safemode 1.3.5 → 1.3.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 17583eb75412f52a6f4aa691f05eacb1444914c1
4
- data.tar.gz: 1fdc4a69be5bd7ba3c8a7d86131880172ddc4bf6
2
+ SHA256:
3
+ metadata.gz: 9c122fc8f941080a885c335b7356d2e1af7545cec8633ca23571273f069f36e0
4
+ data.tar.gz: f5555df33c321fbc85bff612c80568c4667e1c17d77aaa74da3311ea659b2574
5
5
  SHA512:
6
- metadata.gz: 37754a69766f504bf4fd9f6de5f78d1c822aaf98931191188964860835731330bd9aea5e387e0141892d96e81f1805556f8d9e20fd08984c138a9ee3cef86b2d
7
- data.tar.gz: 633222599593f909e1c7ac14a0796113c230a247c73cff83f46bbe5c17a23724b8bb16744cf1d057bcd692d7986248c8a68137d9eb04d9f309ede44da97950a6
6
+ metadata.gz: 253de818e490f1e03030dfb9600960322ee6ea3c2d1d7ae571ccbc9ad44c99cb58af2d23227d6244a4de4006e0d56716b6b12c5fe83fc2fb8c874bbae5f1aca1
7
+ data.tar.gz: 2b468cf47ef692c3623daba9b1ea100ab4e74243d701aad3c86e46a04cc09d91470a9a57c5ecd117f26142b223ec33f1169b09bc90756d5dc96104d9b00c341e
@@ -1,13 +1,16 @@
1
1
  ---
2
+ os: linux
3
+ dist: xenial
4
+ language: ruby
2
5
  rvm:
3
- - 1.8.7
4
- - 1.9.3
5
- - 2.0.0
6
- - 2.1.10
7
- - 2.2.6
8
- - 2.3.3
9
- - 2.4.0
10
- - 2.5.1
6
+ - 2.2
7
+ - 2.3
8
+ - 2.4
9
+ - 2.5
10
+ - 2.6
11
+ - 2.7
11
12
  - jruby-9
12
- before_install: gem install bundler
13
- sudo: false
13
+ matrix:
14
+ allow_failures:
15
+ - rvm: jruby-9
16
+ before_install: gem install bundler --version 1.17.3
data/Gemfile CHANGED
@@ -1,17 +1,17 @@
1
- source "http://rubygems.org"
1
+ # frozen_string_literal: true
2
2
 
3
- gem 'sexp_processor', ">= 4.10.0"
4
- gem 'ruby2ruby', ">= 2.4.0"
5
- gem "ruby_parser", ">= 3.10.1"
3
+ source 'http://rubygems.org'
4
+
5
+ gem 'ruby2ruby', '>= 2.4.0'
6
+ gem 'ruby_parser', '>= 3.10.1'
7
+ gem 'sexp_processor', '>= 4.10.0'
6
8
 
7
9
  # Add dependencies to develop your gem here.
8
10
  # Include everything needed to run rake, tests, features, etc.
9
11
  group :development do
10
- gem "rdoc", "~> 3.12"
11
- gem "bundler", "~> 1.0"
12
- gem "jeweler", RUBY_VERSION.start_with?("1.8") ? "~> 1.0" : ">= 0"
13
- gem "rcov", :platforms => :ruby_18
14
- gem "simplecov", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23, :ruby_24, :ruby_25, :jruby]
15
- gem "test-unit", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23, :ruby_24, :ruby_25, :jruby]
16
- gem "rake", RUBY_VERSION.start_with?("1.8") ? "< 11" : ">= 0"
12
+ gem 'jeweler'
13
+ gem 'rake'
14
+ gem 'rdoc', '~> 3.12'
15
+ gem 'simplecov'
16
+ gem 'test-unit'
17
17
  end
@@ -3,6 +3,8 @@
3
3
  A library for safe evaluation of Ruby code based on RubyParser and
4
4
  Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.
5
5
 
6
+ [![Build Status](https://travis-ci.org/svenfuchs/safemode.svg?branch=master)](https://travis-ci.org/svenfuchs/safemode)
7
+
6
8
  ### Word of warning
7
9
 
8
10
  This library is still highly experimental. Only use it at your own risk for
@@ -52,9 +54,9 @@ class is only accessible when returned by a method or passed into a template.
52
54
  For more details about the concepts behind Safemode please refer to the
53
55
  following blog posts until a more comprehensive writeup is available:
54
56
 
55
- * Initial reasoning: [http://www.artweb-design.de/2008/2/5/sexy-theme-templating-with-haml-safemode-finally](http://www.artweb-design.de/2008/2/5/sexy-theme-templating-with-haml-safemode-finally)
56
- * Refined concept: [http://www.artweb-design.de/2008/2/17/sending-ruby-to-the-jail-an-attemp-on-a-haml-safemode](http://www.artweb-design.de/2008/2/17/sending-ruby-to-the-jail-an-attemp-on-a-haml-safemode)
57
- * ActionView ERB handler: [http://www.artweb-design.de/2008/4/22/an-erb-safemode-handler-for-actionview](http://www.artweb-design.de/2008/4/22/an-erb-safemode-handler-for-actionview)
57
+ * Initial reasoning: http://www.artweb-design.de/2008/2/5/sexy-theme-templating-with-haml-safemode-finally
58
+ * Refined concept: http://www.artweb-design.de/2008/2/17/sending-ruby-to-the-jail-an-attemp-on-a-haml-safemode
59
+ * ActionView ERB handler: http://www.artweb-design.de/2008/4/22/an-erb-safemode-handler-for-actionview
58
60
 
59
61
  ### Dependencies
60
62
 
@@ -64,14 +66,14 @@ Requires the gems:
64
66
  * Ruby2Ruby
65
67
 
66
68
  As of writing RubyParser alters StringIO and thus breaks usage with Rails.
67
- See [http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html](http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html)
69
+ See http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html
68
70
 
69
71
  A patch is included that fixes this issue and can be applied to RubyParser.
70
72
  See lib/ruby\_parser\_string\_io\_patch.diff
71
73
 
72
74
  ### Credits
73
75
 
74
- * Sven Fuchs - Maintainer
76
+ * Sven Fuchs - Initial Maintainer
75
77
  * Peter Cooper
76
78
  * Matthias Viehweger
77
79
  * Ohad Levy
data/Rakefile CHANGED
@@ -47,20 +47,10 @@ Rake::TestTask.new(:test) do |test|
47
47
  test.verbose = true
48
48
  end
49
49
 
50
- if RUBY_VERSION >= "1.9"
51
- desc "Generate coverage report for tests"
52
- task :coverage do |cov|
53
- ENV['COVERAGE'] = 'true'
54
- Rake::Task[:test].execute
55
- end
56
- else
57
- require 'rcov/rcovtask'
58
- Rcov::RcovTask.new do |test|
59
- test.libs << 'test'
60
- test.pattern = 'test/**/test_*.rb'
61
- test.verbose = true
62
- test.rcov_opts << '--exclude "gems/*"'
63
- end
50
+ desc "Generate coverage report for tests"
51
+ task :coverage do |cov|
52
+ ENV['COVERAGE'] = 'true'
53
+ Rake::Task[:test].execute
64
54
  end
65
55
 
66
56
  task :default => :test
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.3.5
1
+ 1.3.6
@@ -20,9 +20,9 @@ module ActionView
20
20
 
21
21
  # code = ::ERB.new(src, nil, @view.erb_trim_mode).src
22
22
  code = ::ERB.new("<% __in_erb_template=true %>#{src}", nil, erb_trim_mode, '@output_buffer').src
23
- # Ruby 1.9 prepends an encoding to the source. However this is
23
+ # Ruby 1.9+ prepends an encoding to the source. However this is
24
24
  # useless because you can only set an encoding on the first line
25
- RUBY_VERSION >= '1.9' ? src.sub(/\A#coding:.*\n/, '') : src
25
+ src.sub(/\A#coding:.*\n/, '') : src
26
26
 
27
27
  code.gsub!('\\','\\\\\\') # backslashes would disappear in compile_template/modul_eval, so we escape them
28
28
 
@@ -51,8 +51,8 @@ module Safemode
51
51
  indexes indices inject insert join last length map map!
52
52
  nitems pop push present? rassoc reject reject! reverse
53
53
  reverse! reverse_each rindex select shift size slice
54
- slice! sort sort! transpose uniq uniq! unshift values_at
55
- zip),
54
+ slice! sort sort! transpose to_sentence uniq uniq! unshift
55
+ values_at zip),
56
56
 
57
57
  'Bignum' => %w(abs blank? ceil chr coerce div divmod downto floor hash
58
58
  integer? modulo next nonzero? present? quo remainder round
@@ -1,17 +1,17 @@
1
- module Safemode
2
- class Jail < Blankslate
1
+ module Safemode
2
+ class Jail < Blankslate
3
3
  def initialize(source = nil)
4
4
  @source = source
5
5
  end
6
-
6
+
7
7
  def to_jail
8
8
  self
9
9
  end
10
-
10
+
11
11
  def to_s
12
12
  @source.to_s
13
13
  end
14
-
14
+
15
15
  def method_missing(method, *args, &block)
16
16
  if @source.is_a?(Class)
17
17
  unless self.class.allowed_class_method?(method)
@@ -22,7 +22,7 @@ module Safemode
22
22
  raise Safemode::NoMethodError.new("##{method}", self.class.name, @source.class.name)
23
23
  end
24
24
  end
25
-
25
+
26
26
  # As every call to an object in the eval'ed string will be jailed by the
27
27
  # parser we don't need to "proactively" jail arrays and hashes. Likewise we
28
28
  # don't need to jail objects returned from a jail. Doing so would provide
@@ -31,11 +31,6 @@ module Safemode
31
31
  @source.send(method, *args, &block)
32
32
  end
33
33
 
34
- # needed for compatibility with 1.8.7; remove this method once 1.8.7 support has been dropped
35
- def respond_to?(method, *)
36
- respond_to_missing?(method)
37
- end
38
-
39
34
  def respond_to_missing?(method_name, include_private = false)
40
35
  self.class.allowed_instance_method?(method_name)
41
36
  end
@@ -121,8 +121,8 @@ module Safemode
121
121
 
122
122
  def process_const(arg)
123
123
  sexp_type = arg.sexp_body.sexp_type # constants are encoded as: "s(:const, :Encoding)"
124
- if RUBY_VERSION >= "1.9" && sexp_type == :Encoding
125
- # handling of Encoding constants in ruby 1.9.
124
+ if sexp_type == :Encoding
125
+ # handling of Encoding constants.
126
126
  # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8)
127
127
  "#{super(arg).gsub('-', '_')}"
128
128
  elsif sexp_type == :String
@@ -2,18 +2,18 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: safemode 1.3.5 ruby lib
5
+ # stub: safemode 1.3.6 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
- s.name = "safemode"
9
- s.version = "1.3.5"
8
+ s.name = "safemode".freeze
9
+ s.version = "1.3.6"
10
10
 
11
- s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
- s.require_paths = ["lib"]
13
- s.authors = ["Sven Fuchs", "Peter Cooper", "Matthias Viehweger", "Kingsley Hendrickse", "Ohad Levy", "Dmitri Dolguikh"]
14
- s.date = "2018-01-18"
15
- s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
16
- s.email = "ohadlevy@gmail.com"
11
+ s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
12
+ s.require_paths = ["lib".freeze]
13
+ s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
14
+ s.date = "2020-08-31"
15
+ s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
16
+ s.email = "ohadlevy@gmail.com".freeze
17
17
  s.extra_rdoc_files = [
18
18
  "README.markdown"
19
19
  ]
@@ -47,48 +47,42 @@ Gem::Specification.new do |s|
47
47
  "test/test_safemode_eval.rb",
48
48
  "test/test_safemode_parser.rb"
49
49
  ]
50
- s.homepage = "http://github.com/svenfuchs/safemode"
51
- s.licenses = ["MIT"]
52
- s.rubygems_version = "2.5.1"
53
- s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
50
+ s.homepage = "http://github.com/svenfuchs/safemode".freeze
51
+ s.licenses = ["MIT".freeze]
52
+ s.rubygems_version = "2.7.6".freeze
53
+ s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
54
54
 
55
55
  if s.respond_to? :specification_version then
56
56
  s.specification_version = 4
57
57
 
58
58
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
59
- s.add_runtime_dependency(%q<sexp_processor>, [">= 4.10.0"])
60
- s.add_runtime_dependency(%q<ruby2ruby>, [">= 2.4.0"])
61
- s.add_runtime_dependency(%q<ruby_parser>, [">= 3.10.1"])
62
- s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
63
- s.add_development_dependency(%q<bundler>, ["~> 1.0"])
64
- s.add_development_dependency(%q<jeweler>, [">= 0"])
65
- s.add_development_dependency(%q<rcov>, [">= 0"])
66
- s.add_development_dependency(%q<simplecov>, [">= 0"])
67
- s.add_development_dependency(%q<test-unit>, [">= 0"])
68
- s.add_development_dependency(%q<rake>, [">= 0"])
59
+ s.add_runtime_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
60
+ s.add_runtime_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
61
+ s.add_runtime_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
62
+ s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
63
+ s.add_development_dependency(%q<rake>.freeze, [">= 0"])
64
+ s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
65
+ s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
66
+ s.add_development_dependency(%q<test-unit>.freeze, [">= 0"])
69
67
  else
70
- s.add_dependency(%q<sexp_processor>, [">= 4.10.0"])
71
- s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
72
- s.add_dependency(%q<ruby_parser>, [">= 3.10.1"])
73
- s.add_dependency(%q<rdoc>, ["~> 3.12"])
74
- s.add_dependency(%q<bundler>, ["~> 1.0"])
75
- s.add_dependency(%q<jeweler>, [">= 0"])
76
- s.add_dependency(%q<rcov>, [">= 0"])
77
- s.add_dependency(%q<simplecov>, [">= 0"])
78
- s.add_dependency(%q<test-unit>, [">= 0"])
79
- s.add_dependency(%q<rake>, [">= 0"])
68
+ s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
69
+ s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
70
+ s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
71
+ s.add_dependency(%q<jeweler>.freeze, [">= 0"])
72
+ s.add_dependency(%q<rake>.freeze, [">= 0"])
73
+ s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
74
+ s.add_dependency(%q<simplecov>.freeze, [">= 0"])
75
+ s.add_dependency(%q<test-unit>.freeze, [">= 0"])
80
76
  end
81
77
  else
82
- s.add_dependency(%q<sexp_processor>, [">= 4.10.0"])
83
- s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
84
- s.add_dependency(%q<ruby_parser>, [">= 3.10.1"])
85
- s.add_dependency(%q<rdoc>, ["~> 3.12"])
86
- s.add_dependency(%q<bundler>, ["~> 1.0"])
87
- s.add_dependency(%q<jeweler>, [">= 0"])
88
- s.add_dependency(%q<rcov>, [">= 0"])
89
- s.add_dependency(%q<simplecov>, [">= 0"])
90
- s.add_dependency(%q<test-unit>, [">= 0"])
91
- s.add_dependency(%q<rake>, [">= 0"])
78
+ s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
79
+ s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
80
+ s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
81
+ s.add_dependency(%q<jeweler>.freeze, [">= 0"])
82
+ s.add_dependency(%q<rake>.freeze, [">= 0"])
83
+ s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
84
+ s.add_dependency(%q<simplecov>.freeze, [">= 0"])
85
+ s.add_dependency(%q<test-unit>.freeze, [">= 0"])
92
86
  end
93
87
  end
94
88
 
@@ -1,4 +1,4 @@
1
- if RUBY_VERSION >= '1.9'and ENV['COVERAGE']
1
+ if ENV['COVERAGE']
2
2
  require 'simplecov'
3
3
  SimpleCov.start {add_filter 'test_'}
4
4
  end
@@ -22,7 +22,7 @@ module TestHelper
22
22
  '@article.comment_class.new',
23
23
  'String.instance_variable_set :@a, :a' ]
24
24
  end
25
-
25
+
26
26
  def security_error_raising_calls
27
27
  [ "class A\n end",
28
28
  'File.open("/etc/passwd")',
@@ -42,10 +42,10 @@ module TestHelper
42
42
  "attr_reader :a",
43
43
  'URI("http://google.com")',
44
44
  "`ls -a`", "exec('echo *')", "syscall 4, 1, 'hello', 5", "system('touch /tmp/helloworld')",
45
- "abort",
45
+ "abort",
46
46
  "exit(0)", "exit!(0)", "at_exit{'goodbye'}",
47
47
  "autoload(::MyModule, 'my_module.rb')",
48
- "binding",
48
+ "binding",
49
49
  "callcc{|cont| cont.call}",
50
50
  'eval %Q(send(:system, "ls -a"))',
51
51
  "fork",
@@ -58,12 +58,12 @@ module TestHelper
58
58
  "open('/etc/passwd'){|f| f.read}",
59
59
  "p 'text'", "pretty_inspect",
60
60
  # "print 'text'", "puts 'text'", allowed and buffered these (see ScopeObject)
61
- "printf 'text'", "putc 'a'",
61
+ "printf 'text'", "putc 'a'",
62
62
  "raise RuntimeError, 'should not happen'",
63
- "rand(0)", "srand(0)",
63
+ "rand(0)", "srand(0)",
64
64
  "set_trace_func proc{|event| puts event}", "trace_var :$_, proc {|v| puts v }", "untrace_var :$_",
65
- "sleep", "sleep(0)",
66
- "test(1, a, b)",
65
+ "sleep", "sleep(0)",
66
+ "test(1, a, b)",
67
67
  "Signal.trap(0, proc { puts 'Terminating: #{$$}' })",
68
68
  "warn 'warning'",
69
69
  'Array.new' ]
@@ -77,31 +77,31 @@ module TestHelper
77
77
  def assert_raise_security(code = nil, assigns = {}, locals = {}, &block)
78
78
  assert_raise_safemode_error(Safemode::SecurityError, code, assigns, locals, &block)
79
79
  end
80
-
80
+
81
81
  def assert_raise_safemode_error(error, code, assigns = {}, locals = {})
82
82
  code = yield(code) if block_given?
83
83
  assert_raise(error, code) { safebox_eval(code, assigns, locals) }
84
84
  end
85
-
85
+
86
86
  def safebox_eval(code, assigns = {}, locals = {})
87
87
  # puts Safemode::Parser.jail(code)
88
88
  Safemode::Box.new.eval code, assigns, locals
89
- end
89
+ end
90
90
  end
91
91
 
92
92
  class Article
93
93
  def is_article?
94
94
  true
95
95
  end
96
-
96
+
97
97
  def title
98
98
  'an article title'
99
99
  end
100
-
100
+
101
101
  def to_jail
102
102
  Article::Jail.new self
103
103
  end
104
-
104
+
105
105
  def comments
106
106
  [Comment.new(self), Comment.new(self)]
107
107
  end
@@ -117,15 +117,15 @@ end
117
117
 
118
118
  class Comment
119
119
  attr_reader :article
120
-
120
+
121
121
  def initialize(article)
122
122
  @article = article
123
123
  end
124
-
124
+
125
125
  def text
126
126
  "comment #{object_id}"
127
127
  end
128
-
128
+
129
129
  def to_jail
130
130
  Comment::Jail.new self
131
131
  end
@@ -145,7 +145,7 @@ end
145
145
 
146
146
  class Article::Jail < Safemode::Jail
147
147
  allow :title, :comments, :is_article?, :comment_class
148
-
148
+
149
149
  def author_name
150
150
  "this article's author name"
151
151
  end
@@ -24,8 +24,7 @@ class TestJail < Test::Unit::TestCase
24
24
  end
25
25
 
26
26
  def test_jail_instances_should_have_limited_methods
27
- expected = ["class", "method_missing", "methods", "respond_to?", "respond_to_missing?", "to_jail", "to_s", "instance_variable_get"]
28
- expected.delete('respond_to_missing?') if RUBY_VERSION > '1.9.3' # respond_to_missing? is private in rubies above 1.9.3
27
+ expected = ["class", "method_missing", "methods", "respond_to?", "to_jail", "to_s", "instance_variable_get"]
29
28
  objects.each do |object|
30
29
  assert_equal expected.sort, reject_pretty_methods(object.to_jail.methods.map(&:to_s).sort)
31
30
  end
@@ -2,7 +2,7 @@ require File.join(File.dirname(__FILE__), 'test_helper')
2
2
 
3
3
  class TestSafemodeEval < Test::Unit::TestCase
4
4
  include TestHelper
5
-
5
+
6
6
  def setup
7
7
  @box = Safemode::Box.new
8
8
  @locals = { :article => Article.new }
@@ -18,14 +18,10 @@ class TestSafemodeEval < Test::Unit::TestCase
18
18
  end
19
19
 
20
20
  def test_unary_operators_on_instances_of_boolean_vars
21
- if RUBY_VERSION != "1.8.7"
22
- assert @box.eval('not false')
23
- assert @box.eval('!false')
24
- assert !@box.eval('not true')
25
- assert !@box.eval('!true')
26
- else
27
- p "no unary ops under 1.8.7!"
28
- end
21
+ assert @box.eval('not false')
22
+ assert @box.eval('!false')
23
+ assert !@box.eval('not true')
24
+ assert !@box.eval('!true')
29
25
  end
30
26
 
31
27
  def test_false_class_ops
@@ -55,35 +51,35 @@ class TestSafemodeEval < Test::Unit::TestCase
55
51
  def test_should_turn_assigns_to_jails
56
52
  assert_raise_no_method "@article.system", @assigns
57
53
  end
58
-
54
+
59
55
  def test_should_turn_locals_to_jails
60
56
  assert_raise(Safemode::NoMethodError){ @box.eval "article.system", {}, @locals }
61
57
  end
62
-
58
+
63
59
  def test_should_allow_method_access_on_assigns
64
60
  assert_nothing_raised{ @box.eval "@article.title", @assigns }
65
61
  end
66
-
62
+
67
63
  def test_should_allow_method_access_on_locals
68
64
  assert_nothing_raised{ @box.eval("article.title", {}, @locals) }
69
65
  end
70
-
66
+
71
67
  def test_should_not_raise_on_if_using_return_values
72
68
  assert_nothing_raised{ @box.eval "if @article.is_article? then 1 end", @assigns }
73
69
  end
74
-
70
+
75
71
  def test_should_work_with_if_using_return_values
76
72
  assert_equal @box.eval("if @article.is_article? then 1 end", @assigns), 1
77
73
  end
78
-
74
+
79
75
  def test__FILE__should_not_render_filename
80
76
  assert_equal '(string)', @box.eval("__FILE__")
81
77
  end
82
-
78
+
83
79
  def test_interpolated_xstr_should_raise_security
84
80
  assert_raise_security '"#{`ls -a`}"'
85
- end
86
-
81
+ end
82
+
87
83
  TestHelper.no_method_error_raising_calls.each do |call|
88
84
  call.gsub!('"', '\\\\"')
89
85
  class_eval %Q(
@@ -100,6 +96,6 @@ class TestSafemodeEval < Test::Unit::TestCase
100
96
  assert_raise_security "#{call}", @assigns, @locals
101
97
  end
102
98
  )
103
- end
99
+ end
104
100
 
105
101
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safemode
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.5
4
+ version: 1.3.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sven Fuchs
@@ -13,22 +13,8 @@ authors:
13
13
  autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
- date: 2018-01-18 00:00:00.000000000 Z
16
+ date: 2020-08-31 00:00:00.000000000 Z
17
17
  dependencies:
18
- - !ruby/object:Gem::Dependency
19
- name: sexp_processor
20
- requirement: !ruby/object:Gem::Requirement
21
- requirements:
22
- - - ">="
23
- - !ruby/object:Gem::Version
24
- version: 4.10.0
25
- type: :runtime
26
- prerelease: false
27
- version_requirements: !ruby/object:Gem::Requirement
28
- requirements:
29
- - - ">="
30
- - !ruby/object:Gem::Version
31
- version: 4.10.0
32
18
  - !ruby/object:Gem::Dependency
33
19
  name: ruby2ruby
34
20
  requirement: !ruby/object:Gem::Requirement
@@ -58,33 +44,19 @@ dependencies:
58
44
  - !ruby/object:Gem::Version
59
45
  version: 3.10.1
60
46
  - !ruby/object:Gem::Dependency
61
- name: rdoc
62
- requirement: !ruby/object:Gem::Requirement
63
- requirements:
64
- - - "~>"
65
- - !ruby/object:Gem::Version
66
- version: '3.12'
67
- type: :development
68
- prerelease: false
69
- version_requirements: !ruby/object:Gem::Requirement
70
- requirements:
71
- - - "~>"
72
- - !ruby/object:Gem::Version
73
- version: '3.12'
74
- - !ruby/object:Gem::Dependency
75
- name: bundler
47
+ name: sexp_processor
76
48
  requirement: !ruby/object:Gem::Requirement
77
49
  requirements:
78
- - - "~>"
50
+ - - ">="
79
51
  - !ruby/object:Gem::Version
80
- version: '1.0'
81
- type: :development
52
+ version: 4.10.0
53
+ type: :runtime
82
54
  prerelease: false
83
55
  version_requirements: !ruby/object:Gem::Requirement
84
56
  requirements:
85
- - - "~>"
57
+ - - ">="
86
58
  - !ruby/object:Gem::Version
87
- version: '1.0'
59
+ version: 4.10.0
88
60
  - !ruby/object:Gem::Dependency
89
61
  name: jeweler
90
62
  requirement: !ruby/object:Gem::Requirement
@@ -100,7 +72,7 @@ dependencies:
100
72
  - !ruby/object:Gem::Version
101
73
  version: '0'
102
74
  - !ruby/object:Gem::Dependency
103
- name: rcov
75
+ name: rake
104
76
  requirement: !ruby/object:Gem::Requirement
105
77
  requirements:
106
78
  - - ">="
@@ -114,21 +86,21 @@ dependencies:
114
86
  - !ruby/object:Gem::Version
115
87
  version: '0'
116
88
  - !ruby/object:Gem::Dependency
117
- name: simplecov
89
+ name: rdoc
118
90
  requirement: !ruby/object:Gem::Requirement
119
91
  requirements:
120
- - - ">="
92
+ - - "~>"
121
93
  - !ruby/object:Gem::Version
122
- version: '0'
94
+ version: '3.12'
123
95
  type: :development
124
96
  prerelease: false
125
97
  version_requirements: !ruby/object:Gem::Requirement
126
98
  requirements:
127
- - - ">="
99
+ - - "~>"
128
100
  - !ruby/object:Gem::Version
129
- version: '0'
101
+ version: '3.12'
130
102
  - !ruby/object:Gem::Dependency
131
- name: test-unit
103
+ name: simplecov
132
104
  requirement: !ruby/object:Gem::Requirement
133
105
  requirements:
134
106
  - - ">="
@@ -142,7 +114,7 @@ dependencies:
142
114
  - !ruby/object:Gem::Version
143
115
  version: '0'
144
116
  - !ruby/object:Gem::Dependency
145
- name: rake
117
+ name: test-unit
146
118
  requirement: !ruby/object:Gem::Requirement
147
119
  requirements:
148
120
  - - ">="
@@ -211,7 +183,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
211
183
  version: '0'
212
184
  requirements: []
213
185
  rubyforge_project:
214
- rubygems_version: 2.5.1
186
+ rubygems_version: 2.7.6
215
187
  signing_key:
216
188
  specification_version: 4
217
189
  summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser