RubyGems - safemode - Versions diffs - 1.3.7 → 1.3.8 - Mend

safemode 1.3.7 → 1.3.8

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9bdba4c6031653f1249ce8730385b47d60e917bd089809dfb405612c9a5200d4
-  data.tar.gz: a36f91fec355baf6e0f89c8354f538cfeea2fa6f2838ba6de1416f51d832af9c
+  metadata.gz: 8b248c163601057c5120218eed0df015276c212b4e1fba1ae747893a7fc4e7af
+  data.tar.gz: d421e0b976d32ff63dab93132bf8f92976f69d8daa6cba66f9176ef8c46037fb
 SHA512:
-  metadata.gz: 20b1b1ef4ab2a9b8ac59d281688e118d264bc96f2b2fe0dec48aa3b4ce0c4fdcf0e1612d47a958f0434e5f155219372dc485b32be807bf7b40593ff2a1bc198e
-  data.tar.gz: 33c6602e612d265c4fb227de48ac6f204eb6d473bf35027b181335227584331a80b6fb57e424e5d7c658e3179296505c6800aa0a3a294f33a0e4efc44ac5518a
+  metadata.gz: 8151b4f86ae25ed540effe2aace8decc6696da3b158ecd692f457b2938f5c20ba29f4d7768cb98214b6edb59f2779e33b0bb12b989c38e7837474d8c3b5fb0b0
+  data.tar.gz: e935c7be37e01a45e69506a8753bb179610366053418d7d346734ea065987ff662e9889d3c6e7df6b8b697de01d0d7a4f908738e5e02284e64982cfab849686d

data/Gemfile CHANGED Viewed

@@ -2,16 +2,4 @@
 source 'http://rubygems.org'
-gem 'ruby2ruby', '>= 2.4.0'
-gem 'ruby_parser', '>= 3.10.1'
-gem 'sexp_processor', '>= 4.10.0'
-# Add dependencies to develop your gem here.
-# Include everything needed to run rake, tests, features, etc.
-group :development do
-  gem 'jeweler'
-  gem 'rake'
-  gem 'rdoc', '~> 3.12'
-  gem 'simplecov'
-  gem 'test-unit'
-end
+gemspec

data/README.markdown CHANGED Viewed

@@ -3,8 +3,6 @@
 A library for safe evaluation of Ruby code based on RubyParser and
 Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.
-[![Build Status](https://travis-ci.org/svenfuchs/safemode.svg?branch=master)](https://travis-ci.org/svenfuchs/safemode)
 ### Word of warning
 This library is still highly experimental. Only use it at your own risk for

data/Rakefile CHANGED Viewed

@@ -19,28 +19,6 @@ end
 end
 require 'rake'
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "safemode"
-  gem.homepage = "https://github.com/svenfuchs/safemode"
-  gem.license = "MIT"
-  gem.summary = %Q{A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby}
-  gem.description = %Q{A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.}
-  gem.email = "ohadlevy@gmail.com"
-  gem.authors = [
-    "Sven Fuchs",
-    "Peter Cooper",
-    "Matthias Viehweger",
-    "Kingsley Hendrickse",
-    "Ohad Levy",
-    "Dmitri Dolguikh",
-  ]
-  gem.files.exclude '.travis.yml'
-  # dependencies defined in Gemfile
-end
-Jeweler::RubygemsDotOrgTasks.new
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |test|
   test.libs << 'lib' << 'test'
@@ -58,7 +36,7 @@ task :default => :test
 require 'rdoc/task'
 Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+  version = Gem::Specification.find_by_name('safemode').version
   rdoc.rdoc_dir = 'rdoc'
   rdoc.title = "safemode #{version}"

data/lib/safemode/scope.rb CHANGED Viewed

@@ -1,17 +1,17 @@
 module Safemode
   class Scope < Blankslate
-    def initialize(delegate = nil, delegate_methods = [])
+    def initialize(delegate = nil, delegate_methods = [], instance_vars: {}, locals: {}, &block)
       @delegate = delegate
       @delegate_methods = delegate_methods
-      @locals = {}
-    end
-    def bind(instance_vars = {}, locals = {}, &block)
       @locals = symbolize_keys(locals) # why can't I just pull them to local scope in the same way like instance_vars?
       instance_vars = symbolize_keys(instance_vars)
       instance_vars.each {|key, obj| eval "@#{key} = instance_vars[:#{key}]" }
       @_safemode_output = ''
-      binding
+      @binding = binding
+    end
+    def get_binding
+      @binding
     end
     def to_jail

data/lib/safemode.rb CHANGED Viewed

@@ -40,19 +40,20 @@ module Safemode
   class Box
     def initialize(delegate = nil, delegate_methods = [], filename = nil, line = nil)
-      @scope = Scope.new(delegate, delegate_methods)
+      @delegate = delegate
+      @delegate_methods = delegate_methods
       @filename = filename
       @line = line
     end
     def eval(code, assigns = {}, locals = {}, &block)
       code = Parser.jail(code)
-      binding = @scope.bind(assigns, locals, &block)
-      result = Kernel.eval(code, binding, @filename || __FILE__, @line || __LINE__)
+      @scope = Scope.new(@delegate, @delegate_methods, instance_vars: assigns, locals: locals, &block)
+      Kernel.eval(code, @scope.get_binding, @filename || __FILE__, @line || __LINE__)
     end
     def output
       @scope.output
-    end
+    end
   end
 end

data/safemode.gemspec CHANGED Viewed

@@ -1,19 +1,26 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
-# stub: safemode 1.3.7 ruby lib
+# frozen_string_literal: true
+require 'date'
 Gem::Specification.new do |s|
   s.name = "safemode".freeze
-  s.version = "1.3.7"
+  s.version = "1.3.8"
+  s.date = Date.today
+  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
+  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
+  s.homepage = "https://github.com/svenfuchs/safemode"
+  s.licenses = ["MIT"]
+  s.authors = [
+    "Sven Fuchs",
+    "Peter Cooper",
+    "Matthias Viehweger",
+    "Kingsley Hendrickse",
+    "Ohad Levy",
+    "Dmitri Dolguikh",
+  ]
-  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib".freeze]
-  s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
-  s.date = "2022-04-26"
-  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
-  s.email = "ohadlevy@gmail.com".freeze
   s.extra_rdoc_files = [
     "LICENSE",
     "README.markdown"
@@ -23,7 +30,6 @@ Gem::Specification.new do |s|
     "LICENSE",
     "README.markdown",
     "Rakefile",
-    "VERSION",
     "demo.rb",
     "init.rb",
     "lib/action_view/template_handlers/safe_erb.rb",
@@ -47,42 +53,15 @@ Gem::Specification.new do |s|
     "test/test_safemode_eval.rb",
     "test/test_safemode_parser.rb"
   ]
-  s.homepage = "https://github.com/svenfuchs/safemode".freeze
-  s.licenses = ["MIT".freeze]
-  s.rubygems_version = "2.7.6".freeze
-  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
-  if s.respond_to? :specification_version then
-    s.specification_version = 4
+  s.required_ruby_version = ">= 2.5", "< 4"
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
-      s.add_runtime_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
-      s.add_runtime_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
-      s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
-      s.add_development_dependency(%q<rake>.freeze, [">= 0"])
-      s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
-      s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
-      s.add_development_dependency(%q<test-unit>.freeze, [">= 0"])
-    else
-      s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
-      s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
-      s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
-      s.add_dependency(%q<jeweler>.freeze, [">= 0"])
-      s.add_dependency(%q<rake>.freeze, [">= 0"])
-      s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
-      s.add_dependency(%q<simplecov>.freeze, [">= 0"])
-      s.add_dependency(%q<test-unit>.freeze, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
-    s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
-    s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
-    s.add_dependency(%q<jeweler>.freeze, [">= 0"])
-    s.add_dependency(%q<rake>.freeze, [">= 0"])
-    s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
-    s.add_dependency(%q<simplecov>.freeze, [">= 0"])
-    s.add_dependency(%q<test-unit>.freeze, [">= 0"])
-  end
-end
+  s.add_runtime_dependency "ruby2ruby", ">= 2.4.0"
+  s.add_runtime_dependency "ruby_parser", ">= 3.10.1"
+  s.add_runtime_dependency "sexp_processor", ">= 4.10.0"
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rdoc"
+  s.add_development_dependency "simplecov"
+  s.add_development_dependency "test-unit"
+end

data/test/test_safemode_eval.rb CHANGED Viewed

@@ -80,6 +80,10 @@ class TestSafemodeEval < Test::Unit::TestCase
     assert_raise_security '"#{`ls -a`}"'
   end
+  def test_should_not_allow_access_to_bind
+    assert_raise_security "self.bind('an arg')"
+  end
   TestHelper.no_method_error_raising_calls.each do |call|
     call.gsub!('"', '\\\\"')
     class_eval %Q(

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safemode
 version: !ruby/object:Gem::Version
-  version: 1.3.7
+  version: 1.3.8
 platform: ruby
 authors:
 - Sven Fuchs
@@ -10,10 +10,10 @@ authors:
 - Kingsley Hendrickse
 - Ohad Levy
 - Dmitri Dolguikh
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-26 00:00:00.000000000 Z
+date: 2023-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby2ruby
@@ -58,7 +58,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 4.10.0
 - !ruby/object:Gem::Dependency
-  name: jeweler
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -72,7 +72,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -85,20 +85,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rdoc
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.12'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.12'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -129,7 +115,7 @@ dependencies:
         version: '0'
 description: A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby.
   Provides Rails ActionView template handlers for ERB and Haml.
-email: ohadlevy@gmail.com
+email:
 executables: []
 extensions: []
 extra_rdoc_files:
@@ -140,7 +126,6 @@ files:
 - LICENSE
 - README.markdown
 - Rakefile
-- VERSION
 - demo.rb
 - init.rb
 - lib/action_view/template_handlers/safe_erb.rb
@@ -167,7 +152,7 @@ homepage: https://github.com/svenfuchs/safemode
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -175,15 +160,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.5'
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser
   and Ruby2Ruby

data/VERSION DELETED Viewed

	@@ -1 +0,0 @@
1	- 1.3.6