safemode 1.3.2 → 1.3.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b4ce678e79def9e59fdb857730f9c35707658933
4
- data.tar.gz: 4a9a39f6426692470932c93c28430d75feef9279
3
+ metadata.gz: 35ac40de76347be3712cb3b913f62e06fb12fb71
4
+ data.tar.gz: 207cbaf3057279d179e1bdf3aeeca1e949747421
5
5
  SHA512:
6
- metadata.gz: '09455744a65edc92517cb77bc6b203011cddb2fb1f22bf6b504ab617634e681fe1df897474142871081ecf296e2c2d1289f0a535ed52fde8ff17498176b06ad3'
7
- data.tar.gz: 0fdca751f3f5937314ca1903dbf53c8ef1c90644be8868e47a64a33b6e4473dc326a9480aa573196a8470f35b77ce5d5976fe1afa108eb42e1fc1863224326d7
6
+ metadata.gz: 5d580bc14eb3507a046f7e8f613df7512ad2b3608fe119833a54a283938580310bf38f7eabf7324f4f387ee7f58dc4fa746dcd5e477eb704ee8a210a8a0d17fc
7
+ data.tar.gz: e656a646e28efa0529e337956a4824c21cfd6d0549d386af0834c661c65b1636e2ab27d9f229531f7f0af12f75397646936dc1eacb93878b9c6ed80cc404c99f
data/Gemfile CHANGED
@@ -1,7 +1,7 @@
1
1
  source "http://rubygems.org"
2
2
 
3
3
  gem 'sexp_processor', ">= 4.3.0"
4
- gem 'ruby2ruby', ">= 2.0.6"
4
+ gem 'ruby2ruby', ">= 2.4.0"
5
5
  gem "ruby_parser", ">= 3.2.0"
6
6
 
7
7
  # Add dependencies to develop your gem here.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.3.2
1
+ 1.3.3
@@ -2,14 +2,14 @@ module Safemode
2
2
  class Parser < Ruby2Ruby
3
3
  # @@parser = defined?(RubyParser) ? 'RubyParser' : 'ParseTree'
4
4
  @@parser = 'RubyParser'
5
-
5
+
6
6
  class << self
7
7
  def jail(code, allowed_fcalls = [])
8
8
  @@allowed_fcalls = allowed_fcalls
9
9
  tree = parse code
10
10
  self.new.process(tree)
11
11
  end
12
-
12
+
13
13
  def parse(code)
14
14
  case @@parser
15
15
  # when 'ParseTree'
@@ -20,12 +20,12 @@ module Safemode
20
20
  raise "unknown parser #{@@parser}"
21
21
  end
22
22
  end
23
-
23
+
24
24
  def parser=(parser)
25
25
  @@parser = parser
26
26
  end
27
27
  end
28
-
28
+
29
29
  def jail(str, parentheses = false)
30
30
  str = parentheses ? "(#{str})." : "#{str}." if str
31
31
  "#{str}to_jail"
@@ -33,13 +33,14 @@ module Safemode
33
33
 
34
34
  # split up #process_call. see below ...
35
35
  def process_call(exp)
36
+ exp.shift # remove ":call" symbol
36
37
  receiver = jail process_call_receiver(exp)
37
38
  name = exp.shift
38
39
  args = process_call_args(exp)
39
40
 
40
41
  process_call_code(receiver, name, args)
41
42
  end
42
-
43
+
43
44
  def process_fcall(exp)
44
45
  # using haml we probably never arrive here because :lasgn'ed :fcalls
45
46
  # somehow seem to change to :calls somewhere during processing
@@ -107,11 +108,11 @@ module Safemode
107
108
  # use array.each { |item| item.destroy } instead
108
109
  :block_pass ]
109
110
 
110
- # SexpProcessor bails when we overwrite these ... but they are listed as
111
+ # SexpProcessor bails when we overwrite these ... but they are listed as
111
112
  # "internal nodes that you can't get to" in sexp_processor.rb
112
113
  # :ifunc, :method, :last, :opt_n, :cfunc, :newline, :alloca, :memo, :cref
113
-
114
- disallowed.each do |name|
114
+
115
+ disallowed.each do |name|
115
116
  define_method "process_#{name}" do |arg|
116
117
  code = super(arg)
117
118
  raise_security_error(name, code)
@@ -119,30 +120,31 @@ module Safemode
119
120
  end
120
121
 
121
122
  def process_const(arg)
122
- if RUBY_VERSION >= "1.9" && arg.sexp_type == :Encoding
123
+ sexp_type = arg.sexp_body.sexp_type # constants are encoded as: "s(:const, :Encoding)"
124
+ if RUBY_VERSION >= "1.9" && sexp_type == :Encoding
123
125
  # handling of Encoding constants in ruby 1.9.
124
126
  # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8)
125
127
  "#{super(arg).gsub('-', '_')}"
126
- elsif arg.sexp_type == :String
128
+ elsif sexp_type == :String
127
129
  # Allow String.new as used in ERB in Ruby 2.4+ to create a string buffer
128
130
  super(arg).to_s
129
131
  else
130
132
  raise_security_error("constant", super(arg))
131
133
  end
132
134
  end
133
-
135
+
134
136
  def raise_security_error(type, info)
135
137
  raise Safemode::SecurityError.new(type, info)
136
138
  end
137
-
139
+
138
140
  # split up Ruby2Ruby#process_call monster method so we can hook into it
139
141
  # in a more readable manner
140
142
 
141
143
  def process_call_receiver(exp)
142
144
  receiver_node_type = exp.first.nil? ? nil : exp.first.first
143
- receiver = process exp.shift
145
+ receiver = process exp.shift
144
146
  receiver = "(#{receiver})" if
145
- Ruby2Ruby::ASSIGN_NODES.include? receiver_node_type
147
+ Ruby2Ruby::ASSIGN_NODES.include? receiver_node_type
146
148
  receiver
147
149
  end
148
150
 
@@ -178,15 +180,16 @@ module Safemode
178
180
  end
179
181
  end
180
182
  end
181
-
183
+
182
184
  # Ruby2Ruby process_if rewrites if and unless statements in a way that
183
185
  # makes the result unusable for evaluation in, e.g. ERB which appends a
184
- # call to to_s when using <%= %> tags. We'd need to either enclose the
186
+ # call to to_s when using <%= %> tags. We'd need to either enclose the
185
187
  # result from process_if into parentheses like (1 if true) and
186
188
  # (true ? (1) : (2)) or just use the plain if-then-else-end syntax (so
187
189
  # that ERB can safely append to_s to the resulting block).
188
190
 
189
191
  def process_if(exp)
192
+ exp.shift # remove ":if" symbol from exp
190
193
  expand = Ruby2Ruby::ASSIGN_NODES.include? exp.first.first
191
194
  c = process exp.shift
192
195
  t = process exp.shift
@@ -216,6 +219,6 @@ module Safemode
216
219
  # end
217
220
  "unless #{c} then\n#{indent(f)}\nend"
218
221
  end
219
- end
220
- end
222
+ end
223
+ end
221
224
  end
@@ -2,18 +2,18 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: safemode 1.3.2 ruby lib
5
+ # stub: safemode 1.3.3 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
- s.name = "safemode".freeze
9
- s.version = "1.3.2"
8
+ s.name = "safemode"
9
+ s.version = "1.3.3"
10
10
 
11
- s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
12
- s.require_paths = ["lib".freeze]
13
- s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
14
- s.date = "2017-07-11"
15
- s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
16
- s.email = "ohadlevy@gmail.com".freeze
11
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
+ s.require_paths = ["lib"]
13
+ s.authors = ["Sven Fuchs", "Peter Cooper", "Matthias Viehweger", "Kingsley Hendrickse", "Ohad Levy", "Dmitri Dolguikh"]
14
+ s.date = "2018-01-16"
15
+ s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
16
+ s.email = "ohadlevy@gmail.com"
17
17
  s.extra_rdoc_files = [
18
18
  "README.markdown"
19
19
  ]
@@ -47,48 +47,48 @@ Gem::Specification.new do |s|
47
47
  "test/test_safemode_eval.rb",
48
48
  "test/test_safemode_parser.rb"
49
49
  ]
50
- s.homepage = "http://github.com/svenfuchs/safemode".freeze
51
- s.licenses = ["MIT".freeze]
52
- s.rubygems_version = "2.6.8".freeze
53
- s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
50
+ s.homepage = "http://github.com/svenfuchs/safemode"
51
+ s.licenses = ["MIT"]
52
+ s.rubygems_version = "2.5.1"
53
+ s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
54
54
 
55
55
  if s.respond_to? :specification_version then
56
56
  s.specification_version = 4
57
57
 
58
58
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
59
- s.add_runtime_dependency(%q<sexp_processor>.freeze, [">= 4.3.0"])
60
- s.add_runtime_dependency(%q<ruby2ruby>.freeze, [">= 2.0.6"])
61
- s.add_runtime_dependency(%q<ruby_parser>.freeze, [">= 3.2.0"])
62
- s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
63
- s.add_development_dependency(%q<bundler>.freeze, ["~> 1.0"])
64
- s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
65
- s.add_development_dependency(%q<rcov>.freeze, [">= 0"])
66
- s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
67
- s.add_development_dependency(%q<test-unit>.freeze, [">= 0"])
68
- s.add_development_dependency(%q<rake>.freeze, [">= 0"])
59
+ s.add_runtime_dependency(%q<sexp_processor>, [">= 4.3.0"])
60
+ s.add_runtime_dependency(%q<ruby2ruby>, [">= 2.4.0"])
61
+ s.add_runtime_dependency(%q<ruby_parser>, [">= 3.2.0"])
62
+ s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
63
+ s.add_development_dependency(%q<bundler>, ["~> 1.0"])
64
+ s.add_development_dependency(%q<jeweler>, [">= 0"])
65
+ s.add_development_dependency(%q<rcov>, [">= 0"])
66
+ s.add_development_dependency(%q<simplecov>, [">= 0"])
67
+ s.add_development_dependency(%q<test-unit>, [">= 0"])
68
+ s.add_development_dependency(%q<rake>, [">= 0"])
69
69
  else
70
- s.add_dependency(%q<sexp_processor>.freeze, [">= 4.3.0"])
71
- s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.0.6"])
72
- s.add_dependency(%q<ruby_parser>.freeze, [">= 3.2.0"])
73
- s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
74
- s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
75
- s.add_dependency(%q<jeweler>.freeze, [">= 0"])
76
- s.add_dependency(%q<rcov>.freeze, [">= 0"])
77
- s.add_dependency(%q<simplecov>.freeze, [">= 0"])
78
- s.add_dependency(%q<test-unit>.freeze, [">= 0"])
79
- s.add_dependency(%q<rake>.freeze, [">= 0"])
70
+ s.add_dependency(%q<sexp_processor>, [">= 4.3.0"])
71
+ s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
72
+ s.add_dependency(%q<ruby_parser>, [">= 3.2.0"])
73
+ s.add_dependency(%q<rdoc>, ["~> 3.12"])
74
+ s.add_dependency(%q<bundler>, ["~> 1.0"])
75
+ s.add_dependency(%q<jeweler>, [">= 0"])
76
+ s.add_dependency(%q<rcov>, [">= 0"])
77
+ s.add_dependency(%q<simplecov>, [">= 0"])
78
+ s.add_dependency(%q<test-unit>, [">= 0"])
79
+ s.add_dependency(%q<rake>, [">= 0"])
80
80
  end
81
81
  else
82
- s.add_dependency(%q<sexp_processor>.freeze, [">= 4.3.0"])
83
- s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.0.6"])
84
- s.add_dependency(%q<ruby_parser>.freeze, [">= 3.2.0"])
85
- s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
86
- s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
87
- s.add_dependency(%q<jeweler>.freeze, [">= 0"])
88
- s.add_dependency(%q<rcov>.freeze, [">= 0"])
89
- s.add_dependency(%q<simplecov>.freeze, [">= 0"])
90
- s.add_dependency(%q<test-unit>.freeze, [">= 0"])
91
- s.add_dependency(%q<rake>.freeze, [">= 0"])
82
+ s.add_dependency(%q<sexp_processor>, [">= 4.3.0"])
83
+ s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
84
+ s.add_dependency(%q<ruby_parser>, [">= 3.2.0"])
85
+ s.add_dependency(%q<rdoc>, ["~> 3.12"])
86
+ s.add_dependency(%q<bundler>, ["~> 1.0"])
87
+ s.add_dependency(%q<jeweler>, [">= 0"])
88
+ s.add_dependency(%q<rcov>, [">= 0"])
89
+ s.add_dependency(%q<simplecov>, [">= 0"])
90
+ s.add_dependency(%q<test-unit>, [">= 0"])
91
+ s.add_dependency(%q<rake>, [">= 0"])
92
92
  end
93
93
  end
94
94
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safemode
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.2
4
+ version: 1.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sven Fuchs
@@ -13,7 +13,7 @@ authors:
13
13
  autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
- date: 2017-07-11 00:00:00.000000000 Z
16
+ date: 2018-01-16 00:00:00.000000000 Z
17
17
  dependencies:
18
18
  - !ruby/object:Gem::Dependency
19
19
  name: sexp_processor
@@ -35,14 +35,14 @@ dependencies:
35
35
  requirements:
36
36
  - - ">="
37
37
  - !ruby/object:Gem::Version
38
- version: 2.0.6
38
+ version: 2.4.0
39
39
  type: :runtime
40
40
  prerelease: false
41
41
  version_requirements: !ruby/object:Gem::Requirement
42
42
  requirements:
43
43
  - - ">="
44
44
  - !ruby/object:Gem::Version
45
- version: 2.0.6
45
+ version: 2.4.0
46
46
  - !ruby/object:Gem::Dependency
47
47
  name: ruby_parser
48
48
  requirement: !ruby/object:Gem::Requirement
@@ -211,7 +211,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
211
211
  version: '0'
212
212
  requirements: []
213
213
  rubyforge_project:
214
- rubygems_version: 2.6.8
214
+ rubygems_version: 2.5.1
215
215
  signing_key:
216
216
  specification_version: 4
217
217
  summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser