safemode 1.3.2 → 1.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b4ce678e79def9e59fdb857730f9c35707658933
-  data.tar.gz: 4a9a39f6426692470932c93c28430d75feef9279
+  metadata.gz: 35ac40de76347be3712cb3b913f62e06fb12fb71
+  data.tar.gz: 207cbaf3057279d179e1bdf3aeeca1e949747421
 SHA512:
-  metadata.gz: '09455744a65edc92517cb77bc6b203011cddb2fb1f22bf6b504ab617634e681fe1df897474142871081ecf296e2c2d1289f0a535ed52fde8ff17498176b06ad3'
-  data.tar.gz: 0fdca751f3f5937314ca1903dbf53c8ef1c90644be8868e47a64a33b6e4473dc326a9480aa573196a8470f35b77ce5d5976fe1afa108eb42e1fc1863224326d7
+  metadata.gz: 5d580bc14eb3507a046f7e8f613df7512ad2b3608fe119833a54a283938580310bf38f7eabf7324f4f387ee7f58dc4fa746dcd5e477eb704ee8a210a8a0d17fc
+  data.tar.gz: e656a646e28efa0529e337956a4824c21cfd6d0549d386af0834c661c65b1636e2ab27d9f229531f7f0af12f75397646936dc1eacb93878b9c6ed80cc404c99f

data/Gemfile

@@ -1,7 +1,7 @@
 source "http://rubygems.org"
 
 gem 'sexp_processor', ">= 4.3.0"
-gem 'ruby2ruby', ">= 2.0.6"
+gem 'ruby2ruby', ">= 2.4.0"
 gem "ruby_parser", ">= 3.2.0"
 
 # Add dependencies to develop your gem here.

data/VERSION

@@ -1 +1 @@
-1.3.2
+1.3.3

data/lib/safemode/parser.rb

@@ -2,14 +2,14 @@ module Safemode
   class Parser < Ruby2Ruby
     # @@parser = defined?(RubyParser) ? 'RubyParser' : 'ParseTree'
     @@parser = 'RubyParser'
-    
+
     class << self
       def jail(code, allowed_fcalls = [])
         @@allowed_fcalls = allowed_fcalls
         tree = parse code
         self.new.process(tree)
       end
-      
+
       def parse(code)
         case @@parser
         # when 'ParseTree'
@@ -20,12 +20,12 @@ module Safemode
           raise "unknown parser #{@@parser}"
         end
       end
-      
+
       def parser=(parser)
         @@parser = parser
       end
     end
-    
+
     def jail(str, parentheses = false)
       str = parentheses ? "(#{str})." : "#{str}." if str
       "#{str}to_jail"
@@ -33,13 +33,14 @@ module Safemode
 
     # split up #process_call. see below ...
     def process_call(exp)
+      exp.shift # remove ":call" symbol
       receiver = jail process_call_receiver(exp)
       name = exp.shift
       args = process_call_args(exp)
 
       process_call_code(receiver, name, args)
     end
-    
+
     def process_fcall(exp)
       # using haml we probably never arrive here because :lasgn'ed :fcalls
       # somehow seem to change to :calls somewhere during processing
@@ -107,11 +108,11 @@ module Safemode
                    # use array.each { |item| item.destroy } instead
                    :block_pass ]
 
-    # SexpProcessor bails when we overwrite these ... but they are listed as 
+    # SexpProcessor bails when we overwrite these ... but they are listed as
     # "internal nodes that you can't get to" in sexp_processor.rb
     # :ifunc, :method, :last, :opt_n, :cfunc, :newline, :alloca, :memo, :cref
-                   
-    disallowed.each do |name| 
+
+    disallowed.each do |name|
       define_method "process_#{name}" do |arg|
         code = super(arg)
         raise_security_error(name, code)
@@ -119,30 +120,31 @@ module Safemode
     end
 
     def process_const(arg)
-      if RUBY_VERSION >= "1.9" && arg.sexp_type == :Encoding
+      sexp_type = arg.sexp_body.sexp_type # constants are encoded as: "s(:const, :Encoding)"
+      if RUBY_VERSION >= "1.9" && sexp_type == :Encoding
         # handling of Encoding constants in ruby 1.9.
         # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8)
         "#{super(arg).gsub('-', '_')}"
-      elsif arg.sexp_type == :String
+      elsif sexp_type == :String
         # Allow String.new as used in ERB in Ruby 2.4+ to create a string buffer
         super(arg).to_s
       else
         raise_security_error("constant", super(arg))
       end
     end
-    
+
     def raise_security_error(type, info)
       raise Safemode::SecurityError.new(type, info)
     end
-    
+
     # split up Ruby2Ruby#process_call monster method so we can hook into it
     # in a more readable manner
 
     def process_call_receiver(exp)
       receiver_node_type = exp.first.nil? ? nil : exp.first.first
-      receiver = process exp.shift        
+      receiver = process exp.shift
       receiver = "(#{receiver})" if
-        Ruby2Ruby::ASSIGN_NODES.include? receiver_node_type            
+        Ruby2Ruby::ASSIGN_NODES.include? receiver_node_type
       receiver
     end
 
@@ -178,15 +180,16 @@ module Safemode
         end
       end
     end
-    
+
     # Ruby2Ruby process_if rewrites if and unless statements in a way that
     # makes the result unusable for evaluation in, e.g. ERB which appends a
-    # call to to_s when using <%= %> tags. We'd need to either enclose the 
+    # call to to_s when using <%= %> tags. We'd need to either enclose the
     # result from process_if into parentheses like (1 if true) and
     # (true ? (1) : (2)) or just use the plain if-then-else-end syntax (so
     # that ERB can safely append to_s to the resulting block).
 
     def process_if(exp)
+      exp.shift # remove ":if" symbol from exp
       expand = Ruby2Ruby::ASSIGN_NODES.include? exp.first.first
       c = process exp.shift
       t = process exp.shift
@@ -216,6 +219,6 @@ module Safemode
         # end
         "unless #{c} then\n#{indent(f)}\nend"
       end
-    end    
-  end                        
+    end
+  end
 end

data/safemode.gemspec

@@ -2,18 +2,18 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: safemode 1.3.2 ruby lib
+# stub: safemode 1.3.3 ruby lib
 
 Gem::Specification.new do |s|
-  s.name = "safemode".freeze
-  s.version = "1.3.2"
+  s.name = "safemode"
+  s.version = "1.3.3"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib".freeze]
-  s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
-  s.date = "2017-07-11"
-  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
-  s.email = "ohadlevy@gmail.com".freeze
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
+  s.authors = ["Sven Fuchs", "Peter Cooper", "Matthias Viehweger", "Kingsley Hendrickse", "Ohad Levy", "Dmitri Dolguikh"]
+  s.date = "2018-01-16"
+  s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
+  s.email = "ohadlevy@gmail.com"
   s.extra_rdoc_files = [
     "README.markdown"
   ]
@@ -47,48 +47,48 @@ Gem::Specification.new do |s|
     "test/test_safemode_eval.rb",
     "test/test_safemode_parser.rb"
   ]
-  s.homepage = "http://github.com/svenfuchs/safemode".freeze
-  s.licenses = ["MIT".freeze]
-  s.rubygems_version = "2.6.8".freeze
-  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
+  s.homepage = "http://github.com/svenfuchs/safemode"
+  s.licenses = ["MIT"]
+  s.rubygems_version = "2.5.1"
+  s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
 
   if s.respond_to? :specification_version then
     s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<sexp_processor>.freeze, [">= 4.3.0"])
-      s.add_runtime_dependency(%q<ruby2ruby>.freeze, [">= 2.0.6"])
-      s.add_runtime_dependency(%q<ruby_parser>.freeze, [">= 3.2.0"])
-      s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
-      s.add_development_dependency(%q<bundler>.freeze, ["~> 1.0"])
-      s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
-      s.add_development_dependency(%q<rcov>.freeze, [">= 0"])
-      s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
-      s.add_development_dependency(%q<test-unit>.freeze, [">= 0"])
-      s.add_development_dependency(%q<rake>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<sexp_processor>, [">= 4.3.0"])
+      s.add_runtime_dependency(%q<ruby2ruby>, [">= 2.4.0"])
+      s.add_runtime_dependency(%q<ruby_parser>, [">= 3.2.0"])
+      s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_development_dependency(%q<jeweler>, [">= 0"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+      s.add_development_dependency(%q<simplecov>, [">= 0"])
+      s.add_development_dependency(%q<test-unit>, [">= 0"])
+      s.add_development_dependency(%q<rake>, [">= 0"])
     else
-      s.add_dependency(%q<sexp_processor>.freeze, [">= 4.3.0"])
-      s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.0.6"])
-      s.add_dependency(%q<ruby_parser>.freeze, [">= 3.2.0"])
-      s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
-      s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
-      s.add_dependency(%q<jeweler>.freeze, [">= 0"])
-      s.add_dependency(%q<rcov>.freeze, [">= 0"])
-      s.add_dependency(%q<simplecov>.freeze, [">= 0"])
-      s.add_dependency(%q<test-unit>.freeze, [">= 0"])
-      s.add_dependency(%q<rake>.freeze, [">= 0"])
+      s.add_dependency(%q<sexp_processor>, [">= 4.3.0"])
+      s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
+      s.add_dependency(%q<ruby_parser>, [">= 3.2.0"])
+      s.add_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_dependency(%q<jeweler>, [">= 0"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+      s.add_dependency(%q<simplecov>, [">= 0"])
+      s.add_dependency(%q<test-unit>, [">= 0"])
+      s.add_dependency(%q<rake>, [">= 0"])
     end
   else
-    s.add_dependency(%q<sexp_processor>.freeze, [">= 4.3.0"])
-    s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.0.6"])
-    s.add_dependency(%q<ruby_parser>.freeze, [">= 3.2.0"])
-    s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
-    s.add_dependency(%q<bundler>.freeze, ["~> 1.0"])
-    s.add_dependency(%q<jeweler>.freeze, [">= 0"])
-    s.add_dependency(%q<rcov>.freeze, [">= 0"])
-    s.add_dependency(%q<simplecov>.freeze, [">= 0"])
-    s.add_dependency(%q<test-unit>.freeze, [">= 0"])
-    s.add_dependency(%q<rake>.freeze, [">= 0"])
+    s.add_dependency(%q<sexp_processor>, [">= 4.3.0"])
+    s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
+    s.add_dependency(%q<ruby_parser>, [">= 3.2.0"])
+    s.add_dependency(%q<rdoc>, ["~> 3.12"])
+    s.add_dependency(%q<bundler>, ["~> 1.0"])
+    s.add_dependency(%q<jeweler>, [">= 0"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+    s.add_dependency(%q<simplecov>, [">= 0"])
+    s.add_dependency(%q<test-unit>, [">= 0"])
+    s.add_dependency(%q<rake>, [">= 0"])
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: safemode
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.3.3
 platform: ruby
 authors:
 - Sven Fuchs
@@ -13,7 +13,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-11 00:00:00.000000000 Z
+date: 2018-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sexp_processor
@@ -35,14 +35,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.6
+        version: 2.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.6
+        version: 2.4.0
 - !ruby/object:Gem::Dependency
   name: ruby_parser
   requirement: !ruby/object:Gem::Requirement
@@ -211,7 +211,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser