safemode 1.3.7 → 1.3.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -13
- data/README.markdown +0 -2
- data/Rakefile +1 -23
- data/lib/safemode/scope.rb +6 -6
- data/lib/safemode.rb +6 -5
- data/safemode.gemspec +28 -49
- data/test/test_safemode_eval.rb +4 -0
- metadata +13 -25
- data/VERSION +0 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8b248c163601057c5120218eed0df015276c212b4e1fba1ae747893a7fc4e7af
|
|
4
|
+
data.tar.gz: d421e0b976d32ff63dab93132bf8f92976f69d8daa6cba66f9176ef8c46037fb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8151b4f86ae25ed540effe2aace8decc6696da3b158ecd692f457b2938f5c20ba29f4d7768cb98214b6edb59f2779e33b0bb12b989c38e7837474d8c3b5fb0b0
|
|
7
|
+
data.tar.gz: e935c7be37e01a45e69506a8753bb179610366053418d7d346734ea065987ff662e9889d3c6e7df6b8b697de01d0d7a4f908738e5e02284e64982cfab849686d
|
data/Gemfile
CHANGED
|
@@ -2,16 +2,4 @@
|
|
|
2
2
|
|
|
3
3
|
source 'http://rubygems.org'
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
gem 'ruby_parser', '>= 3.10.1'
|
|
7
|
-
gem 'sexp_processor', '>= 4.10.0'
|
|
8
|
-
|
|
9
|
-
# Add dependencies to develop your gem here.
|
|
10
|
-
# Include everything needed to run rake, tests, features, etc.
|
|
11
|
-
group :development do
|
|
12
|
-
gem 'jeweler'
|
|
13
|
-
gem 'rake'
|
|
14
|
-
gem 'rdoc', '~> 3.12'
|
|
15
|
-
gem 'simplecov'
|
|
16
|
-
gem 'test-unit'
|
|
17
|
-
end
|
|
5
|
+
gemspec
|
data/README.markdown
CHANGED
|
@@ -3,8 +3,6 @@
|
|
|
3
3
|
A library for safe evaluation of Ruby code based on RubyParser and
|
|
4
4
|
Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.
|
|
5
5
|
|
|
6
|
-
[](https://travis-ci.org/svenfuchs/safemode)
|
|
7
|
-
|
|
8
6
|
### Word of warning
|
|
9
7
|
|
|
10
8
|
This library is still highly experimental. Only use it at your own risk for
|
data/Rakefile
CHANGED
|
@@ -19,28 +19,6 @@ end
|
|
|
19
19
|
end
|
|
20
20
|
require 'rake'
|
|
21
21
|
|
|
22
|
-
require 'jeweler'
|
|
23
|
-
Jeweler::Tasks.new do |gem|
|
|
24
|
-
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
|
25
|
-
gem.name = "safemode"
|
|
26
|
-
gem.homepage = "https://github.com/svenfuchs/safemode"
|
|
27
|
-
gem.license = "MIT"
|
|
28
|
-
gem.summary = %Q{A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby}
|
|
29
|
-
gem.description = %Q{A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.}
|
|
30
|
-
gem.email = "ohadlevy@gmail.com"
|
|
31
|
-
gem.authors = [
|
|
32
|
-
"Sven Fuchs",
|
|
33
|
-
"Peter Cooper",
|
|
34
|
-
"Matthias Viehweger",
|
|
35
|
-
"Kingsley Hendrickse",
|
|
36
|
-
"Ohad Levy",
|
|
37
|
-
"Dmitri Dolguikh",
|
|
38
|
-
]
|
|
39
|
-
gem.files.exclude '.travis.yml'
|
|
40
|
-
# dependencies defined in Gemfile
|
|
41
|
-
end
|
|
42
|
-
Jeweler::RubygemsDotOrgTasks.new
|
|
43
|
-
|
|
44
22
|
require 'rake/testtask'
|
|
45
23
|
Rake::TestTask.new(:test) do |test|
|
|
46
24
|
test.libs << 'lib' << 'test'
|
|
@@ -58,7 +36,7 @@ task :default => :test
|
|
|
58
36
|
|
|
59
37
|
require 'rdoc/task'
|
|
60
38
|
Rake::RDocTask.new do |rdoc|
|
|
61
|
-
version =
|
|
39
|
+
version = Gem::Specification.find_by_name('safemode').version
|
|
62
40
|
|
|
63
41
|
rdoc.rdoc_dir = 'rdoc'
|
|
64
42
|
rdoc.title = "safemode #{version}"
|
data/lib/safemode/scope.rb
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
module Safemode
|
|
2
2
|
class Scope < Blankslate
|
|
3
|
-
def initialize(delegate = nil, delegate_methods = [])
|
|
3
|
+
def initialize(delegate = nil, delegate_methods = [], instance_vars: {}, locals: {}, &block)
|
|
4
4
|
@delegate = delegate
|
|
5
5
|
@delegate_methods = delegate_methods
|
|
6
|
-
@locals = {}
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
def bind(instance_vars = {}, locals = {}, &block)
|
|
10
6
|
@locals = symbolize_keys(locals) # why can't I just pull them to local scope in the same way like instance_vars?
|
|
11
7
|
instance_vars = symbolize_keys(instance_vars)
|
|
12
8
|
instance_vars.each {|key, obj| eval "@#{key} = instance_vars[:#{key}]" }
|
|
13
9
|
@_safemode_output = ''
|
|
14
|
-
binding
|
|
10
|
+
@binding = binding
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def get_binding
|
|
14
|
+
@binding
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def to_jail
|
data/lib/safemode.rb
CHANGED
|
@@ -40,19 +40,20 @@ module Safemode
|
|
|
40
40
|
|
|
41
41
|
class Box
|
|
42
42
|
def initialize(delegate = nil, delegate_methods = [], filename = nil, line = nil)
|
|
43
|
-
@
|
|
43
|
+
@delegate = delegate
|
|
44
|
+
@delegate_methods = delegate_methods
|
|
44
45
|
@filename = filename
|
|
45
46
|
@line = line
|
|
46
47
|
end
|
|
47
48
|
|
|
48
49
|
def eval(code, assigns = {}, locals = {}, &block)
|
|
49
50
|
code = Parser.jail(code)
|
|
50
|
-
|
|
51
|
-
|
|
51
|
+
@scope = Scope.new(@delegate, @delegate_methods, instance_vars: assigns, locals: locals, &block)
|
|
52
|
+
Kernel.eval(code, @scope.get_binding, @filename || __FILE__, @line || __LINE__)
|
|
52
53
|
end
|
|
53
|
-
|
|
54
|
+
|
|
54
55
|
def output
|
|
55
56
|
@scope.output
|
|
56
|
-
end
|
|
57
|
+
end
|
|
57
58
|
end
|
|
58
59
|
end
|
data/safemode.gemspec
CHANGED
|
@@ -1,19 +1,26 @@
|
|
|
1
|
-
#
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: safemode 1.3.7 ruby lib
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'date'
|
|
6
4
|
|
|
7
5
|
Gem::Specification.new do |s|
|
|
8
6
|
s.name = "safemode".freeze
|
|
9
|
-
s.version = "1.3.
|
|
7
|
+
s.version = "1.3.8"
|
|
8
|
+
s.date = Date.today
|
|
9
|
+
|
|
10
|
+
s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
|
|
11
|
+
s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
|
|
12
|
+
s.homepage = "https://github.com/svenfuchs/safemode"
|
|
13
|
+
s.licenses = ["MIT"]
|
|
14
|
+
|
|
15
|
+
s.authors = [
|
|
16
|
+
"Sven Fuchs",
|
|
17
|
+
"Peter Cooper",
|
|
18
|
+
"Matthias Viehweger",
|
|
19
|
+
"Kingsley Hendrickse",
|
|
20
|
+
"Ohad Levy",
|
|
21
|
+
"Dmitri Dolguikh",
|
|
22
|
+
]
|
|
10
23
|
|
|
11
|
-
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
|
12
|
-
s.require_paths = ["lib".freeze]
|
|
13
|
-
s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
|
|
14
|
-
s.date = "2022-04-26"
|
|
15
|
-
s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
|
|
16
|
-
s.email = "ohadlevy@gmail.com".freeze
|
|
17
24
|
s.extra_rdoc_files = [
|
|
18
25
|
"LICENSE",
|
|
19
26
|
"README.markdown"
|
|
@@ -23,7 +30,6 @@ Gem::Specification.new do |s|
|
|
|
23
30
|
"LICENSE",
|
|
24
31
|
"README.markdown",
|
|
25
32
|
"Rakefile",
|
|
26
|
-
"VERSION",
|
|
27
33
|
"demo.rb",
|
|
28
34
|
"init.rb",
|
|
29
35
|
"lib/action_view/template_handlers/safe_erb.rb",
|
|
@@ -47,42 +53,15 @@ Gem::Specification.new do |s|
|
|
|
47
53
|
"test/test_safemode_eval.rb",
|
|
48
54
|
"test/test_safemode_parser.rb"
|
|
49
55
|
]
|
|
50
|
-
s.homepage = "https://github.com/svenfuchs/safemode".freeze
|
|
51
|
-
s.licenses = ["MIT".freeze]
|
|
52
|
-
s.rubygems_version = "2.7.6".freeze
|
|
53
|
-
s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
|
|
54
56
|
|
|
55
|
-
|
|
56
|
-
s.specification_version = 4
|
|
57
|
+
s.required_ruby_version = ">= 2.5", "< 4"
|
|
57
58
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
s.add_runtime_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
|
|
62
|
-
s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
|
|
63
|
-
s.add_development_dependency(%q<rake>.freeze, [">= 0"])
|
|
64
|
-
s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
|
|
65
|
-
s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
|
|
66
|
-
s.add_development_dependency(%q<test-unit>.freeze, [">= 0"])
|
|
67
|
-
else
|
|
68
|
-
s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
|
|
69
|
-
s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
|
|
70
|
-
s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
|
|
71
|
-
s.add_dependency(%q<jeweler>.freeze, [">= 0"])
|
|
72
|
-
s.add_dependency(%q<rake>.freeze, [">= 0"])
|
|
73
|
-
s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
|
|
74
|
-
s.add_dependency(%q<simplecov>.freeze, [">= 0"])
|
|
75
|
-
s.add_dependency(%q<test-unit>.freeze, [">= 0"])
|
|
76
|
-
end
|
|
77
|
-
else
|
|
78
|
-
s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
|
|
79
|
-
s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
|
|
80
|
-
s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
|
|
81
|
-
s.add_dependency(%q<jeweler>.freeze, [">= 0"])
|
|
82
|
-
s.add_dependency(%q<rake>.freeze, [">= 0"])
|
|
83
|
-
s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
|
|
84
|
-
s.add_dependency(%q<simplecov>.freeze, [">= 0"])
|
|
85
|
-
s.add_dependency(%q<test-unit>.freeze, [">= 0"])
|
|
86
|
-
end
|
|
87
|
-
end
|
|
59
|
+
s.add_runtime_dependency "ruby2ruby", ">= 2.4.0"
|
|
60
|
+
s.add_runtime_dependency "ruby_parser", ">= 3.10.1"
|
|
61
|
+
s.add_runtime_dependency "sexp_processor", ">= 4.10.0"
|
|
88
62
|
|
|
63
|
+
s.add_development_dependency "rake"
|
|
64
|
+
s.add_development_dependency "rdoc"
|
|
65
|
+
s.add_development_dependency "simplecov"
|
|
66
|
+
s.add_development_dependency "test-unit"
|
|
67
|
+
end
|
data/test/test_safemode_eval.rb
CHANGED
|
@@ -80,6 +80,10 @@ class TestSafemodeEval < Test::Unit::TestCase
|
|
|
80
80
|
assert_raise_security '"#{`ls -a`}"'
|
|
81
81
|
end
|
|
82
82
|
|
|
83
|
+
def test_should_not_allow_access_to_bind
|
|
84
|
+
assert_raise_security "self.bind('an arg')"
|
|
85
|
+
end
|
|
86
|
+
|
|
83
87
|
TestHelper.no_method_error_raising_calls.each do |call|
|
|
84
88
|
call.gsub!('"', '\\\\"')
|
|
85
89
|
class_eval %Q(
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: safemode
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sven Fuchs
|
|
@@ -10,10 +10,10 @@ authors:
|
|
|
10
10
|
- Kingsley Hendrickse
|
|
11
11
|
- Ohad Levy
|
|
12
12
|
- Dmitri Dolguikh
|
|
13
|
-
autorequire:
|
|
13
|
+
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date:
|
|
16
|
+
date: 2023-07-11 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: ruby2ruby
|
|
@@ -58,7 +58,7 @@ dependencies:
|
|
|
58
58
|
- !ruby/object:Gem::Version
|
|
59
59
|
version: 4.10.0
|
|
60
60
|
- !ruby/object:Gem::Dependency
|
|
61
|
-
name:
|
|
61
|
+
name: rake
|
|
62
62
|
requirement: !ruby/object:Gem::Requirement
|
|
63
63
|
requirements:
|
|
64
64
|
- - ">="
|
|
@@ -72,7 +72,7 @@ dependencies:
|
|
|
72
72
|
- !ruby/object:Gem::Version
|
|
73
73
|
version: '0'
|
|
74
74
|
- !ruby/object:Gem::Dependency
|
|
75
|
-
name:
|
|
75
|
+
name: rdoc
|
|
76
76
|
requirement: !ruby/object:Gem::Requirement
|
|
77
77
|
requirements:
|
|
78
78
|
- - ">="
|
|
@@ -85,20 +85,6 @@ dependencies:
|
|
|
85
85
|
- - ">="
|
|
86
86
|
- !ruby/object:Gem::Version
|
|
87
87
|
version: '0'
|
|
88
|
-
- !ruby/object:Gem::Dependency
|
|
89
|
-
name: rdoc
|
|
90
|
-
requirement: !ruby/object:Gem::Requirement
|
|
91
|
-
requirements:
|
|
92
|
-
- - "~>"
|
|
93
|
-
- !ruby/object:Gem::Version
|
|
94
|
-
version: '3.12'
|
|
95
|
-
type: :development
|
|
96
|
-
prerelease: false
|
|
97
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
98
|
-
requirements:
|
|
99
|
-
- - "~>"
|
|
100
|
-
- !ruby/object:Gem::Version
|
|
101
|
-
version: '3.12'
|
|
102
88
|
- !ruby/object:Gem::Dependency
|
|
103
89
|
name: simplecov
|
|
104
90
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -129,7 +115,7 @@ dependencies:
|
|
|
129
115
|
version: '0'
|
|
130
116
|
description: A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby.
|
|
131
117
|
Provides Rails ActionView template handlers for ERB and Haml.
|
|
132
|
-
email:
|
|
118
|
+
email:
|
|
133
119
|
executables: []
|
|
134
120
|
extensions: []
|
|
135
121
|
extra_rdoc_files:
|
|
@@ -140,7 +126,6 @@ files:
|
|
|
140
126
|
- LICENSE
|
|
141
127
|
- README.markdown
|
|
142
128
|
- Rakefile
|
|
143
|
-
- VERSION
|
|
144
129
|
- demo.rb
|
|
145
130
|
- init.rb
|
|
146
131
|
- lib/action_view/template_handlers/safe_erb.rb
|
|
@@ -167,7 +152,7 @@ homepage: https://github.com/svenfuchs/safemode
|
|
|
167
152
|
licenses:
|
|
168
153
|
- MIT
|
|
169
154
|
metadata: {}
|
|
170
|
-
post_install_message:
|
|
155
|
+
post_install_message:
|
|
171
156
|
rdoc_options: []
|
|
172
157
|
require_paths:
|
|
173
158
|
- lib
|
|
@@ -175,15 +160,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
175
160
|
requirements:
|
|
176
161
|
- - ">="
|
|
177
162
|
- !ruby/object:Gem::Version
|
|
178
|
-
version: '
|
|
163
|
+
version: '2.5'
|
|
164
|
+
- - "<"
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: '4'
|
|
179
167
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
180
168
|
requirements:
|
|
181
169
|
- - ">="
|
|
182
170
|
- !ruby/object:Gem::Version
|
|
183
171
|
version: '0'
|
|
184
172
|
requirements: []
|
|
185
|
-
rubygems_version: 3.
|
|
186
|
-
signing_key:
|
|
173
|
+
rubygems_version: 3.1.6
|
|
174
|
+
signing_key:
|
|
187
175
|
specification_version: 4
|
|
188
176
|
summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser
|
|
189
177
|
and Ruby2Ruby
|
data/VERSION
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
1.3.6
|