safemode 1.3.7 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9bdba4c6031653f1249ce8730385b47d60e917bd089809dfb405612c9a5200d4
-  data.tar.gz: a36f91fec355baf6e0f89c8354f538cfeea2fa6f2838ba6de1416f51d832af9c
+  metadata.gz: 51fa5ec1cd2377a9738d9298baa27c691fe9849a8a9b74532f1f77ffa938b237
+  data.tar.gz: b8fbeefe3b404c4910498cdcacfd4e6dfa06f6cf5369fa7244152f8e3a5943af
 SHA512:
-  metadata.gz: 20b1b1ef4ab2a9b8ac59d281688e118d264bc96f2b2fe0dec48aa3b4ce0c4fdcf0e1612d47a958f0434e5f155219372dc485b32be807bf7b40593ff2a1bc198e
-  data.tar.gz: 33c6602e612d265c4fb227de48ac6f204eb6d473bf35027b181335227584331a80b6fb57e424e5d7c658e3179296505c6800aa0a3a294f33a0e4efc44ac5518a
+  metadata.gz: c22cf3bf164821108828112f05b10bc3e41aa2f123d355803483788dcb9b2ec105bebaabe34f56801543b4e2cbc423a0035ac8f6a81d20bf3f69bd70a91dc1c5
+  data.tar.gz: e010c81530a3db33ab3e5f9fa0edbc46a12daeb60791cc9340185b691f970e7e993cba5a29cd4e5e1aa40855493de66545f2a4624ebaa10edd53da13e51e18e5

data/Gemfile

@@ -2,16 +2,4 @@
 
 source 'http://rubygems.org'
 
-gem 'ruby2ruby', '>= 2.4.0'
-gem 'ruby_parser', '>= 3.10.1'
-gem 'sexp_processor', '>= 4.10.0'
-
-# Add dependencies to develop your gem here.
-# Include everything needed to run rake, tests, features, etc.
-group :development do
-  gem 'jeweler'
-  gem 'rake'
-  gem 'rdoc', '~> 3.12'
-  gem 'simplecov'
-  gem 'test-unit'
-end
+gemspec

data/README.markdown

@@ -3,8 +3,6 @@
 A library for safe evaluation of Ruby code based on RubyParser and
 Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.
 
-[![Build Status](https://travis-ci.org/svenfuchs/safemode.svg?branch=master)](https://travis-ci.org/svenfuchs/safemode)
-
 ### Word of warning
 
 This library is still highly experimental. Only use it at your own risk for
@@ -25,9 +23,11 @@ For manual evaluation of Ruby code and ERB templates see demo.rb
 You can use the ActionView template handlers by registering them, e.g., in 
 a config/initializer file like this:
 
-    # in config/intializer/safemode_tempate_handlers.rb
-    ActionView::Template.register_template_handler :serb, ActionView::TemplateHandlers::SafeErb
-    ActionView::Template.register_template_handler :haml, ActionView::TemplateHandlers::SafeHaml
+```ruby
+# in config/intializer/safemode_tempate_handlers.rb
+ActionView::Template.register_template_handler :serb, ActionView::TemplateHandlers::SafeErb
+ActionView::Template.register_template_handler :haml, ActionView::TemplateHandlers::SafeHaml
+```
 
 If you register the ERB template handler for the file extension :erb be aware
 that this most probably will break when your application tries to render an
@@ -38,11 +38,13 @@ You will then have to "whitelist" all method calls to the objects that are
 registered as template variables by explicitely allowing access to them. You
 can do that by defining a Safemode::Jail class for your classes, like so:
 
-    class User
-      class Jail < Safemode::Jail
-        allow :name
-      end
-    end
+```ruby
+class User
+  class Jail < Safemode::Jail
+    allow :name
+  end
+end
+```
 
 This will allow your template users to access the name method on your User 
 objects.
@@ -65,12 +67,6 @@ Requires the gems:
 * RubyParser
 * Ruby2Ruby
 
-As of writing RubyParser alters StringIO and thus breaks usage with Rails.
-See http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html
-
-A patch is included that fixes this issue and can be applied to RubyParser.
-See lib/ruby\_parser\_string\_io\_patch.diff
-
 ### Credits
 
 * Sven Fuchs - Initial Maintainer

data/Rakefile

@@ -19,28 +19,6 @@ end
 end
 require 'rake'
 
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "safemode"
-  gem.homepage = "https://github.com/svenfuchs/safemode"
-  gem.license = "MIT"
-  gem.summary = %Q{A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby}
-  gem.description = %Q{A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.}
-  gem.email = "ohadlevy@gmail.com"
-  gem.authors = [
-    "Sven Fuchs",
-    "Peter Cooper",
-    "Matthias Viehweger",
-    "Kingsley Hendrickse",
-    "Ohad Levy",
-    "Dmitri Dolguikh",
-  ]
-  gem.files.exclude '.travis.yml'
-  # dependencies defined in Gemfile
-end
-Jeweler::RubygemsDotOrgTasks.new
-
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |test|
   test.libs << 'lib' << 'test'
@@ -58,7 +36,7 @@ task :default => :test
 
 require 'rdoc/task'
 Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+  version = Gem::Specification.find_by_name('safemode').version
 
   rdoc.rdoc_dir = 'rdoc'
   rdoc.title = "safemode #{version}"

data/lib/action_view/template_handlers/safe_haml.rb

@@ -6,7 +6,7 @@ module ActionView
     class SafeHaml < TemplateHandler
       include Compilable rescue nil # does not exist prior Rails 2.1
       extend SafemodeHandler
-      
+
       def self.line_offset
       3
       end

data/lib/action_view/template_handlers/safemode_handler.rb

@@ -5,23 +5,23 @@ module ActionView
       def valid_assigns(assigns)
         assigns = assigns.reject{|key, value| skip_assigns.include?(key) }
       end
-      
+
       def delegate_methods(view)
-        [ :render, :params, :flash ] + 
-        helper_methods(view) + 
+        [ :render, :params, :flash ] +
+        helper_methods(view) +
         ActionController::Routing::Routes.named_routes.helpers
       end
 
       def helper_methods(view)
         view.class.included_modules.collect {|m| m.instance_methods(false) }.flatten.map(&:to_sym)
       end
-      
+
       def skip_assigns
         [ "_cookies", "_flash", "_headers", "_params", "_request",
           "_response", "_session", "before_filter_chain_aborted",
           "ignore_missing_templates", "logger", "request_origin",
           "template", "template_class", "url", "variables_added",
-          "view_paths" ]        
+          "view_paths" ]
       end
     end
   end

data/lib/haml/safemode.rb

@@ -1,6 +1,6 @@
 require 'haml'
 
-module Haml  
+module Haml
   class Buffer
     class Jail < Safemode::Jail
       allow :push_script, :push_text, :_hamlout, :open_tag
@@ -8,33 +8,33 @@ module Haml
   end
 end
 
-module Haml  
+module Haml
   class Engine
-    def precompile_for_safemode(filename, ignore_assigns = [], delegate_methods = [])        
+    def precompile_for_safemode(filename, ignore_assigns = [], delegate_methods = [])
         @precompiled.gsub!('\\','\\\\\\') # backslashes would disappear in compile_template/modul_eval, so we escape them
-        
-        <<-CODE 
+
+        <<-CODE
           buffer = Haml::Buffer.new(#{options_for_buffer.inspect})
           local_assigns = local_assigns.merge :_hamlout => buffer
-          
+
           handler = ActionView::TemplateHandlers::SafeHaml
           assigns = handler.valid_assigns(@template.assigns)
           methods = handler.delegate_methods(self)
           code = %Q(#{code});
-          
+
           box = Safemode::Box.new(self, methods, #{filename.inspect}, 0)
-          box.eval(code, assigns, local_assigns, &lambda{ yield })     
-          buffer.buffer   
+          box.eval(code, assigns, local_assigns, &lambda{ yield })
+          buffer.buffer
         CODE
 
         # preamble =  "buffer = Haml::Buffer.new(#{options_for_buffer.inspect})
         #              local_assigns = local_assigns.merge :_hamlout => buffer
         #              assigns = @template.assigns.reject{|key, value| #{ignore_assigns.inspect}.include?(key) };".gsub("\n", ';')
-        #             
+        #
         # postamble = "box = Safemode::Box.new(self, #{delegate_methods.inspect})
         #              box.eval(code, assigns, local_assigns, &lambda{ yield })
         #              buffer.buffer".gsub("\n", ';')
-        # 
+        #
         # preamble + "code = %Q(#{@precompiled});" + postamble
     end
   end

data/lib/safemode/core_ext.rb

@@ -1,12 +1,12 @@
-module Kernel  
+module Kernel
   def silently(&blk)
     old_verbose, $VERBOSE = $VERBOSE, nil
     yield
     $VERBOSE = old_verbose
-  end   
+  end
 end
 
-class Module  
+class Module
   def undef_methods(*methods)
     methods.each { |name| undef_method(name) }
   end
@@ -29,7 +29,7 @@ end
 #     Safemode.jail collect{ |obj| obj.to_jail }
 #   end
 # end
-# 
+#
 # class Hash
 #   def to_jail
 #     hash = {}

data/lib/safemode/exceptions.rb

@@ -1,19 +1,19 @@
 module Safemode
   class Error < RuntimeError; end
-  
+
   class SecurityError < Error
     @@types = { :const => 'constant',
                 :xstr  => 'shell command',
                 :fcall => 'method',
                 :vcall => 'method',
                 :gvar  => 'global variable' }
-               
+
     def initialize(type, value = nil)
       type = @@types[type] if @@types.include?(type)
       super "Safemode doesn't allow to access '#{type}'" + (value ? " on #{value}" : '')
     end
   end
-  
+
   class NoMethodError < Error
     def initialize(method, jail, source = nil)
       super "undefined method '#{method}' for #{jail}" + (source ? " (#{source})" : '')

data/lib/safemode/jail.rb

@@ -12,7 +12,7 @@ module Safemode
       @source.to_s
     end
 
-    def method_missing(method, *args, &block)
+    def method_missing(method, *args, **kwargs, &block)
       if @source.is_a?(Class)
         unless self.class.allowed_class_method?(method)
           raise Safemode::NoMethodError.new(".#{method}", self.class.name, @source.name)
@@ -28,7 +28,7 @@ module Safemode
       # don't need to jail objects returned from a jail. Doing so would provide
       # "double" protection, but it also would break using a return value in an if
       # statement, passing them to a Rails helper etc.
-      @source.send(method, *args, &block)
+      @source.send(method, *args, **kwargs, &block)
     end
 
     def respond_to_missing?(method_name, include_private = false)

data/lib/safemode/parser.rb

@@ -26,19 +26,22 @@ module Safemode
       end
     end
 
-    def jail(str, parentheses = false)
-      str = parentheses ? "(#{str})." : "#{str}." if str
+    def jail(str, parentheses = false, safe_call: false)
+      str = if str
+              dot = safe_call ? "&." : "."
+              parentheses ? "(#{str})#{dot}" : "#{str}#{dot}"
+            end
       "#{str}to_jail"
     end
 
     # split up #process_call. see below ...
-    def process_call(exp)
-      exp.shift # remove ":call" symbol
-      receiver = jail process_call_receiver(exp)
-      name = exp.shift
-      args = process_call_args(exp)
+    def process_call(exp, safe_call = false)
+      _, recv, name, *args = exp
 
-      process_call_code(receiver, name, args)
+      receiver = jail(process_call_receiver(recv), safe_call: safe_call)
+      arguments = process_call_args(name, args)
+
+      process_call_code(receiver, name, arguments, safe_call)
     end
 
     def process_fcall(exp)
@@ -140,44 +143,67 @@ module Safemode
     # split up Ruby2Ruby#process_call monster method so we can hook into it
     # in a more readable manner
 
-    def process_call_receiver(exp)
-      receiver_node_type = exp.first.nil? ? nil : exp.first.first
-      receiver = process exp.shift
-      receiver = "(#{receiver})" if
-        Ruby2Ruby::ASSIGN_NODES.include? receiver_node_type
+    def process_call_receiver(recv)
+      receiver_node_type = recv && recv.sexp_type
+      receiver = process recv
+      receiver = "(#{receiver})" if ASSIGN_NODES.include? receiver_node_type
       receiver
     end
 
-    def process_call_args(exp)
-      args = []
-      while not exp.empty? do
-        args_exp = exp.shift
-        if args_exp && args_exp.first == :array # FIX
-          processed = "#{process(args_exp)[1..-2]}"
-        else
-          processed = process args_exp
-        end
-        args << processed unless (processed.nil? or processed.empty?)
+    def process_call_args(name, args)
+      in_context :arglist do
+        max = args.size - 1
+        args = args.map.with_index { |arg, i|
+          arg_type = arg.sexp_type
+          is_empty_hash = arg == s(:hash)
+          arg = process arg
+
+          next if arg.empty?
+
+          strip_hash = (arg_type == :hash and
+                        not BINARY.include? name and
+                        not is_empty_hash and
+                        (i == max or args[i + 1].sexp_type == :splat))
+          wrap_arg = Ruby2Ruby::ASSIGN_NODES.include? arg_type
+
+          arg = arg[2..-3] if strip_hash
+          arg = "(#{arg})" if wrap_arg
+
+          arg
+        }.compact
       end
-      args.empty? ? nil : args.join(", ")
     end
 
-    def process_call_code(receiver, name, args)
+    def process_call_code(receiver, name, args, safe_call)
       case name
-      when :<=>, :==, "!=".to_sym, :<, :>, :<=, :>=, :-, :+, :*, :/, :%, :<<, :>>, :** then
-        "(#{receiver} #{name} #{args})"
+      when *BINARY then
+        if safe_call
+          "#{receiver}&.#{name}(#{args.join(", ")})"
+        elsif args.length > 1
+          "#{receiver}.#{name}(#{args.join(", ")})"
+        else
+          "(#{receiver} #{name} #{args.join(", ")})"
+        end
       when :[] then
-        "#{receiver}[#{args}]"
+        receiver ||= "self"
+        "#{receiver}[#{args.join(", ")}]"
+      when :[]= then
+        receiver ||= "self"
+        rhs = args.pop
+        "#{receiver}[#{args.join(", ")}] = #{rhs}"
+      when :"!" then
+        "(not #{receiver})"
       when :"-@" then
         "-#{receiver}"
       when :"+@" then
         "+#{receiver}"
       else
-        unless receiver.nil? then
-          "#{receiver}.#{name}#{args ? "(#{args})" : args}"
-        else
-          "#{name}#{args ? "(#{args})" : args}"
-        end
+        args     = nil                    if args.empty?
+        args     = "(#{args.join(", ")})" if args
+        receiver = "#{receiver}."         if receiver and not safe_call
+        receiver = "#{receiver}&."        if receiver and safe_call
+
+        "#{receiver}#{name}#{args}"
       end
     end
 

data/lib/safemode/scope.rb

@@ -1,58 +1,64 @@
 module Safemode
   class Scope < Blankslate
-    def initialize(delegate = nil, delegate_methods = [])
-      @delegate = delegate        
+    def initialize(delegate = nil, delegate_methods = [], instance_vars: {}, locals: {}, &block)
+      @delegate = delegate
       @delegate_methods = delegate_methods
-      @locals = {}
-    end
-    
-    def bind(instance_vars = {}, locals = {}, &block)
       @locals = symbolize_keys(locals) # why can't I just pull them to local scope in the same way like instance_vars?
       instance_vars = symbolize_keys(instance_vars)
       instance_vars.each {|key, obj| eval "@#{key} = instance_vars[:#{key}]" }
       @_safemode_output = ''
-      binding
+      @binding = binding
+    end
+
+    def get_binding
+      @binding
     end
-  
+
     def to_jail
       self
     end
-    
+
     def puts(*args)
       print args.to_s + "\n"
     end
 
-    def print(*args)      
+    def print(*args)
       @_safemode_output += args.to_s
     end
-    
+
     def output
       @_safemode_output
     end
 
-    def method_missing(method, *args, &block)
+    def method_missing(method, *args, **kwargs, &block)
       if @locals.has_key?(method)
         @locals[method]
       elsif @delegate_methods.include?(method)
-        @delegate.send method, *unjail_args(args), &block
+        @delegate.send method, *unjail_args(args), **unjail_kwargs(kwargs), &block
       else
         raise Safemode::SecurityError.new(method, "#<Safemode::ScopeObject>")
       end
     end
-    
+
     private
-    
+
       def symbolize_keys(hash)
-        hash.inject({}) do |hash, (key, value)| 
+        hash.inject({}) do |hash, (key, value)|
           hash[key.to_s.intern] = value
           hash
         end
       end
-    
+
+      def unjail(arg)
+        arg.class.name.end_with?('::Jail') ? arg.instance_variable_get(:@source) : arg
+      end
+
       def unjail_args(args)
-        args.collect do |arg|        
-          arg.class.name =~ /::Jail$/ ? arg.instance_variable_get(:@source) : arg
-        end
+        args.collect { |arg| unjail(arg) }
+      end
+
+      def unjail_kwargs(kwargs)
+        kwargs.map { |key, value| [unjail(key), unjail(value)] }.to_h
       end
   end
 end

data/lib/safemode.rb

@@ -26,7 +26,7 @@ module Safemode
     def jail(obj)
       find_jail_class(obj.is_a?(Class) ? obj : obj.class).new obj
     end
-    
+
     def find_jail_class(klass)
       while klass != Object
         return klass.const_get('Jail') if klass.const_defined?('Jail')
@@ -35,24 +35,25 @@ module Safemode
       Jail
     end
   end
-    
+
   define_core_jail_classes
-  
+
   class Box
     def initialize(delegate = nil, delegate_methods = [], filename = nil, line = nil)
-      @scope = Scope.new(delegate, delegate_methods)
+      @delegate = delegate
+      @delegate_methods = delegate_methods
       @filename = filename
       @line = line
-    end    
+    end
 
     def eval(code, assigns = {}, locals = {}, &block)
       code = Parser.jail(code)
-      binding = @scope.bind(assigns, locals, &block)
-      result = Kernel.eval(code, binding, @filename || __FILE__, @line || __LINE__)
+      @scope = Scope.new(@delegate, @delegate_methods, instance_vars: assigns, locals: locals, &block)
+      Kernel.eval(code, @scope.get_binding, @filename || __FILE__, @line || __LINE__)
     end
-    
+
     def output
       @scope.output
-    end 
+    end
   end
 end

data/safemode.gemspec

@@ -1,19 +1,26 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
-# stub: safemode 1.3.7 ruby lib
+# frozen_string_literal: true
+
+require 'date'
 
 Gem::Specification.new do |s|
   s.name = "safemode".freeze
-  s.version = "1.3.7"
+  s.version = "1.4.0"
+  s.date = Date.today
+
+  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
+  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
+  s.homepage = "https://github.com/svenfuchs/safemode"
+  s.licenses = ["MIT"]
+
+  s.authors = [
+    "Sven Fuchs",
+    "Peter Cooper",
+    "Matthias Viehweger",
+    "Kingsley Hendrickse",
+    "Ohad Levy",
+    "Dmitri Dolguikh",
+  ]
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib".freeze]
-  s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
-  s.date = "2022-04-26"
-  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
-  s.email = "ohadlevy@gmail.com".freeze
   s.extra_rdoc_files = [
     "LICENSE",
     "README.markdown"
@@ -23,15 +30,12 @@ Gem::Specification.new do |s|
     "LICENSE",
     "README.markdown",
     "Rakefile",
-    "VERSION",
     "demo.rb",
     "init.rb",
     "lib/action_view/template_handlers/safe_erb.rb",
     "lib/action_view/template_handlers/safe_haml.rb",
     "lib/action_view/template_handlers/safemode_handler.rb",
     "lib/haml/safemode.rb",
-    "lib/ruby_parser_string_io_patch.diff",
-    "lib/rubyparser_bug.rb",
     "lib/safemode.rb",
     "lib/safemode/blankslate.rb",
     "lib/safemode/core_ext.rb",
@@ -47,42 +51,15 @@ Gem::Specification.new do |s|
     "test/test_safemode_eval.rb",
     "test/test_safemode_parser.rb"
   ]
-  s.homepage = "https://github.com/svenfuchs/safemode".freeze
-  s.licenses = ["MIT".freeze]
-  s.rubygems_version = "2.7.6".freeze
-  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
 
-  if s.respond_to? :specification_version then
-    s.specification_version = 4
+  s.required_ruby_version = ">= 2.7", "< 3.1"
 
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
-      s.add_runtime_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
-      s.add_runtime_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
-      s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
-      s.add_development_dependency(%q<rake>.freeze, [">= 0"])
-      s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
-      s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
-      s.add_development_dependency(%q<test-unit>.freeze, [">= 0"])
-    else
-      s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
-      s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
-      s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
-      s.add_dependency(%q<jeweler>.freeze, [">= 0"])
-      s.add_dependency(%q<rake>.freeze, [">= 0"])
-      s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
-      s.add_dependency(%q<simplecov>.freeze, [">= 0"])
-      s.add_dependency(%q<test-unit>.freeze, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
-    s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
-    s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
-    s.add_dependency(%q<jeweler>.freeze, [">= 0"])
-    s.add_dependency(%q<rake>.freeze, [">= 0"])
-    s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
-    s.add_dependency(%q<simplecov>.freeze, [">= 0"])
-    s.add_dependency(%q<test-unit>.freeze, [">= 0"])
-  end
-end
+  s.add_runtime_dependency "ruby2ruby", ">= 2.4.0"
+  s.add_runtime_dependency "ruby_parser", ">= 3.10.1"
+  s.add_runtime_dependency "sexp_processor", ">= 4.10.0"
 
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rdoc"
+  s.add_development_dependency "simplecov"
+  s.add_development_dependency "test-unit"
+end

data/test/test_erb_eval.rb

@@ -2,7 +2,7 @@ require File.join(File.dirname(__FILE__), 'test_helper')
 
 class TestERBEval < Test::Unit::TestCase
   include TestHelper
-  
+
   def setup
     @box = Safemode::Box.new
     @locals = { :article => Article.new }
@@ -18,45 +18,45 @@ class TestERBEval < Test::Unit::TestCase
       assert_nothing_raised{ @box.eval code }
     end
   end
-  
+
   def test_should_turn_assigns_to_jails
     assert_raise_no_method "@article.system", @assigns, &@erb_parse
   end
-  
+
   def test_should_turn_locals_to_jails
     code = @erb_parse.call "article.system"
     assert_raise(Safemode::NoMethodError){ @box.eval code, {}, @locals }
   end
-  
+
   def test_should_allow_method_access_on_assigns
     code = @erb_parse.call "@article.title"
     assert_nothing_raised{ @box.eval code, @assigns }
   end
-  
+
   def test_should_allow_method_access_on_locals
     code = @erb_parse.call "article.title"
     assert_nothing_raised{ @box.eval code, {}, @locals }
   end
-  
+
   def test_should_not_raise_on_if_using_return_values
     code = @erb_parse.call "if @article.is_article?\n 1\n end"
     assert_nothing_raised{ @box.eval code, @assigns }
   end
-  
+
   def test_should_work_with_if_using_return_values
     code = @erb_parse.call "if @article.is_article? then 1 end"
     assert_equal @box.eval(code, @assigns), "1" # ERB calls to_s on the result of the if block
   end
-  
+
   def test__FILE__should_not_render_filename
     code = @erb_parse.call "__FILE__"
     assert_equal '(string)', @box.eval(code)
   end
-  
+
   def test_interpolated_xstr_should_raise_security
     assert_raise_security '"#{`ls -a`}"'
-  end  
-        
+  end
+
   TestHelper.no_method_error_raising_calls.each do |call|
     call.gsub!('"', '\\\\"')
     class_eval %Q(
@@ -65,7 +65,7 @@ class TestERBEval < Test::Unit::TestCase
       end
     )
   end
-  
+
   TestHelper.security_error_raising_calls.each do |call|
     call.gsub!('"', '\\\\"')
     class_eval %Q(
@@ -73,6 +73,6 @@ class TestERBEval < Test::Unit::TestCase
         assert_raise_security "#{call}", @assigns, @locals
       end
     )
-  end  
+  end
 
 end

data/test/test_helper.rb

@@ -110,8 +110,12 @@ class Article
     Comment
   end
 
-  def method_missing(method, *args, &block)
-    super(method, *args, &block)
+  def method_with_kwargs(a_keyword: false)
+    a_keyword
+  end
+
+  def method_missing(method, *args, **kwargs, &block)
+    super
   end
 end
 
@@ -144,7 +148,7 @@ class Comment
 end
 
 class Article::Jail < Safemode::Jail
-  allow :title, :comments, :is_article?, :comment_class
+  allow :title, :comments, :is_article?, :comment_class, :method_with_kwargs
 
   def author_name
     "this article's author name"

data/test/test_jail.rb

@@ -24,6 +24,16 @@ class TestJail < Test::Unit::TestCase
     assert_equal "Article::Jail", @article.class.name
   end
 
+  def test_sending_of_kwargs_works
+    assert @article.method_with_kwargs(a_keyword: true)
+  end
+
+  def test_sending_to_method_missing
+    assert_raise_with_message(Safemode::NoMethodError, /#no_such_method/) do
+      @article.no_such_method('arg', key: 'value')
+    end
+  end
+
   def test_jail_instances_should_have_limited_methods
     expected = ["class", "method_missing", "methods", "respond_to?", "to_jail", "to_s", "instance_variable_get"]
     objects.each do |object|

data/test/test_safemode_eval.rb

@@ -17,6 +17,10 @@ class TestSafemodeEval < Test::Unit::TestCase
     end
   end
 
+   def test_safe_navigation_operator
+     assert_equal "1", @box.eval('x = 1; x&.to_s')
+   end
+
   def test_unary_operators_on_instances_of_boolean_vars
     assert @box.eval('not false')
     assert @box.eval('!false')
@@ -80,6 +84,20 @@ class TestSafemodeEval < Test::Unit::TestCase
     assert_raise_security '"#{`ls -a`}"'
   end
 
+  def test_should_not_allow_access_to_bind
+    assert_raise_security "self.bind('an arg')"
+  end
+
+  def test_sending_of_kwargs_works
+    assert @box.eval("@article.method_with_kwargs(a_keyword: true)", @assigns)
+  end
+
+  def test_sending_to_method_missing
+    assert_raise_with_message(Safemode::NoMethodError, /#no_such_method/) do
+      @box.eval("@article.no_such_method('arg', key: 'value')", @assigns)
+    end
+  end
+
   TestHelper.no_method_error_raising_calls.each do |call|
     call.gsub!('"', '\\\\"')
     class_eval %Q(

data/test/test_safemode_parser.rb

@@ -4,27 +4,55 @@ class TestSafemodeParser < Test::Unit::TestCase
   def test_vcall_should_be_jailed
     assert_jailed 'to_jail.a.to_jail.class', 'a.class'
   end
-    
+
   def test_call_should_be_jailed
     assert_jailed '(1.to_jail + 1).to_jail.class', '(1 + 1).class'
   end
-    
+
   def test_estr_should_be_jailed
     assert_jailed '"#{1.to_jail.class}"', '"#{1.class}"'
   end
-    
+
   def test_if_should_be_usable_for_erb
     assert_jailed "if true then\n 1\nend", "if true\n 1\n end"
   end
-    
+
   def test_if_else_should_be_usable_for_erb
     assert_jailed "if true then\n 1\n else\n2\nend", "if true\n 1\n else\n2\n end"
   end
-    
+
   def test_ternary_should_be_usable_for_erb
     assert_jailed "if true then\n 1\n else\n2\nend", "true ? 1 : 2"
   end
 
+  def test_call_with_shorthand
+    unsafe = <<~UNSAFE
+      a_keyword = true
+      @article.method_with_kwargs(a_keyword:)
+    UNSAFE
+    jailed = <<~JAILED
+      a_keyword = true
+      @article.to_jail.method_with_kwargs(a_keyword:)
+    JAILED
+    assert_jailed jailed, unsafe
+  end
+
+  def test_call_with_complex_args
+    unsafe = "kwargs = { b_keyword: false }; @article.method_with_kwargs('positional', a_keyword: true, **kwargs)"
+    jailed = "kwargs = { :b_keyword => false }\n@article.to_jail.method_with_kwargs(\"positional\", :a_keyword => true, **kwargs)\n"
+    assert_jailed jailed, unsafe
+  end
+
+  def test_safe_call_simple
+    assert_jailed '@article&.to_jail&.method', '@article&.method'
+  end
+
+  def test_safe_call_with_complex_args
+    unsafe = "kwargs = { b_keyword: false }; @article&.method_with_kwargs('positional', a_keyword: true, **kwargs)"
+    jailed = "kwargs = { :b_keyword => false }\n@article&.to_jail&.method_with_kwargs(\"positional\", :a_keyword => true, **kwargs)\n"
+    assert_jailed jailed, unsafe
+  end
+
   def test_output_buffer_should_be_assignable
     assert_nothing_raised do
       jail('@output_buffer = ""')
@@ -38,11 +66,11 @@ class TestSafemodeParser < Test::Unit::TestCase
   end
 
 private
-  
+
   def assert_jailed(expected, code)
     assert_equal expected.gsub(' ', ''), jail(code).gsub(' ', '')
-  end 
-  
+  end
+
   def jail(code)
     Safemode::Parser.jail(code)
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safemode
 version: !ruby/object:Gem::Version
-  version: 1.3.7
+  version: 1.4.0
 platform: ruby
 authors:
 - Sven Fuchs
@@ -10,10 +10,10 @@ authors:
 - Kingsley Hendrickse
 - Ohad Levy
 - Dmitri Dolguikh
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-26 00:00:00.000000000 Z
+date: 2023-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby2ruby
@@ -58,7 +58,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 4.10.0
 - !ruby/object:Gem::Dependency
-  name: jeweler
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -72,7 +72,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -85,20 +85,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rdoc
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.12'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.12'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -129,7 +115,7 @@ dependencies:
         version: '0'
 description: A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby.
   Provides Rails ActionView template handlers for ERB and Haml.
-email: ohadlevy@gmail.com
+email: 
 executables: []
 extensions: []
 extra_rdoc_files:
@@ -140,15 +126,12 @@ files:
 - LICENSE
 - README.markdown
 - Rakefile
-- VERSION
 - demo.rb
 - init.rb
 - lib/action_view/template_handlers/safe_erb.rb
 - lib/action_view/template_handlers/safe_haml.rb
 - lib/action_view/template_handlers/safemode_handler.rb
 - lib/haml/safemode.rb
-- lib/ruby_parser_string_io_patch.diff
-- lib/rubyparser_bug.rb
 - lib/safemode.rb
 - lib/safemode/blankslate.rb
 - lib/safemode/core_ext.rb
@@ -167,7 +150,7 @@ homepage: https://github.com/svenfuchs/safemode
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -175,15 +158,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.7'
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.1.6
+signing_key: 
 specification_version: 4
 summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser
   and Ruby2Ruby

data/VERSION

@@ -1 +0,0 @@
-1.3.6

data/lib/ruby_parser_string_io_patch.diff

@@ -1,194 +0,0 @@
---- lib/ruby_lexer.rb	2008-04-27 01:07:24.000000000 +0200
-+++ lib/ruby_lexer.rb	2008-04-27 01:07:03.000000000 +0200
-@@ -45,7 +45,7 @@
-     raise "bad val: #{str.inspect}" unless String === str
- 
-     self.file = file
--    self.lexer.src = StringIO.new(str)
-+    self.lexer.src = RubyParser::StringIO.new(str)
- 
-     @yydebug = ENV.has_key? 'DEBUG'
- 
-@@ -2604,104 +2604,106 @@
-   end
- end
- 
--class StringIO # HACK: everything in here is a hack
--  attr_accessor :begin_of_line, :was_begin_of_line
--  alias :begin_of_line? :begin_of_line
--  alias :read_all :read
-+class RubyParser
-+  class StringIO < StringIO # HACK: everything in here is a hack
-+    attr_accessor :begin_of_line, :was_begin_of_line
-+    alias :begin_of_line? :begin_of_line
-+    alias :read_all :read
- 
--  alias :old_initialize :initialize
-+    alias :old_initialize :initialize
-   
--  def initialize(*args)
--    self.begin_of_line = true
--    self.was_begin_of_line = false
--    old_initialize(*args)
--    @original_string = self.string.dup
--  end
-+    def initialize(*args)
-+      self.begin_of_line = true
-+      self.was_begin_of_line = false
-+      old_initialize(*args)
-+      @original_string = self.string.dup
-+    end
- 
--  def rest
--    self.string[self.pos..-1]
--  end
-+    def rest
-+      self.string[self.pos..-1]
-+    end
- 
--  def current_line # HAHA fuck you
--    @original_string[0..self.pos][/\A.*__LINE__/m].split(/\n/).size
--  end
-+    def current_line # HAHA fuck you
-+      @original_string[0..self.pos][/\A.*__LINE__/m].split(/\n/).size
-+    end
- 
--  def read
--    c = self.getc
-+    def read
-+      c = self.getc
- 
--    if c == ?\r then
--      d = self.getc
--      self.ungetc d if d and d != ?\n
--      c = ?\n
--    end
-+      if c == ?\r then
-+        d = self.getc
-+        self.ungetc d if d and d != ?\n
-+        c = ?\n
-+      end
-     
--    self.was_begin_of_line = self.begin_of_line
--    self.begin_of_line = c == ?\n
--    if c and c != 0 then
--      c.chr
--    else
--      ::RubyLexer::EOF
-+      self.was_begin_of_line = self.begin_of_line
-+      self.begin_of_line = c == ?\n
-+      if c and c != 0 then
-+        c.chr
-+      else
-+        ::RubyLexer::EOF
-+      end
-     end
--  end
- 
--  def match_string term, indent=false # TODO: add case insensitivity, or just remove
--    buffer = []
-+    def match_string term, indent=false # TODO: add case insensitivity, or just remove
-+      buffer = []
- 
--    if indent
--      while c = self.read do
--        if c !~ /\s/ or c == "\n" or c == "\r" then
--          self.unread c
--          break
-+      if indent
-+        while c = self.read do
-+          if c !~ /\s/ or c == "\n" or c == "\r" then
-+            self.unread c
-+            break
-+          end
-+          buffer << c
-         end
--        buffer << c
-       end
--    end
- 
--    term.each_byte do |c2|
--      c = self.read
--      c = self.read if c and c == "\r"
--      buffer << c
--      if c and c2 != c[0] then
--        self.unread_many buffer.join # HACK omg
--        return false
-+      term.each_byte do |c2|
-+        c = self.read
-+        c = self.read if c and c == "\r"
-+        buffer << c
-+        if c and c2 != c[0] then
-+          self.unread_many buffer.join # HACK omg
-+          return false
-+        end
-       end
-+
-+      return true
-     end
- 
--    return true
--  end
-+    def read_line
-+      self.begin_of_line = true
-+      self.was_begin_of_line = false
-+      gets.sub(/\r\n?$/, "\n") # HACK
-+    end
- 
--  def read_line
--    self.begin_of_line = true
--    self.was_begin_of_line = false
--    gets.sub(/\r\n?$/, "\n") # HACK
--  end
--
--  def peek expected = nil # FIX: barf
--    c = self.getc
--    return RubyLexer::EOF if c.nil?
--    self.ungetc c if c
--    c = c.chr if c
--    if expected then
--      c == expected
--    else
--      c
-+    def peek expected = nil # FIX: barf
-+      c = self.getc
-+      return RubyLexer::EOF if c.nil?
-+      self.ungetc c if c
-+      c = c.chr if c
-+      if expected then
-+        c == expected
-+      else
-+        c
-+      end
-     end
--  end
- 
--  def unread(c)
--    return if c.nil? # UGH
-+    def unread(c)
-+      return if c.nil? # UGH
- 
--    # HACK: only depth is 2... who cares? really I want to remove all of this
--    self.begin_of_line = self.was_begin_of_line || true
--    self.was_begin_of_line = nil
-+      # HACK: only depth is 2... who cares? really I want to remove all of this
-+      self.begin_of_line = self.was_begin_of_line || true
-+      self.was_begin_of_line = nil
- 
--    c = c[0] if String === c
--    self.ungetc c
--  end
-+      c = c[0] if String === c
-+      self.ungetc c
-+    end
- 
--  def unread_many str
--    str.split(//).reverse.each do |c|
--      unread c
-+    def unread_many str
-+      str.split(//).reverse.each do |c|
-+        unread c
-+      end
-     end
-   end
- end

data/lib/rubyparser_bug.rb

@@ -1,8 +0,0 @@
-require 'rubygems'
-require 'ruby2ruby'
-
-sexp = ParseTree.translate('a')
-puts Ruby2Ruby.new.process(sexp)
-
-# should work, but yields:
-# UnknownNodeError: Bug! Unknown node-type :vcall to Ruby2Ruby