 "allowed_class_method?", "allowed_instance_methods", "allowed_class_methods",
                 "<", # < needed in Rails Object#subclasses_of
-                "ancestors", "=="] # ancestors and == needed in Rails::Generator::Spec#lookup_class
+                "ancestors", "==", # ancestors and == needed in Rails::Generator::Spec#lookup_class
+                "singleton_class?" ]
 
     if defined?(JRUBY_VERSION)
       (expected << ['method_missing', 'singleton_method_undefined', 'singleton_method_added']).flatten!  # needed for running under jruby
@@ -57,6 +58,14 @@ class TestJail < Test::Unit::TestCase
     assert !@article.respond_to?(:bogus)
   end
 
+  def test_methodcall_comment
+    assert_equal "comment #{@comment.object_id}", @comment.text
+  end
+
+  def test_methodcall_extended_comment
+    assert_equal "extended comment #{@extended_comment.object_id}", @extended_comment.extended_text
+  end
+
   private
 
   def objects

data/test/test_safemode_eval.rb

@@ -2,7 +2,7 @@ require File.join(File.dirname(__FILE__), 'test_helper')
 
 class TestSafemodeEval < Test::Unit::TestCase
   include TestHelper
-  
+
   def setup
     @box = Safemode::Box.new
     @locals = { :article => Article.new }
@@ -18,14 +18,10 @@ class TestSafemodeEval < Test::Unit::TestCase
   end
 
   def test_unary_operators_on_instances_of_boolean_vars
-    if RUBY_VERSION != "1.8.7"
-      assert @box.eval('not false')
-      assert @box.eval('!false')
-      assert !@box.eval('not true')
-      assert !@box.eval('!true')
-    else
-      p "no unary ops under 1.8.7!"
-    end
+    assert @box.eval('not false')
+    assert @box.eval('!false')
+    assert !@box.eval('not true')
+    assert !@box.eval('!true')
   end
 
   def test_false_class_ops
@@ -55,35 +51,35 @@ class TestSafemodeEval < Test::Unit::TestCase
   def test_should_turn_assigns_to_jails
     assert_raise_no_method "@article.system", @assigns
   end
-  
+
   def test_should_turn_locals_to_jails
     assert_raise(Safemode::NoMethodError){ @box.eval "article.system", {}, @locals }
   end
-  
+
   def test_should_allow_method_access_on_assigns
     assert_nothing_raised{ @box.eval "@article.title", @assigns }
   end
-  
+
   def test_should_allow_method_access_on_locals
     assert_nothing_raised{ @box.eval("article.title", {}, @locals) }
   end
-  
+
   def test_should_not_raise_on_if_using_return_values
     assert_nothing_raised{ @box.eval "if @article.is_article? then 1 end", @assigns }
   end
-  
+
   def test_should_work_with_if_using_return_values
     assert_equal @box.eval("if @article.is_article? then 1 end", @assigns), 1
   end
-  
+
   def test__FILE__should_not_render_filename
     assert_equal '(string)', @box.eval("__FILE__")
   end
-  
+
   def test_interpolated_xstr_should_raise_security
     assert_raise_security '"#{`ls -a`}"'
-  end  
-        
+  end
+
   TestHelper.no_method_error_raising_calls.each do |call|
     call.gsub!('"', '\\\\"')
     class_eval %Q(
@@ -100,6 +96,6 @@ class TestSafemodeEval < Test::Unit::TestCase
         assert_raise_security "#{call}", @assigns, @locals
       end
     )
-  end  
+  end
 
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safemode
 version: !ruby/object:Gem::Version
-  version: 1.3.4
+  version: 1.3.7
 platform: ruby
 authors:
 - Sven Fuchs
@@ -10,25 +10,11 @@ authors:
 - Kingsley Hendrickse
 - Ohad Levy
 - Dmitri Dolguikh
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-01-18 00:00:00.000000000 Z
+date: 2022-04-26 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: sexp_processor
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.10.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.10.0
 - !ruby/object:Gem::Dependency
   name: ruby2ruby
   requirement: !ruby/object:Gem::Requirement
@@ -58,33 +44,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 3.10.1
 - !ruby/object:Gem::Dependency
-  name: rdoc
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.12'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.12'
-- !ruby/object:Gem::Dependency
-  name: bundler
+  name: sexp_processor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :development
+        version: 4.10.0
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 4.10.0
 - !ruby/object:Gem::Dependency
   name: jeweler
   requirement: !ruby/object:Gem::Requirement
@@ -100,7 +72,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rcov
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -114,21 +86,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.12'
 - !ruby/object:Gem::Dependency
-  name: test-unit
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -142,7 +114,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: test-unit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -161,11 +133,11 @@ email: ohadlevy@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files:
+- LICENSE
 - README.markdown
 files:
-- ".travis.yml"
 - Gemfile
-- LICENCSE
+- LICENSE
 - README.markdown
 - Rakefile
 - VERSION
@@ -191,11 +163,11 @@ files:
 - test/test_jail.rb
 - test/test_safemode_eval.rb
 - test/test_safemode_parser.rb
-homepage: http://github.com/svenfuchs/safemode
+homepage: https://github.com/svenfuchs/safemode
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -210,9 +182,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser
   and Ruby2Ruby

data/.travis.yml

@@ -1,12 +0,0 @@
----
-rvm:
-  - 1.8.7
-  - 1.9.3
-  - 2.0.0
-  - 2.1.10
-  - 2.2.6
-  - 2.3.3
-  - 2.4.0
-  - jruby-9
-before_install: gem install bundler
-sudo: false