RubyGems - safemode - Versions diffs - 1.0.1 → 1.0.2 - Mend

safemode 1.0.1 → 1.0.2

Potentially problematic release.

This version of safemode might be problematic. Click here for more details.

Files changed (8) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c245e2873cd76c69b67803ed92c9becc3fda6bed
+  data.tar.gz: 0a3131831248ebe163a82182194e3c4dd436d145
+SHA512:
+  metadata.gz: 4d2efd9c8c6765a53bb2cc704279335605841f8070ddb58aacb015b61c989dd6c1e04f4cbb6434468fdf66f649a3643cc025aee7e172080329f316943c9742b0
+  data.tar.gz: 637be054f12f890b396ac757c6855b38dd8ef4a03a08d1d18830a39c6cde6435f5c30892109f45701b6d35af7858f8c0bf4d7d68932964cb9cbc14da481d52d9

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 1.0.1
1	+ 1.0.2

data/lib/safemode/core_jails.rb CHANGED

@@ -14,8 +14,7 @@ module Safemode
     end
     def core_classes
-      klasses = [ Array, Bignum, Fixnum, Float, Hash,
-                  Range, String, Symbol, Time ]
+      klasses = [ Array, Bignum, Fixnum, Float, Hash, Range, String, Symbol, Time, NilClass, FalseClass, TrueClass ]
       klasses << Date if defined? Date
       klasses << DateTime if defined? DateTime
       klasses
@@ -27,9 +26,9 @@ module Safemode
   end
   # these methods are allowed in all classes if they are present
-  @@default_methods = %w( % & * ** + +@ - -@ / < << <= <=> == === > >= >> ^ | ~
+  @@default_methods = %w( % & * ** + +@ - -@ / < << <= <=> ! != == === > >= >> ^ | ~
                           eql? equal? new methods is_a? kind_of? nil?
-                          [] []= to_a to_jail to_s inspect to_param )
+                          [] []= to_a to_jail to_s inspect to_param not)
   # whitelisted methods for core classes ... kind of arbitrary selection
   @@methods_whitelist = {

data/lib/safemode/jail.rb CHANGED

@@ -24,5 +24,9 @@ module Safemode
       # statement, passing them to a Rails helper etc.
       @source.send(method, *args, &block)
     end
+    def respond_to?(method, include_private = false)
+      self.class.allowed?(method)
+    end
   end
 end

data/safemode.gemspec CHANGED

@@ -5,7 +5,7 @@
 Gem::Specification.new do |s|
   s.name = "safemode"
-  s.version = "1.0.1"
+  s.version = "1.0.2"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Sven Fuchs", "Peter Cooper", "Matthias Viehweger", "Kingsley Hendrickse", "Ohad Levy"]

data/test/test_jail.rb CHANGED

@@ -40,6 +40,11 @@ class TestJail < Test::Unit::TestCase
     assert_equal Article::Jail.allowed_methods, Article::ExtendedJail.allowed_methods
   end
+  def test_respond_to_works_correctly
+    assert @article.respond_to?(:title)
+    assert !@article.respond_to?(:bogus)
+  end
   private
   def objects

data/test/test_safemode_eval.rb CHANGED

@@ -14,7 +14,38 @@ class TestSafemodeEval < Test::Unit::TestCase
       assert_nothing_raised{ @box.eval code }
     end
   end
+  def test_unary_operators_on_instances_of_boolean_vars
+     assert @box.eval('not false')
+     assert @box.eval('!false')
+     assert !@box.eval('not true')
+     assert !@box.eval('!true')
+  end
+  def test_false_class_ops
+      assert !@box.eval('false ^ false')
+      assert !@box.eval('false & false')
+      assert !@box.eval('false && false')
+      assert !@box.eval('false and false')
+      assert !@box.eval('false | false')
+      assert !@box.eval('false || false')
+      assert !@box.eval('false or false')
+      assert @box.eval('false == false')
+      assert @box.eval('false != true')
+    end
+  def test_true_class_ops
+      assert !@box.eval('true ^ true')
+      assert @box.eval('true & true')
+      assert @box.eval('true && true')
+      assert @box.eval('true and true')
+      assert @box.eval('true | true')
+      assert @box.eval('true || true')
+      assert @box.eval('true or true')
+      assert @box.eval('true == true')
+      assert @box.eval('true != false')
+    end
   def test_should_turn_assigns_to_jails
     assert_raise_no_method "@article.system", @assigns
   end

metadata CHANGED

@@ -1,15 +1,9 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: safemode
-version: !ruby/object:Gem::Version
-  hash: 21
-  prerelease:
-  segments:
-  - 1
-  - 0
-  - 1
-  version: 1.0.1
+version: !ruby/object:Gem::Version
+  version: 1.0.2
 platform: ruby
-authors:
+authors:
 - Sven Fuchs
 - Peter Cooper
 - Matthias Viehweger
@@ -18,135 +12,128 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-03-16 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2012-03-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: ruby2ruby
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: ruby_parser
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby_parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: shoulda
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shoulda
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency
-  name: rdoc
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 31
-        segments:
-        - 3
-        - 12
-        version: "3.12"
+      - !ruby/object:Gem::Version
+        version: '3.12'
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency
-  name: bundler
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 23
-        segments:
-        - 1
-        - 0
-        - 0
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 1.0.0
   type: :development
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency
-  name: jeweler
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 49
-        segments:
-        - 1
-        - 8
-        - 3
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
         version: 1.8.3
   type: :development
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency
-  name: rcov
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.8.3
+- !ruby/object:Gem::Dependency
+  name: rcov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id007
-- !ruby/object:Gem::Dependency
-  name: rake
   prerelease: false
-  requirement: &id008 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id008
-description: A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby.
+  Provides Rails ActionView template handlers for ERB and Haml.
 email: ohadlevy@gmail.com
 executables: []
 extensions: []
-extra_rdoc_files:
+extra_rdoc_files:
 - README.markdown
-files:
+files:
 - Gemfile
 - Gemfile.lock
 - LICENCSE
@@ -177,37 +164,28 @@ files:
 - test/test_safemode_eval.rb
 - test/test_safemode_parser.rb
 homepage: http://github.com/svenfuchs/safemode
-licenses:
+licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.19
+rubygems_version: 2.2.2
 signing_key:
 specification_version: 3
-summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby
+summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser
+  and Ruby2Ruby
 test_files: []