safemode 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of safemode might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/VERSION +1 -1
- data/lib/safemode/core_jails.rb +3 -4
- data/lib/safemode/jail.rb +4 -0
- data/safemode.gemspec +1 -1
- data/test/test_jail.rb +5 -0
- data/test/test_safemode_eval.rb +32 -1
- metadata +117 -139
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: c245e2873cd76c69b67803ed92c9becc3fda6bed
|
4
|
+
data.tar.gz: 0a3131831248ebe163a82182194e3c4dd436d145
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4d2efd9c8c6765a53bb2cc704279335605841f8070ddb58aacb015b61c989dd6c1e04f4cbb6434468fdf66f649a3643cc025aee7e172080329f316943c9742b0
|
7
|
+
data.tar.gz: 637be054f12f890b396ac757c6855b38dd8ef4a03a08d1d18830a39c6cde6435f5c30892109f45701b6d35af7858f8c0bf4d7d68932964cb9cbc14da481d52d9
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.2
|
data/lib/safemode/core_jails.rb
CHANGED
@@ -14,8 +14,7 @@ module Safemode
|
|
14
14
|
end
|
15
15
|
|
16
16
|
def core_classes
|
17
|
-
klasses = [ Array, Bignum, Fixnum, Float, Hash,
|
18
|
-
Range, String, Symbol, Time ]
|
17
|
+
klasses = [ Array, Bignum, Fixnum, Float, Hash, Range, String, Symbol, Time, NilClass, FalseClass, TrueClass ]
|
19
18
|
klasses << Date if defined? Date
|
20
19
|
klasses << DateTime if defined? DateTime
|
21
20
|
klasses
|
@@ -27,9 +26,9 @@ module Safemode
|
|
27
26
|
end
|
28
27
|
|
29
28
|
# these methods are allowed in all classes if they are present
|
30
|
-
@@default_methods = %w( % & * ** + +@ - -@ / < << <= <=> == === > >= >> ^ | ~
|
29
|
+
@@default_methods = %w( % & * ** + +@ - -@ / < << <= <=> ! != == === > >= >> ^ | ~
|
31
30
|
eql? equal? new methods is_a? kind_of? nil?
|
32
|
-
[] []= to_a to_jail to_s inspect to_param )
|
31
|
+
[] []= to_a to_jail to_s inspect to_param not)
|
33
32
|
|
34
33
|
# whitelisted methods for core classes ... kind of arbitrary selection
|
35
34
|
@@methods_whitelist = {
|
data/lib/safemode/jail.rb
CHANGED
data/safemode.gemspec
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "safemode"
|
8
|
-
s.version = "1.0.
|
8
|
+
s.version = "1.0.2"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Sven Fuchs", "Peter Cooper", "Matthias Viehweger", "Kingsley Hendrickse", "Ohad Levy"]
|
data/test/test_jail.rb
CHANGED
@@ -40,6 +40,11 @@ class TestJail < Test::Unit::TestCase
|
|
40
40
|
assert_equal Article::Jail.allowed_methods, Article::ExtendedJail.allowed_methods
|
41
41
|
end
|
42
42
|
|
43
|
+
def test_respond_to_works_correctly
|
44
|
+
assert @article.respond_to?(:title)
|
45
|
+
assert !@article.respond_to?(:bogus)
|
46
|
+
end
|
47
|
+
|
43
48
|
private
|
44
49
|
|
45
50
|
def objects
|
data/test/test_safemode_eval.rb
CHANGED
@@ -14,7 +14,38 @@ class TestSafemodeEval < Test::Unit::TestCase
|
|
14
14
|
assert_nothing_raised{ @box.eval code }
|
15
15
|
end
|
16
16
|
end
|
17
|
-
|
17
|
+
|
18
|
+
def test_unary_operators_on_instances_of_boolean_vars
|
19
|
+
assert @box.eval('not false')
|
20
|
+
assert @box.eval('!false')
|
21
|
+
assert !@box.eval('not true')
|
22
|
+
assert !@box.eval('!true')
|
23
|
+
end
|
24
|
+
|
25
|
+
def test_false_class_ops
|
26
|
+
assert !@box.eval('false ^ false')
|
27
|
+
assert !@box.eval('false & false')
|
28
|
+
assert !@box.eval('false && false')
|
29
|
+
assert !@box.eval('false and false')
|
30
|
+
assert !@box.eval('false | false')
|
31
|
+
assert !@box.eval('false || false')
|
32
|
+
assert !@box.eval('false or false')
|
33
|
+
assert @box.eval('false == false')
|
34
|
+
assert @box.eval('false != true')
|
35
|
+
end
|
36
|
+
|
37
|
+
def test_true_class_ops
|
38
|
+
assert !@box.eval('true ^ true')
|
39
|
+
assert @box.eval('true & true')
|
40
|
+
assert @box.eval('true && true')
|
41
|
+
assert @box.eval('true and true')
|
42
|
+
assert @box.eval('true | true')
|
43
|
+
assert @box.eval('true || true')
|
44
|
+
assert @box.eval('true or true')
|
45
|
+
assert @box.eval('true == true')
|
46
|
+
assert @box.eval('true != false')
|
47
|
+
end
|
48
|
+
|
18
49
|
def test_should_turn_assigns_to_jails
|
19
50
|
assert_raise_no_method "@article.system", @assigns
|
20
51
|
end
|
metadata
CHANGED
@@ -1,15 +1,9 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: safemode
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
6
|
-
segments:
|
7
|
-
- 1
|
8
|
-
- 0
|
9
|
-
- 1
|
10
|
-
version: 1.0.1
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.2
|
11
5
|
platform: ruby
|
12
|
-
authors:
|
6
|
+
authors:
|
13
7
|
- Sven Fuchs
|
14
8
|
- Peter Cooper
|
15
9
|
- Matthias Viehweger
|
@@ -18,135 +12,128 @@ authors:
|
|
18
12
|
autorequire:
|
19
13
|
bindir: bin
|
20
14
|
cert_chain: []
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
- !ruby/object:Gem::Dependency
|
15
|
+
date: 2012-03-16 00:00:00.000000000 Z
|
16
|
+
dependencies:
|
17
|
+
- !ruby/object:Gem::Dependency
|
25
18
|
name: ruby2ruby
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
- !ruby/object:Gem::Version
|
32
|
-
hash: 3
|
33
|
-
segments:
|
34
|
-
- 0
|
35
|
-
version: "0"
|
19
|
+
requirement: !ruby/object:Gem::Requirement
|
20
|
+
requirements:
|
21
|
+
- - '>='
|
22
|
+
- !ruby/object:Gem::Version
|
23
|
+
version: '0'
|
36
24
|
type: :runtime
|
37
|
-
version_requirements: *id001
|
38
|
-
- !ruby/object:Gem::Dependency
|
39
|
-
name: ruby_parser
|
40
25
|
prerelease: false
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
26
|
+
version_requirements: !ruby/object:Gem::Requirement
|
27
|
+
requirements:
|
28
|
+
- - '>='
|
29
|
+
- !ruby/object:Gem::Version
|
30
|
+
version: '0'
|
31
|
+
- !ruby/object:Gem::Dependency
|
32
|
+
name: ruby_parser
|
33
|
+
requirement: !ruby/object:Gem::Requirement
|
34
|
+
requirements:
|
35
|
+
- - '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
50
38
|
type: :runtime
|
51
|
-
version_requirements: *id002
|
52
|
-
- !ruby/object:Gem::Dependency
|
53
|
-
name: shoulda
|
54
39
|
prerelease: false
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
requirements:
|
42
|
+
- - '>='
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
version: '0'
|
45
|
+
- !ruby/object:Gem::Dependency
|
46
|
+
name: shoulda
|
47
|
+
requirement: !ruby/object:Gem::Requirement
|
48
|
+
requirements:
|
49
|
+
- - '>='
|
50
|
+
- !ruby/object:Gem::Version
|
51
|
+
version: '0'
|
64
52
|
type: :development
|
65
|
-
version_requirements: *id003
|
66
|
-
- !ruby/object:Gem::Dependency
|
67
|
-
name: rdoc
|
68
53
|
prerelease: false
|
69
|
-
|
70
|
-
|
71
|
-
|
54
|
+
version_requirements: !ruby/object:Gem::Requirement
|
55
|
+
requirements:
|
56
|
+
- - '>='
|
57
|
+
- !ruby/object:Gem::Version
|
58
|
+
version: '0'
|
59
|
+
- !ruby/object:Gem::Dependency
|
60
|
+
name: rdoc
|
61
|
+
requirement: !ruby/object:Gem::Requirement
|
62
|
+
requirements:
|
72
63
|
- - ~>
|
73
|
-
- !ruby/object:Gem::Version
|
74
|
-
|
75
|
-
segments:
|
76
|
-
- 3
|
77
|
-
- 12
|
78
|
-
version: "3.12"
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: '3.12'
|
79
66
|
type: :development
|
80
|
-
version_requirements: *id004
|
81
|
-
- !ruby/object:Gem::Dependency
|
82
|
-
name: bundler
|
83
67
|
prerelease: false
|
84
|
-
|
85
|
-
|
86
|
-
requirements:
|
68
|
+
version_requirements: !ruby/object:Gem::Requirement
|
69
|
+
requirements:
|
87
70
|
- - ~>
|
88
|
-
- !ruby/object:Gem::Version
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
71
|
+
- !ruby/object:Gem::Version
|
72
|
+
version: '3.12'
|
73
|
+
- !ruby/object:Gem::Dependency
|
74
|
+
name: bundler
|
75
|
+
requirement: !ruby/object:Gem::Requirement
|
76
|
+
requirements:
|
77
|
+
- - ~>
|
78
|
+
- !ruby/object:Gem::Version
|
94
79
|
version: 1.0.0
|
95
80
|
type: :development
|
96
|
-
version_requirements: *id005
|
97
|
-
- !ruby/object:Gem::Dependency
|
98
|
-
name: jeweler
|
99
81
|
prerelease: false
|
100
|
-
|
101
|
-
|
102
|
-
requirements:
|
82
|
+
version_requirements: !ruby/object:Gem::Requirement
|
83
|
+
requirements:
|
103
84
|
- - ~>
|
104
|
-
- !ruby/object:Gem::Version
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
85
|
+
- !ruby/object:Gem::Version
|
86
|
+
version: 1.0.0
|
87
|
+
- !ruby/object:Gem::Dependency
|
88
|
+
name: jeweler
|
89
|
+
requirement: !ruby/object:Gem::Requirement
|
90
|
+
requirements:
|
91
|
+
- - ~>
|
92
|
+
- !ruby/object:Gem::Version
|
110
93
|
version: 1.8.3
|
111
94
|
type: :development
|
112
|
-
version_requirements: *id006
|
113
|
-
- !ruby/object:Gem::Dependency
|
114
|
-
name: rcov
|
115
95
|
prerelease: false
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
96
|
+
version_requirements: !ruby/object:Gem::Requirement
|
97
|
+
requirements:
|
98
|
+
- - ~>
|
99
|
+
- !ruby/object:Gem::Version
|
100
|
+
version: 1.8.3
|
101
|
+
- !ruby/object:Gem::Dependency
|
102
|
+
name: rcov
|
103
|
+
requirement: !ruby/object:Gem::Requirement
|
104
|
+
requirements:
|
105
|
+
- - '>='
|
106
|
+
- !ruby/object:Gem::Version
|
107
|
+
version: '0'
|
125
108
|
type: :development
|
126
|
-
version_requirements: *id007
|
127
|
-
- !ruby/object:Gem::Dependency
|
128
|
-
name: rake
|
129
109
|
prerelease: false
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
110
|
+
version_requirements: !ruby/object:Gem::Requirement
|
111
|
+
requirements:
|
112
|
+
- - '>='
|
113
|
+
- !ruby/object:Gem::Version
|
114
|
+
version: '0'
|
115
|
+
- !ruby/object:Gem::Dependency
|
116
|
+
name: rake
|
117
|
+
requirement: !ruby/object:Gem::Requirement
|
118
|
+
requirements:
|
119
|
+
- - '>='
|
120
|
+
- !ruby/object:Gem::Version
|
121
|
+
version: '0'
|
139
122
|
type: :development
|
140
|
-
|
141
|
-
|
123
|
+
prerelease: false
|
124
|
+
version_requirements: !ruby/object:Gem::Requirement
|
125
|
+
requirements:
|
126
|
+
- - '>='
|
127
|
+
- !ruby/object:Gem::Version
|
128
|
+
version: '0'
|
129
|
+
description: A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby.
|
130
|
+
Provides Rails ActionView template handlers for ERB and Haml.
|
142
131
|
email: ohadlevy@gmail.com
|
143
132
|
executables: []
|
144
|
-
|
145
133
|
extensions: []
|
146
|
-
|
147
|
-
extra_rdoc_files:
|
134
|
+
extra_rdoc_files:
|
148
135
|
- README.markdown
|
149
|
-
files:
|
136
|
+
files:
|
150
137
|
- Gemfile
|
151
138
|
- Gemfile.lock
|
152
139
|
- LICENCSE
|
@@ -177,37 +164,28 @@ files:
|
|
177
164
|
- test/test_safemode_eval.rb
|
178
165
|
- test/test_safemode_parser.rb
|
179
166
|
homepage: http://github.com/svenfuchs/safemode
|
180
|
-
licenses:
|
167
|
+
licenses:
|
181
168
|
- MIT
|
169
|
+
metadata: {}
|
182
170
|
post_install_message:
|
183
171
|
rdoc_options: []
|
184
|
-
|
185
|
-
require_paths:
|
172
|
+
require_paths:
|
186
173
|
- lib
|
187
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
none: false
|
198
|
-
requirements:
|
199
|
-
- - ">="
|
200
|
-
- !ruby/object:Gem::Version
|
201
|
-
hash: 3
|
202
|
-
segments:
|
203
|
-
- 0
|
204
|
-
version: "0"
|
174
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
175
|
+
requirements:
|
176
|
+
- - '>='
|
177
|
+
- !ruby/object:Gem::Version
|
178
|
+
version: '0'
|
179
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
180
|
+
requirements:
|
181
|
+
- - '>='
|
182
|
+
- !ruby/object:Gem::Version
|
183
|
+
version: '0'
|
205
184
|
requirements: []
|
206
|
-
|
207
185
|
rubyforge_project:
|
208
|
-
rubygems_version:
|
186
|
+
rubygems_version: 2.2.2
|
209
187
|
signing_key:
|
210
188
|
specification_version: 3
|
211
|
-
summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser
|
189
|
+
summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser
|
190
|
+
and Ruby2Ruby
|
212
191
|
test_files: []
|
213
|
-
|