safemode 1.3.5 → 1.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 17583eb75412f52a6f4aa691f05eacb1444914c1
4
- data.tar.gz: 1fdc4a69be5bd7ba3c8a7d86131880172ddc4bf6
2
+ SHA256:
3
+ metadata.gz: 9c122fc8f941080a885c335b7356d2e1af7545cec8633ca23571273f069f36e0
4
+ data.tar.gz: f5555df33c321fbc85bff612c80568c4667e1c17d77aaa74da3311ea659b2574
5
5
  SHA512:
6
- metadata.gz: 37754a69766f504bf4fd9f6de5f78d1c822aaf98931191188964860835731330bd9aea5e387e0141892d96e81f1805556f8d9e20fd08984c138a9ee3cef86b2d
7
- data.tar.gz: 633222599593f909e1c7ac14a0796113c230a247c73cff83f46bbe5c17a23724b8bb16744cf1d057bcd692d7986248c8a68137d9eb04d9f309ede44da97950a6
6
+ metadata.gz: 253de818e490f1e03030dfb9600960322ee6ea3c2d1d7ae571ccbc9ad44c99cb58af2d23227d6244a4de4006e0d56716b6b12c5fe83fc2fb8c874bbae5f1aca1
7
+ data.tar.gz: 2b468cf47ef692c3623daba9b1ea100ab4e74243d701aad3c86e46a04cc09d91470a9a57c5ecd117f26142b223ec33f1169b09bc90756d5dc96104d9b00c341e
@@ -1,13 +1,16 @@
1
1
  ---
2
+ os: linux
3
+ dist: xenial
4
+ language: ruby
2
5
  rvm:
3
- - 1.8.7
4
- - 1.9.3
5
- - 2.0.0
6
- - 2.1.10
7
- - 2.2.6
8
- - 2.3.3
9
- - 2.4.0
10
- - 2.5.1
6
+ - 2.2
7
+ - 2.3
8
+ - 2.4
9
+ - 2.5
10
+ - 2.6
11
+ - 2.7
11
12
  - jruby-9
12
- before_install: gem install bundler
13
- sudo: false
13
+ matrix:
14
+ allow_failures:
15
+ - rvm: jruby-9
16
+ before_install: gem install bundler --version 1.17.3
data/Gemfile CHANGED
@@ -1,17 +1,17 @@
1
- source "http://rubygems.org"
1
+ # frozen_string_literal: true
2
2
 
3
- gem 'sexp_processor', ">= 4.10.0"
4
- gem 'ruby2ruby', ">= 2.4.0"
5
- gem "ruby_parser", ">= 3.10.1"
3
+ source 'http://rubygems.org'
4
+
5
+ gem 'ruby2ruby', '>= 2.4.0'
6
+ gem 'ruby_parser', '>= 3.10.1'
7
+ gem 'sexp_processor', '>= 4.10.0'
6
8
 
7
9
  # Add dependencies to develop your gem here.
8
10
  # Include everything needed to run rake, tests, features, etc.
9
11
  group :development do
10
- gem "rdoc", "~> 3.12"
11
- gem "bundler", "~> 1.0"
12
- gem "jeweler", RUBY_VERSION.start_with?("1.8") ? "~> 1.0" : ">= 0"
13
- gem "rcov", :platforms => :ruby_18
14
- gem "simplecov", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23, :ruby_24, :ruby_25, :jruby]
15
- gem "test-unit", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22, :ruby_23, :ruby_24, :ruby_25, :jruby]
16
- gem "rake", RUBY_VERSION.start_with?("1.8") ? "< 11" : ">= 0"
12
+ gem 'jeweler'
13
+ gem 'rake'
14
+ gem 'rdoc', '~> 3.12'
15
+ gem 'simplecov'
16
+ gem 'test-unit'
17
17
  end
@@ -3,6 +3,8 @@
3
3
  A library for safe evaluation of Ruby code based on RubyParser and
4
4
  Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.
5
5
 
6
+ [![Build Status](https://travis-ci.org/svenfuchs/safemode.svg?branch=master)](https://travis-ci.org/svenfuchs/safemode)
7
+
6
8
  ### Word of warning
7
9
 
8
10
  This library is still highly experimental. Only use it at your own risk for
@@ -52,9 +54,9 @@ class is only accessible when returned by a method or passed into a template.
52
54
  For more details about the concepts behind Safemode please refer to the
53
55
  following blog posts until a more comprehensive writeup is available:
54
56
 
55
- * Initial reasoning: [http://www.artweb-design.de/2008/2/5/sexy-theme-templating-with-haml-safemode-finally](http://www.artweb-design.de/2008/2/5/sexy-theme-templating-with-haml-safemode-finally)
56
- * Refined concept: [http://www.artweb-design.de/2008/2/17/sending-ruby-to-the-jail-an-attemp-on-a-haml-safemode](http://www.artweb-design.de/2008/2/17/sending-ruby-to-the-jail-an-attemp-on-a-haml-safemode)
57
- * ActionView ERB handler: [http://www.artweb-design.de/2008/4/22/an-erb-safemode-handler-for-actionview](http://www.artweb-design.de/2008/4/22/an-erb-safemode-handler-for-actionview)
57
+ * Initial reasoning: http://www.artweb-design.de/2008/2/5/sexy-theme-templating-with-haml-safemode-finally
58
+ * Refined concept: http://www.artweb-design.de/2008/2/17/sending-ruby-to-the-jail-an-attemp-on-a-haml-safemode
59
+ * ActionView ERB handler: http://www.artweb-design.de/2008/4/22/an-erb-safemode-handler-for-actionview
58
60
 
59
61
  ### Dependencies
60
62
 
@@ -64,14 +66,14 @@ Requires the gems:
64
66
  * Ruby2Ruby
65
67
 
66
68
  As of writing RubyParser alters StringIO and thus breaks usage with Rails.
67
- See [http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html](http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html)
69
+ See http://www.zenspider.com/pipermail/parsetree/2008-April/000026.html
68
70
 
69
71
  A patch is included that fixes this issue and can be applied to RubyParser.
70
72
  See lib/ruby\_parser\_string\_io\_patch.diff
71
73
 
72
74
  ### Credits
73
75
 
74
- * Sven Fuchs - Maintainer
76
+ * Sven Fuchs - Initial Maintainer
75
77
  * Peter Cooper
76
78
  * Matthias Viehweger
77
79
  * Ohad Levy
data/Rakefile CHANGED
@@ -47,20 +47,10 @@ Rake::TestTask.new(:test) do |test|
47
47
  test.verbose = true
48
48
  end
49
49
 
50
- if RUBY_VERSION >= "1.9"
51
- desc "Generate coverage report for tests"
52
- task :coverage do |cov|
53
- ENV['COVERAGE'] = 'true'
54
- Rake::Task[:test].execute
55
- end
56
- else
57
- require 'rcov/rcovtask'
58
- Rcov::RcovTask.new do |test|
59
- test.libs << 'test'
60
- test.pattern = 'test/**/test_*.rb'
61
- test.verbose = true
62
- test.rcov_opts << '--exclude "gems/*"'
63
- end
50
+ desc "Generate coverage report for tests"
51
+ task :coverage do |cov|
52
+ ENV['COVERAGE'] = 'true'
53
+ Rake::Task[:test].execute
64
54
  end
65
55
 
66
56
  task :default => :test
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.3.5
1
+ 1.3.6
@@ -20,9 +20,9 @@ module ActionView
20
20
 
21
21
  # code = ::ERB.new(src, nil, @view.erb_trim_mode).src
22
22
  code = ::ERB.new("<% __in_erb_template=true %>#{src}", nil, erb_trim_mode, '@output_buffer').src
23
- # Ruby 1.9 prepends an encoding to the source. However this is
23
+ # Ruby 1.9+ prepends an encoding to the source. However this is
24
24
  # useless because you can only set an encoding on the first line
25
- RUBY_VERSION >= '1.9' ? src.sub(/\A#coding:.*\n/, '') : src
25
+ src.sub(/\A#coding:.*\n/, '') : src
26
26
 
27
27
  code.gsub!('\\','\\\\\\') # backslashes would disappear in compile_template/modul_eval, so we escape them
28
28
 
@@ -51,8 +51,8 @@ module Safemode
51
51
  indexes indices inject insert join last length map map!
52
52
  nitems pop push present? rassoc reject reject! reverse
53
53
  reverse! reverse_each rindex select shift size slice
54
- slice! sort sort! transpose uniq uniq! unshift values_at
55
- zip),
54
+ slice! sort sort! transpose to_sentence uniq uniq! unshift
55
+ values_at zip),
56
56
 
57
57
  'Bignum' => %w(abs blank? ceil chr coerce div divmod downto floor hash
58
58
  integer? modulo next nonzero? present? quo remainder round
@@ -1,17 +1,17 @@
1
- module Safemode
2
- class Jail < Blankslate
1
+ module Safemode
2
+ class Jail < Blankslate
3
3
  def initialize(source = nil)
4
4
  @source = source
5
5
  end
6
-
6
+
7
7
  def to_jail
8
8
  self
9
9
  end
10
-
10
+
11
11
  def to_s
12
12
  @source.to_s
13
13
  end
14
-
14
+
15
15
  def method_missing(method, *args, &block)
16
16
  if @source.is_a?(Class)
17
17
  unless self.class.allowed_class_method?(method)
@@ -22,7 +22,7 @@ module Safemode
22
22
  raise Safemode::NoMethodError.new("##{method}", self.class.name, @source.class.name)
23
23
  end
24
24
  end
25
-
25
+
26
26
  # As every call to an object in the eval'ed string will be jailed by the
27
27
  # parser we don't need to "proactively" jail arrays and hashes. Likewise we
28
28
  # don't need to jail objects returned from a jail. Doing so would provide
@@ -31,11 +31,6 @@ module Safemode
31
31
  @source.send(method, *args, &block)
32
32
  end
33
33
 
34
- # needed for compatibility with 1.8.7; remove this method once 1.8.7 support has been dropped
35
- def respond_to?(method, *)
36
- respond_to_missing?(method)
37
- end
38
-
39
34
  def respond_to_missing?(method_name, include_private = false)
40
35
  self.class.allowed_instance_method?(method_name)
41
36
  end
@@ -121,8 +121,8 @@ module Safemode
121
121
 
122
122
  def process_const(arg)
123
123
  sexp_type = arg.sexp_body.sexp_type # constants are encoded as: "s(:const, :Encoding)"
124
- if RUBY_VERSION >= "1.9" && sexp_type == :Encoding
125
- # handling of Encoding constants in ruby 1.9.
124
+ if sexp_type == :Encoding
125
+ # handling of Encoding constants.
126
126
  # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8)
127
127
  "#{super(arg).gsub('-', '_')}"
128
128
  elsif sexp_type == :String
@@ -2,18 +2,18 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: safemode 1.3.5 ruby lib
5
+ # stub: safemode 1.3.6 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
- s.name = "safemode"
9
- s.version = "1.3.5"
8
+ s.name = "safemode".freeze
9
+ s.version = "1.3.6"
10
10
 
11
- s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
- s.require_paths = ["lib"]
13
- s.authors = ["Sven Fuchs", "Peter Cooper", "Matthias Viehweger", "Kingsley Hendrickse", "Ohad Levy", "Dmitri Dolguikh"]
14
- s.date = "2018-01-18"
15
- s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml."
16
- s.email = "ohadlevy@gmail.com"
11
+ s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
12
+ s.require_paths = ["lib".freeze]
13
+ s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
14
+ s.date = "2020-08-31"
15
+ s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
16
+ s.email = "ohadlevy@gmail.com".freeze
17
17
  s.extra_rdoc_files = [
18
18
  "README.markdown"
19
19
  ]
@@ -47,48 +47,42 @@ Gem::Specification.new do |s|
47
47
  "test/test_safemode_eval.rb",
48
48
  "test/test_safemode_parser.rb"
49
49
  ]
50
- s.homepage = "http://github.com/svenfuchs/safemode"
51
- s.licenses = ["MIT"]
52
- s.rubygems_version = "2.5.1"
53
- s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby"
50
+ s.homepage = "http://github.com/svenfuchs/safemode".freeze
51
+ s.licenses = ["MIT".freeze]
52
+ s.rubygems_version = "2.7.6".freeze
53
+ s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
54
54
 
55
55
  if s.respond_to? :specification_version then
56
56
  s.specification_version = 4
57
57
 
58
58
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
59
- s.add_runtime_dependency(%q<sexp_processor>, [">= 4.10.0"])
60
- s.add_runtime_dependency(%q<ruby2ruby>, [">= 2.4.0"])
61
- s.add_runtime_dependency(%q<ruby_parser>, [">= 3.10.1"])
62
- s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
63
- s.add_development_dependency(%q<bundler>, ["~> 1.0"])
64
- s.add_development_dependency(%q<jeweler>, [">= 0"])
65
- s.add_development_dependency(%q<rcov>, [">= 0"])
66
- s.add_development_dependency(%q<simplecov>, [">= 0"])
67
- s.add_development_dependency(%q<test-unit>, [">= 0"])
68
- s.add_development_dependency(%q<rake>, [">= 0"])
59
+ s.add_runtime_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
60
+ s.add_runtime_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
61
+ s.add_runtime_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
62
+ s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
63
+ s.add_development_dependency(%q<rake>.freeze, [">= 0"])
64
+ s.add_development_dependency(%q<rdoc>.freeze, ["~> 3.12"])
65
+ s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
66
+ s.add_development_dependency(%q<test-unit>.freeze, [">= 0"])
69
67
  else
70
- s.add_dependency(%q<sexp_processor>, [">= 4.10.0"])
71
- s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
72
- s.add_dependency(%q<ruby_parser>, [">= 3.10.1"])
73
- s.add_dependency(%q<rdoc>, ["~> 3.12"])
74
- s.add_dependency(%q<bundler>, ["~> 1.0"])
75
- s.add_dependency(%q<jeweler>, [">= 0"])
76
- s.add_dependency(%q<rcov>, [">= 0"])
77
- s.add_dependency(%q<simplecov>, [">= 0"])
78
- s.add_dependency(%q<test-unit>, [">= 0"])
79
- s.add_dependency(%q<rake>, [">= 0"])
68
+ s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
69
+ s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
70
+ s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
71
+ s.add_dependency(%q<jeweler>.freeze, [">= 0"])
72
+ s.add_dependency(%q<rake>.freeze, [">= 0"])
73
+ s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
74
+ s.add_dependency(%q<simplecov>.freeze, [">= 0"])
75
+ s.add_dependency(%q<test-unit>.freeze, [">= 0"])
80
76
  end
81
77
  else
82
- s.add_dependency(%q<sexp_processor>, [">= 4.10.0"])
83
- s.add_dependency(%q<ruby2ruby>, [">= 2.4.0"])
84
- s.add_dependency(%q<ruby_parser>, [">= 3.10.1"])
85
- s.add_dependency(%q<rdoc>, ["~> 3.12"])
86
- s.add_dependency(%q<bundler>, ["~> 1.0"])
87
- s.add_dependency(%q<jeweler>, [">= 0"])
88
- s.add_dependency(%q<rcov>, [">= 0"])
89
- s.add_dependency(%q<simplecov>, [">= 0"])
90
- s.add_dependency(%q<test-unit>, [">= 0"])
91
- s.add_dependency(%q<rake>, [">= 0"])
78
+ s.add_dependency(%q<ruby2ruby>.freeze, [">= 2.4.0"])
79
+ s.add_dependency(%q<ruby_parser>.freeze, [">= 3.10.1"])
80
+ s.add_dependency(%q<sexp_processor>.freeze, [">= 4.10.0"])
81
+ s.add_dependency(%q<jeweler>.freeze, [">= 0"])
82
+ s.add_dependency(%q<rake>.freeze, [">= 0"])
83
+ s.add_dependency(%q<rdoc>.freeze, ["~> 3.12"])
84
+ s.add_dependency(%q<simplecov>.freeze, [">= 0"])
85
+ s.add_dependency(%q<test-unit>.freeze, [">= 0"])
92
86
  end
93
87
  end
94
88
 
@@ -1,4 +1,4 @@
1
- if RUBY_VERSION >= '1.9'and ENV['COVERAGE']
1
+ if ENV['COVERAGE']
2
2
  require 'simplecov'
3
3
  SimpleCov.start {add_filter 'test_'}
4
4
  end
@@ -22,7 +22,7 @@ module TestHelper
22
22
  '@article.comment_class.new',
23
23
  'String.instance_variable_set :@a, :a' ]
24
24
  end
25
-
25
+
26
26
  def security_error_raising_calls
27
27
  [ "class A\n end",
28
28
  'File.open("/etc/passwd")',
@@ -42,10 +42,10 @@ module TestHelper
42
42
  "attr_reader :a",
43
43
  'URI("http://google.com")',
44
44
  "`ls -a`", "exec('echo *')", "syscall 4, 1, 'hello', 5", "system('touch /tmp/helloworld')",
45
- "abort",
45
+ "abort",
46
46
  "exit(0)", "exit!(0)", "at_exit{'goodbye'}",
47
47
  "autoload(::MyModule, 'my_module.rb')",
48
- "binding",
48
+ "binding",
49
49
  "callcc{|cont| cont.call}",
50
50
  'eval %Q(send(:system, "ls -a"))',
51
51
  "fork",
@@ -58,12 +58,12 @@ module TestHelper
58
58
  "open('/etc/passwd'){|f| f.read}",
59
59
  "p 'text'", "pretty_inspect",
60
60
  # "print 'text'", "puts 'text'", allowed and buffered these (see ScopeObject)
61
- "printf 'text'", "putc 'a'",
61
+ "printf 'text'", "putc 'a'",
62
62
  "raise RuntimeError, 'should not happen'",
63
- "rand(0)", "srand(0)",
63
+ "rand(0)", "srand(0)",
64
64
  "set_trace_func proc{|event| puts event}", "trace_var :$_, proc {|v| puts v }", "untrace_var :$_",
65
- "sleep", "sleep(0)",
66
- "test(1, a, b)",
65
+ "sleep", "sleep(0)",
66
+ "test(1, a, b)",
67
67
  "Signal.trap(0, proc { puts 'Terminating: #{$$}' })",
68
68
  "warn 'warning'",
69
69
  'Array.new' ]
@@ -77,31 +77,31 @@ module TestHelper
77
77
  def assert_raise_security(code = nil, assigns = {}, locals = {}, &block)
78
78
  assert_raise_safemode_error(Safemode::SecurityError, code, assigns, locals, &block)
79
79
  end
80
-
80
+
81
81
  def assert_raise_safemode_error(error, code, assigns = {}, locals = {})
82
82
  code = yield(code) if block_given?
83
83
  assert_raise(error, code) { safebox_eval(code, assigns, locals) }
84
84
  end
85
-
85
+
86
86
  def safebox_eval(code, assigns = {}, locals = {})
87
87
  # puts Safemode::Parser.jail(code)
88
88
  Safemode::Box.new.eval code, assigns, locals
89
- end
89
+ end
90
90
  end
91
91
 
92
92
  class Article
93
93
  def is_article?
94
94
  true
95
95
  end
96
-
96
+
97
97
  def title
98
98
  'an article title'
99
99
  end
100
-
100
+
101
101
  def to_jail
102
102
  Article::Jail.new self
103
103
  end
104
-
104
+
105
105
  def comments
106
106
  [Comment.new(self), Comment.new(self)]
107
107
  end
@@ -117,15 +117,15 @@ end
117
117
 
118
118
  class Comment
119
119
  attr_reader :article
120
-
120
+
121
121
  def initialize(article)
122
122
  @article = article
123
123
  end
124
-
124
+
125
125
  def text
126
126
  "comment #{object_id}"
127
127
  end
128
-
128
+
129
129
  def to_jail
130
130
  Comment::Jail.new self
131
131
  end
@@ -145,7 +145,7 @@ end
145
145
 
146
146
  class Article::Jail < Safemode::Jail
147
147
  allow :title, :comments, :is_article?, :comment_class
148
-
148
+
149
149
  def author_name
150
150
  "this article's author name"
151
151
  end
@@ -24,8 +24,7 @@ class TestJail < Test::Unit::TestCase
24
24
  end
25
25
 
26
26
  def test_jail_instances_should_have_limited_methods
27
- expected = ["class", "method_missing", "methods", "respond_to?", "respond_to_missing?", "to_jail", "to_s", "instance_variable_get"]
28
- expected.delete('respond_to_missing?') if RUBY_VERSION > '1.9.3' # respond_to_missing? is private in rubies above 1.9.3
27
+ expected = ["class", "method_missing", "methods", "respond_to?", "to_jail", "to_s", "instance_variable_get"]
29
28
  objects.each do |object|
30
29
  assert_equal expected.sort, reject_pretty_methods(object.to_jail.methods.map(&:to_s).sort)
31
30
  end
@@ -2,7 +2,7 @@ require File.join(File.dirname(__FILE__), 'test_helper')
2
2
 
3
3
  class TestSafemodeEval < Test::Unit::TestCase
4
4
  include TestHelper
5
-
5
+
6
6
  def setup
7
7
  @box = Safemode::Box.new
8
8
  @locals = { :article => Article.new }
@@ -18,14 +18,10 @@ class TestSafemodeEval < Test::Unit::TestCase
18
18
  end
19
19
 
20
20
  def test_unary_operators_on_instances_of_boolean_vars
21
- if RUBY_VERSION != "1.8.7"
22
- assert @box.eval('not false')
23
- assert @box.eval('!false')
24
- assert !@box.eval('not true')
25
- assert !@box.eval('!true')
26
- else
27
- p "no unary ops under 1.8.7!"
28
- end
21
+ assert @box.eval('not false')
22
+ assert @box.eval('!false')
23
+ assert !@box.eval('not true')
24
+ assert !@box.eval('!true')
29
25
  end
30
26
 
31
27
  def test_false_class_ops
@@ -55,35 +51,35 @@ class TestSafemodeEval < Test::Unit::TestCase
55
51
  def test_should_turn_assigns_to_jails
56
52
  assert_raise_no_method "@article.system", @assigns
57
53
  end
58
-
54
+
59
55
  def test_should_turn_locals_to_jails
60
56
  assert_raise(Safemode::NoMethodError){ @box.eval "article.system", {}, @locals }
61
57
  end
62
-
58
+
63
59
  def test_should_allow_method_access_on_assigns
64
60
  assert_nothing_raised{ @box.eval "@article.title", @assigns }
65
61
  end
66
-
62
+
67
63
  def test_should_allow_method_access_on_locals
68
64
  assert_nothing_raised{ @box.eval("article.title", {}, @locals) }
69
65
  end
70
-
66
+
71
67
  def test_should_not_raise_on_if_using_return_values
72
68
  assert_nothing_raised{ @box.eval "if @article.is_article? then 1 end", @assigns }
73
69
  end
74
-
70
+
75
71
  def test_should_work_with_if_using_return_values
76
72
  assert_equal @box.eval("if @article.is_article? then 1 end", @assigns), 1
77
73
  end
78
-
74
+
79
75
  def test__FILE__should_not_render_filename
80
76
  assert_equal '(string)', @box.eval("__FILE__")
81
77
  end
82
-
78
+
83
79
  def test_interpolated_xstr_should_raise_security
84
80
  assert_raise_security '"#{`ls -a`}"'
85
- end
86
-
81
+ end
82
+
87
83
  TestHelper.no_method_error_raising_calls.each do |call|
88
84
  call.gsub!('"', '\\\\"')
89
85
  class_eval %Q(
@@ -100,6 +96,6 @@ class TestSafemodeEval < Test::Unit::TestCase
100
96
  assert_raise_security "#{call}", @assigns, @locals
101
97
  end
102
98
  )
103
- end
99
+ end
104
100
 
105
101
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safemode
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.5
4
+ version: 1.3.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sven Fuchs
@@ -13,22 +13,8 @@ authors:
13
13
  autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
- date: 2018-01-18 00:00:00.000000000 Z
16
+ date: 2020-08-31 00:00:00.000000000 Z
17
17
  dependencies:
18
- - !ruby/object:Gem::Dependency
19
- name: sexp_processor
20
- requirement: !ruby/object:Gem::Requirement
21
- requirements:
22
- - - ">="
23
- - !ruby/object:Gem::Version
24
- version: 4.10.0
25
- type: :runtime
26
- prerelease: false
27
- version_requirements: !ruby/object:Gem::Requirement
28
- requirements:
29
- - - ">="
30
- - !ruby/object:Gem::Version
31
- version: 4.10.0
32
18
  - !ruby/object:Gem::Dependency
33
19
  name: ruby2ruby
34
20
  requirement: !ruby/object:Gem::Requirement
@@ -58,33 +44,19 @@ dependencies:
58
44
  - !ruby/object:Gem::Version
59
45
  version: 3.10.1
60
46
  - !ruby/object:Gem::Dependency
61
- name: rdoc
62
- requirement: !ruby/object:Gem::Requirement
63
- requirements:
64
- - - "~>"
65
- - !ruby/object:Gem::Version
66
- version: '3.12'
67
- type: :development
68
- prerelease: false
69
- version_requirements: !ruby/object:Gem::Requirement
70
- requirements:
71
- - - "~>"
72
- - !ruby/object:Gem::Version
73
- version: '3.12'
74
- - !ruby/object:Gem::Dependency
75
- name: bundler
47
+ name: sexp_processor
76
48
  requirement: !ruby/object:Gem::Requirement
77
49
  requirements:
78
- - - "~>"
50
+ - - ">="
79
51
  - !ruby/object:Gem::Version
80
- version: '1.0'
81
- type: :development
52
+ version: 4.10.0
53
+ type: :runtime
82
54
  prerelease: false
83
55
  version_requirements: !ruby/object:Gem::Requirement
84
56
  requirements:
85
- - - "~>"
57
+ - - ">="
86
58
  - !ruby/object:Gem::Version
87
- version: '1.0'
59
+ version: 4.10.0
88
60
  - !ruby/object:Gem::Dependency
89
61
  name: jeweler
90
62
  requirement: !ruby/object:Gem::Requirement
@@ -100,7 +72,7 @@ dependencies:
100
72
  - !ruby/object:Gem::Version
101
73
  version: '0'
102
74
  - !ruby/object:Gem::Dependency
103
- name: rcov
75
+ name: rake
104
76
  requirement: !ruby/object:Gem::Requirement
105
77
  requirements:
106
78
  - - ">="
@@ -114,21 +86,21 @@ dependencies:
114
86
  - !ruby/object:Gem::Version
115
87
  version: '0'
116
88
  - !ruby/object:Gem::Dependency
117
- name: simplecov
89
+ name: rdoc
118
90
  requirement: !ruby/object:Gem::Requirement
119
91
  requirements:
120
- - - ">="
92
+ - - "~>"
121
93
  - !ruby/object:Gem::Version
122
- version: '0'
94
+ version: '3.12'
123
95
  type: :development
124
96
  prerelease: false
125
97
  version_requirements: !ruby/object:Gem::Requirement
126
98
  requirements:
127
- - - ">="
99
+ - - "~>"
128
100
  - !ruby/object:Gem::Version
129
- version: '0'
101
+ version: '3.12'
130
102
  - !ruby/object:Gem::Dependency
131
- name: test-unit
103
+ name: simplecov
132
104
  requirement: !ruby/object:Gem::Requirement
133
105
  requirements:
134
106
  - - ">="
@@ -142,7 +114,7 @@ dependencies:
142
114
  - !ruby/object:Gem::Version
143
115
  version: '0'
144
116
  - !ruby/object:Gem::Dependency
145
- name: rake
117
+ name: test-unit
146
118
  requirement: !ruby/object:Gem::Requirement
147
119
  requirements:
148
120
  - - ">="
@@ -211,7 +183,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
211
183
  version: '0'
212
184
  requirements: []
213
185
  rubyforge_project:
214
- rubygems_version: 2.5.1
186
+ rubygems_version: 2.7.6
215
187
  signing_key:
216
188
  specification_version: 4
217
189
  summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser