RubyGems - safemode - Versions diffs - 1.2.5 → 1.3.1 - Mend

safemode 1.2.5 → 1.3.1

Potentially problematic release.

This version of safemode might be problematic. Click here for more details.

Files changed (15) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 71d47316c0964ecb6c46a879b7e348900b470379
-  data.tar.gz: ea7edb0f09d0baf698327922a05af200c8cde4e9
+  metadata.gz: 7a2ae334b96360e57f06053963af98bb3565e1d1
+  data.tar.gz: 4ad12d5c492b17595d6dda6aa8caec4ca154f03f
 SHA512:
-  metadata.gz: 531343b58e8f5342b52a06a1c58fa305e2f08d8ea2ffc739953f5be812c63a558bbdd3b9c84a6ab5f002a3138ba1c0285884b4e344883461dc1159f03a144cd0
-  data.tar.gz: aa7bc3cd29b7f3fbede2747cebfc1e35e949acbef5efb9a79e689c8643ff8d2797d2a15c42ffcd88dcec99649191ea483abc6102b13ed8b8086c15512aabdaa4
+  metadata.gz: '0942dbc88ee4246dc414c598555822b58b5ba18f6b7471edcb3e583ed1e42c442b3b0724a927d4150ea705b9eb95f7f33cd947074f83f2326dfecaabc65d880a'
+  data.tar.gz: 9338694a4120ca2190e4dcf6151d2cf8822b155fc887396ae63e0671734075ba325cad4c5a38a44cc7b98540fa0b37ea28b611aed76be50e6d216c5a4a4f7cec

data/Gemfile CHANGED Viewed

@@ -12,7 +12,7 @@ group :development do
   gem "bundler", "~> 1.0"
   gem "jeweler", ">= 0"
   gem "rcov", :platforms => :ruby_18
-  gem "simplecov", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23]
-  gem "test-unit", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23]
+  gem "simplecov", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23, :ruby_24]
+  gem "test-unit", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23, :ruby_24]
   gem "rake"
 end

data/README.markdown CHANGED Viewed

@@ -45,6 +45,10 @@ can do that by defining a Safemode::Jail class for your classes, like so:
 This will allow your template users to access the name method on your User
 objects.
+Class methods can be whitelisted by calling `allow_class_method :foo` from
+within the Jail. Note that access to raw constants is not permitted, so the
+class is only accessible when returned by a method or passed into a template.
 For more details about the concepts behind Safemode please refer to the
 following blog posts until a more comprehensive writeup is available:

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.2.5
1	+ 1.3.1

data/lib/safemode.rb CHANGED Viewed

@@ -24,7 +24,7 @@ require 'safemode/scope'
 module Safemode
   class << self
     def jail(obj)
-      find_jail_class(obj.class).new obj
+      find_jail_class(obj.is_a?(Class) ? obj : obj.class).new obj
     end
     def find_jail_class(klass)

data/lib/safemode/blankslate.rb CHANGED Viewed

@@ -10,24 +10,41 @@ module Safemode
       def method_added(name) end # ActiveSupport needs this
       def inherited(subclass)
-        subclass.init_allowed_methods(@allowed_methods)
+        subclass.init_allowed_methods(@allowed_instance_methods, @allowed_class_methods)
       end
-      def init_allowed_methods(allowed_methods)
-        @allowed_methods = allowed_methods
+      def init_allowed_methods(allowed_instance_methods, allowed_class_methods)
+        @allowed_instance_methods = allowed_instance_methods
+        @allowed_class_methods = allowed_class_methods
       end
-      def allowed_methods
-        @allowed_methods ||= []
+      def allowed_instance_methods
+        @allowed_instance_methods ||= []
       end
+      alias_method :allowed_methods, :allowed_instance_methods
-      def allow(*names)
-        @allowed_methods = allowed_methods + names.map{|name| name.to_s}
-        @allowed_methods.uniq!
+      def allowed_class_methods
+        @allowed_class_methods ||= []
       end
-      def allowed?(name)
-        allowed_methods.include? name.to_s
+      def allow_instance_method(*names)
+        @allowed_instance_methods = allowed_instance_methods + names.map{|name| name.to_s}
+        @allowed_instance_methods.uniq!
+      end
+      alias_method :allow, :allow_instance_method
+      def allow_class_method(*names)
+        @allowed_class_methods = allowed_class_methods + names.map{|name| name.to_s}
+        @allowed_class_methods.uniq!
+      end
+      def allowed_instance_method?(name)
+        allowed_instance_methods.include? name.to_s
+      end
+      alias_method :allowed?, :allowed_instance_method?
+      def allowed_class_method?(name)
+        allowed_class_methods.include? name.to_s
       end
     end
   end

data/lib/safemode/core_jails.rb CHANGED Viewed

@@ -2,7 +2,10 @@ module Safemode
   class << self
     def define_core_jail_classes
       core_classes.each do |klass|
-        define_jail_class(klass).allow *core_jail_methods(klass).uniq
+        jail = define_jail_class(klass)
+        jail.allow_instance_method *core_jail_methods(klass).uniq
+        jail.allow_class_method *core_jail_class_methods(klass).uniq
+        jail
       end
     end
@@ -14,14 +17,24 @@ module Safemode
     end
     def core_classes
-      klasses = [ Array, Bignum, Fixnum, Float, Hash, Range, String, Symbol, Time, NilClass, FalseClass, TrueClass ]
+      klasses = [ Array, Float, Hash, Range, String, Symbol, Time, NilClass, FalseClass, TrueClass ]
       klasses << Date if defined? Date
       klasses << DateTime if defined? DateTime
+      if RUBY_VERSION >= '2.4.0'
+        klasses << Integer
+      else
+        klasses << Bignum
+        klasses << Fixnum
+      end
       klasses
     end
     def core_jail_methods(klass)
-      @@methods_whitelist[klass.name] + (@@default_methods & klass.instance_methods.map(&:to_s))
+      @@methods_whitelist.fetch(klass.name, []) + (@@default_methods & klass.instance_methods.map(&:to_s))
+    end
+    def core_jail_class_methods(klass)
+      @@class_methods_whitelist.fetch(klass.name, []) + (@@default_class_methods & klass.methods.map(&:to_s))
     end
   end
@@ -109,4 +122,12 @@ module Safemode
     'TrueClass'  => %w(blank? duplicable? present?)
   }
+  # these class methods are allowed on all classes if they are present
+  @@default_class_methods = %w(name to_jail to_s)
+  # whitelisted class methods for core classes
+  @@class_methods_whitelist = {
+    'String' => %w(new)
+  }
 end

data/lib/safemode/jail.rb CHANGED Viewed

@@ -13,8 +13,14 @@ module Safemode
     end
     def method_missing(method, *args, &block)
-      unless self.class.allowed?(method)
-        raise Safemode::NoMethodError.new(method, self.class.name, @source.class.name)
+      if @source.is_a?(Class)
+        unless self.class.allowed_class_method?(method)
+          raise Safemode::NoMethodError.new(".#{method}", self.class.name, @source.name)
+        end
+      else
+        unless self.class.allowed_instance_method?(method)
+          raise Safemode::NoMethodError.new("##{method}", self.class.name, @source.class.name)
+        end
       end
       # As every call to an object in the eval'ed string will be jailed by the
@@ -31,7 +37,7 @@ module Safemode
     end
     def respond_to_missing?(method_name, include_private = false)
-      self.class.allowed?(method_name)
+      self.class.allowed_instance_method?(method_name)
     end
   end
-end
+end

data/lib/safemode/parser.rb CHANGED Viewed

@@ -114,11 +114,17 @@ module Safemode
       end
     end
-    # handling of Encoding constants in ruby 1.9.
-    # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8)
     def process_const(arg)
-      raise_security_error("constant", super(arg)) unless (RUBY_VERSION >= "1.9" and arg.sexp_type == :Encoding)
-      "#{super(arg).gsub('-', '_')}"
+      if RUBY_VERSION >= "1.9" && arg.sexp_type == :Encoding
+        # handling of Encoding constants in ruby 1.9.
+        # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8)
+        "#{super(arg).gsub('-', '_')}"
+      elsif arg.sexp_type == :String
+        # Allow String.new as used in ERB in Ruby 2.4+ to create a string buffer
+        super(arg).to_s
+      else
+        raise_security_error("constant", super(arg))
+      end
     end
     def raise_security_error(type, info)

data/safemode.gemspec CHANGED Viewed

@@ -2,18 +2,18 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: safemode 1.2.5 ruby lib
+# stub: safemode 1.3.1 ruby lib
 Gem::Specification.new do |s|
-  s.name = "safemode"
-  s.version = "1.2.5"
+  s.name = "safemode".freeze
+  s.version = "1.3.1"
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib"]
-  s.authors = ["Sven Fuchs", "Peter Cooper", "Matthias Viehweger", "Kingsley Hendrickse", "Ohad Levy", "Dmitri Dolguikh"]
-  s.date = "2017-01-24"
-  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
-  s.email = "ohadlevy@gmail.com"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
+  s.date = "2017-02-13"
+  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
+  s.email = "ohadlevy@gmail.com".freeze
   s.extra_rdoc_files = [
     "README.markdown"
   ]
@@ -46,51 +46,51 @@ Gem::Specification.new do |s|
     "test/test_safemode_eval.rb",
     "test/test_safemode_parser.rb"
   ]
-  s.homepage = "http://github.com/svenfuchs/safemode"
-  s.licenses = ["MIT"]
-  s.rubygems_version = "2.5.1"
-  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
+  s.homepage = "http://github.com/svenfuchs/safemode".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "2.6.10".freeze
+  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
   if s.respond_to? :specification_version then
     s.specification_version = 4
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<sexp_processor>, [">= 4.3.0"])
-      s.add_runtime_dependency(%q<ruby2ruby>, [">= 2.0.6"])
-      s.add_runtime_dependency(%q<ruby_parser>, [">= 3.2.0"])
-      s.add_development_dependency(%q<shoulda>, [">= 0"])
-      s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
-      s.add_development_dependency(%q<bundler>, ["~> 1.0"])
-      s.add_development_dependency(%q<jeweler>, [">= 0"])
-      s.add_development_dependency(%q<rcov>, [">= 0"])
-      s.add_development_dependency(%q<simplecov>, [">= 0"])
-      s.add_development_dependency(%q<test-unit>, [">= 0"])
-      s.add_development_dependency(%q<rake>, [">= 0"])
+      s.add_runtime_dependency(%q<sexp_processor>.freeze, [">= 4.3.0"])
+      s.add_runtime_dependency(%q<ruby2ruby>.freeze, [">= 2.0.6"])
+      s.add_runtime_dependency(%q<ruby_parser>.freeze, [">= 3.2.0"])
+      s.add_development_dependency(%q<shoulda>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
+      s.add_development_dependency(%q<bundler>.freeze, ["~> 1.0"])
+      s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rcov>.freeze, [">= 0"])
+      s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
+      s.add_development_dependency(%q<test-unit>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rake>.freeze, [">= 0"])
     else
-      s.add_dependency(%q<sexp_processor>, [">= 4.3.0"])
-      s.add_dependency(%q<ruby2ruby>, [">= 2.0.6"])
-      s.add_dependency(%q<ruby_parser>, [">= 3.2.0"])
-      s.add_dependency(%q<shoulda>, [">= 0"])
-      s.add_dependency(%q<rdoc>, ["~> 3.12"])
-      s.add_dependency(%q<bundler>, ["~> 1.0"])
-      s.add_dependency(%q<jeweler>, [">= 0"])
-      s.add_dependency(%q<rcov>, [">= 0"])
-      s.add_dependency(%q<simplecov>, [">= 0"])
-      s.add_dependency(%q<test-unit>, [">= 0"])
-      s.add_dependency(%q<rake>, [">= 0"])
+      s.add_dependency(%q<sexp_processor>.freeze, [">= 4.3.0"])
+      s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.0.6"])
+      s.add_dependency(%q<ruby_parser>.freeze, [">= 3.2.0"])
+      s.add_dependency(%q<shoulda>.freeze, [">= 0"])
+      s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
+      s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
+      s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_dependency(%q<rcov>.freeze, [">= 0"])
+      s.add_dependency(%q<simplecov>.freeze, [">= 0"])
+      s.add_dependency(%q<test-unit>.freeze, [">= 0"])
+      s.add_dependency(%q<rake>.freeze, [">= 0"])
     end
   else
-    s.add_dependency(%q<sexp_processor>, [">= 4.3.0"])
-    s.add_dependency(%q<ruby2ruby>, [">= 2.0.6"])
-    s.add_dependency(%q<ruby_parser>, [">= 3.2.0"])
-    s.add_dependency(%q<shoulda>, [">= 0"])
-    s.add_dependency(%q<rdoc>, ["~> 3.12"])
-    s.add_dependency(%q<bundler>, ["~> 1.0"])
-    s.add_dependency(%q<jeweler>, [">= 0"])
-    s.add_dependency(%q<rcov>, [">= 0"])
-    s.add_dependency(%q<simplecov>, [">= 0"])
-    s.add_dependency(%q<test-unit>, [">= 0"])
-    s.add_dependency(%q<rake>, [">= 0"])
+    s.add_dependency(%q<sexp_processor>.freeze, [">= 4.3.0"])
+    s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.0.6"])
+    s.add_dependency(%q<ruby_parser>.freeze, [">= 3.2.0"])
+    s.add_dependency(%q<shoulda>.freeze, [">= 0"])
+    s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
+    s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
+    s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+    s.add_dependency(%q<rcov>.freeze, [">= 0"])
+    s.add_dependency(%q<simplecov>.freeze, [">= 0"])
+    s.add_dependency(%q<test-unit>.freeze, [">= 0"])
+    s.add_dependency(%q<rake>.freeze, [">= 0"])
   end
 end

data/test/test_erb_eval.rb CHANGED Viewed

@@ -13,7 +13,7 @@ class TestERBEval < Test::Unit::TestCase
   def test_some_stuff_that_should_work
     ['"test".upcase', '10.succ', '10.times{}', '[1,2,3].each{|a| a + 1}',
       'true ? 1 : 0', 'a = 1', 'unless "a" == "b"; "false"; end',
-      'if "a" != "b"; "true"; end'].each do |code|
+      'if "a" != "b"; "true"; end', 'String.new'].each do |code|
       code = ERB.new("<%= #{code} %>").src
       assert_nothing_raised{ @box.eval code }
     end
@@ -61,7 +61,7 @@ class TestERBEval < Test::Unit::TestCase
     call.gsub!('"', '\\\\"')
     class_eval %Q(
       def test_calling_#{call.gsub(/[\W]/, '_')}_should_raise_no_method
-        assert_raise_no_method "#{call}"
+        assert_raise_no_method "#{call}", @assigns, @locals
       end
     )
   end
@@ -70,7 +70,7 @@ class TestERBEval < Test::Unit::TestCase
     call.gsub!('"', '\\\\"')
     class_eval %Q(
       def test_calling_#{call.gsub(/[\W]/, '_')}_should_raise_security
-        assert_raise_security "#{call}"
+        assert_raise_security "#{call}", @assigns, @locals
       end
     )
   end

data/test/test_helper.rb CHANGED Viewed

@@ -17,7 +17,10 @@ module TestHelper
         'true.eval("a = 1")',
         'false.eval("a = 1")',
         '@article.is_article?.eval("a = 1")',
-        '@article.comments.map{|c| c.eval("a = 1")}' ]
+        '@article.comments.map{|c| c.eval("a = 1")}',
+        '@article.comment_class.destroy_all',
+        '@article.comment_class.new',
+        'String.instance_variable_set :@a, :a' ]
     end
     def security_error_raising_calls
@@ -62,7 +65,8 @@ module TestHelper
         "sleep", "sleep(0)",
         "test(1, a, b)",
         "Signal.trap(0, proc { puts 'Terminating: #{$$}' })",
-        "warn 'warning'" ]
+        "warn 'warning'",
+        'Array.new' ]
     end
   end
@@ -102,6 +106,10 @@ class Article
     [Comment.new(self), Comment.new(self)]
   end
+  def comment_class
+    Comment
+  end
   def method_missing(method, *args, &block)
     super(method, *args, &block)
   end
@@ -121,10 +129,22 @@ class Comment
   def to_jail
     Comment::Jail.new self
   end
+  def self.to_jail
+    Comment::Jail.new self
+  end
+  def self.all(article)
+    [Comment.new(article), Comment.new(article)]
+  end
+  def self.destroy_all
+    raise 'Destroyed all comments'
+  end
 end
 class Article::Jail < Safemode::Jail
-  allow :title, :comments, :is_article?
+  allow :title, :comments, :is_article?, :comment_class
   def author_name
     "this article's author name"
@@ -136,4 +156,5 @@ end
 class Comment::Jail < Safemode::Jail
   allow :article, :text
+  allow_class_method :all
 end

data/test/test_jail.rb CHANGED Viewed

@@ -4,12 +4,17 @@ class TestJail < Test::Unit::TestCase
   def setup
     @article = Article.new.to_jail
     @comment = @article.comments.first
+    @comment_class = Comment.to_jail
   end
-  def test_explicitly_allowed_methods_should_be_accessible
+  def test_explicitly_allowed_instance_methods_should_be_accessible
     assert_nothing_raised { @article.title }
   end
+  def test_explicitly_allowed_class_methods_should_be_accessible
+    assert_nothing_raised { @comment_class.all(1) }
+  end
   def test_jail_instance_methods_should_be_accessible
     assert_nothing_raised { @article.author_name }
   end
@@ -29,6 +34,8 @@ class TestJail < Test::Unit::TestCase
   def test_jail_classes_should_have_limited_methods
     expected = ["new", "methods", "name", "inherited", "method_added",
                 "allow", "allowed?", "allowed_methods", "init_allowed_methods",
+                "allow_instance_method", "allow_class_method", "allowed_instance_method?",
+                "allowed_class_method?", "allowed_instance_methods", "allowed_class_methods",
                 "<", # < needed in Rails Object#subclasses_of
                 "ancestors", "==" # ancestors and == needed in Rails::Generator::Spec#lookup_class
                ]
@@ -49,7 +56,7 @@ class TestJail < Test::Unit::TestCase
   private
   def objects
-    [[], {}, 1..2, "a", :a, Time.now, 1, 1.0, nil, false, true]
+    [[], {}, 1..2, "a", :a, Time.now, 1, 1.0, nil, false, true, Comment]
   end
   def reject_pretty_methods(methods)

data/test/test_safemode_eval.rb CHANGED Viewed

@@ -12,7 +12,7 @@ class TestSafemodeEval < Test::Unit::TestCase
   def test_some_stuff_that_should_work
     ['"test".upcase', '10.succ', '10.times{}', '[1,2,3].each{|a| a + 1}',
      'true ? 1 : 0', 'a = 1', 'if "a" != "b"; "true"; end',
-     'if "a" == "b"; "true"; end'].each do |code|
+     'if "a" == "b"; "true"; end', 'String.new'].each do |code|
       assert_nothing_raised{ @box.eval code }
     end
   end
@@ -88,7 +88,7 @@ class TestSafemodeEval < Test::Unit::TestCase
     call.gsub!('"', '\\\\"')
     class_eval %Q(
       def test_calling_#{call.gsub(/[\W]/, '_')}_should_raise_no_method
-        assert_raise_no_method "#{call}"
+        assert_raise_no_method "#{call}", @assigns, @locals
       end
     )
   end
@@ -97,9 +97,9 @@ class TestSafemodeEval < Test::Unit::TestCase
     call.gsub!('"', '\\\\"')
     class_eval %Q(
       def test_calling_#{call.gsub(/[\W]/, '_')}_should_raise_security
-        assert_raise_security "#{call}"
+        assert_raise_security "#{call}", @assigns, @locals
       end
     )
   end
-end
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safemode
 version: !ruby/object:Gem::Version
-  version: 1.2.5
+  version: 1.3.1
 platform: ruby
 authors:
 - Sven Fuchs
@@ -13,7 +13,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-24 00:00:00.000000000 Z
+date: 2017-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sexp_processor
@@ -224,7 +224,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.6.10
 signing_key:
 specification_version: 4
 summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser