safemode 1.3.6 → 1.3.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/{LICENCSE → LICENSE} +0 -0
- data/Rakefile +2 -1
- data/lib/safemode/blankslate.rb +1 -1
- data/lib/safemode/core_jails.rb +2 -2
- data/safemode.gemspec +6 -6
- data/test/test_helper.rb +16 -1
- data/test/test_jail.rb +11 -1
- metadata +9 -10
- data/.travis.yml +0 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9bdba4c6031653f1249ce8730385b47d60e917bd089809dfb405612c9a5200d4
|
|
4
|
+
data.tar.gz: a36f91fec355baf6e0f89c8354f538cfeea2fa6f2838ba6de1416f51d832af9c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 20b1b1ef4ab2a9b8ac59d281688e118d264bc96f2b2fe0dec48aa3b4ce0c4fdcf0e1612d47a958f0434e5f155219372dc485b32be807bf7b40593ff2a1bc198e
|
|
7
|
+
data.tar.gz: 33c6602e612d265c4fb227de48ac6f204eb6d473bf35027b181335227584331a80b6fb57e424e5d7c658e3179296505c6800aa0a3a294f33a0e4efc44ac5518a
|
data/{LICENCSE → LICENSE}
RENAMED
|
File without changes
|
data/Rakefile
CHANGED
|
@@ -23,7 +23,7 @@ require 'jeweler'
|
|
|
23
23
|
Jeweler::Tasks.new do |gem|
|
|
24
24
|
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
|
25
25
|
gem.name = "safemode"
|
|
26
|
-
gem.homepage = "
|
|
26
|
+
gem.homepage = "https://github.com/svenfuchs/safemode"
|
|
27
27
|
gem.license = "MIT"
|
|
28
28
|
gem.summary = %Q{A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby}
|
|
29
29
|
gem.description = %Q{A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.}
|
|
@@ -36,6 +36,7 @@ Jeweler::Tasks.new do |gem|
|
|
|
36
36
|
"Ohad Levy",
|
|
37
37
|
"Dmitri Dolguikh",
|
|
38
38
|
]
|
|
39
|
+
gem.files.exclude '.travis.yml'
|
|
39
40
|
# dependencies defined in Gemfile
|
|
40
41
|
end
|
|
41
42
|
Jeweler::RubygemsDotOrgTasks.new
|
data/lib/safemode/blankslate.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module Safemode
|
|
2
2
|
class Blankslate
|
|
3
3
|
@@allow_instance_methods = ['class', 'methods', 'respond_to?', 'respond_to_missing?', 'to_s', 'instance_variable_get']
|
|
4
|
-
@@allow_class_methods = ['methods', 'new', 'name', '<', 'ancestors', '=='] # < needed in Rails Object#subclasses_of
|
|
4
|
+
@@allow_class_methods = ['singleton_class?', 'methods', 'new', 'name', '<', 'ancestors', '=='] # < needed in Rails Object#subclasses_of
|
|
5
5
|
if defined?(JRUBY_VERSION)
|
|
6
6
|
# JRuby seems to silently fail to remove method_missing
|
|
7
7
|
# (also see https://github.com/jruby/jruby/blob/9.1.7.0/core/src/main/java/org/jruby/RubyModule.java#L1109)
|
data/lib/safemode/core_jails.rb
CHANGED
|
@@ -48,7 +48,7 @@ module Safemode
|
|
|
48
48
|
'Array' => %w(any? assoc at blank? collect collect! compact compact!
|
|
49
49
|
concat delete delete_at delete_if each each_index empty?
|
|
50
50
|
fetch fill first flatten flatten! hash include? index
|
|
51
|
-
indexes indices inject insert join last length map map!
|
|
51
|
+
indexes indices inject insert join last length map map! max min
|
|
52
52
|
nitems pop push present? rassoc reject reject! reverse
|
|
53
53
|
reverse! reverse_each rindex select shift size slice
|
|
54
54
|
slice! sort sort! transpose to_sentence uniq uniq! unshift
|
|
@@ -70,7 +70,7 @@ module Safemode
|
|
|
70
70
|
to_int to_s truncate zero?),
|
|
71
71
|
|
|
72
72
|
'Hash' => %w(any? blank? clear delete delete_if each each_key
|
|
73
|
-
each_pair each_value empty? fetch has_key? has_value?
|
|
73
|
+
each_pair each_value empty? fetch dig has_key? has_value?
|
|
74
74
|
include? index invert key? keys length member? merge merge!
|
|
75
75
|
present? rec_merge! rehash reject reject! select shift
|
|
76
76
|
size sort store update value? values values_at),
|
data/safemode.gemspec
CHANGED
|
@@ -2,25 +2,25 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: safemode 1.3.
|
|
5
|
+
# stub: safemode 1.3.7 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "safemode".freeze
|
|
9
|
-
s.version = "1.3.
|
|
9
|
+
s.version = "1.3.7"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib".freeze]
|
|
13
13
|
s.authors = ["Sven Fuchs".freeze, "Peter Cooper".freeze, "Matthias Viehweger".freeze, "Kingsley Hendrickse".freeze, "Ohad Levy".freeze, "Dmitri Dolguikh".freeze]
|
|
14
|
-
s.date = "
|
|
14
|
+
s.date = "2022-04-26"
|
|
15
15
|
s.description = "A library for safe evaluation of Ruby code based on RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.".freeze
|
|
16
16
|
s.email = "ohadlevy@gmail.com".freeze
|
|
17
17
|
s.extra_rdoc_files = [
|
|
18
|
+
"LICENSE",
|
|
18
19
|
"README.markdown"
|
|
19
20
|
]
|
|
20
21
|
s.files = [
|
|
21
|
-
".travis.yml",
|
|
22
22
|
"Gemfile",
|
|
23
|
-
"
|
|
23
|
+
"LICENSE",
|
|
24
24
|
"README.markdown",
|
|
25
25
|
"Rakefile",
|
|
26
26
|
"VERSION",
|
|
@@ -47,7 +47,7 @@ Gem::Specification.new do |s|
|
|
|
47
47
|
"test/test_safemode_eval.rb",
|
|
48
48
|
"test/test_safemode_parser.rb"
|
|
49
49
|
]
|
|
50
|
-
s.homepage = "
|
|
50
|
+
s.homepage = "https://github.com/svenfuchs/safemode".freeze
|
|
51
51
|
s.licenses = ["MIT".freeze]
|
|
52
52
|
s.rubygems_version = "2.7.6".freeze
|
|
53
53
|
s.summary = "A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby".freeze
|
data/test/test_helper.rb
CHANGED
|
@@ -155,6 +155,21 @@ class Article::ExtendedJail < Article::Jail
|
|
|
155
155
|
end
|
|
156
156
|
|
|
157
157
|
class Comment::Jail < Safemode::Jail
|
|
158
|
-
allow :article, :text
|
|
158
|
+
allow :article, :text, :object_id
|
|
159
159
|
allow_class_method :all
|
|
160
160
|
end
|
|
161
|
+
|
|
162
|
+
class ExtendedComment < Comment
|
|
163
|
+
def extended_text
|
|
164
|
+
"extended comment #{object_id}"
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
def to_jail
|
|
168
|
+
ExtendedComment::Jail.new self
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
class Jail < Comment::Jail
|
|
172
|
+
allow :extended_text
|
|
173
|
+
end
|
|
174
|
+
end
|
|
175
|
+
|
data/test/test_jail.rb
CHANGED
|
@@ -5,6 +5,7 @@ class TestJail < Test::Unit::TestCase
|
|
|
5
5
|
@article = Article.new.to_jail
|
|
6
6
|
@comment = @article.comments.first
|
|
7
7
|
@comment_class = Comment.to_jail
|
|
8
|
+
@extended_comment = ExtendedComment.new(@article).to_jail
|
|
8
9
|
end
|
|
9
10
|
|
|
10
11
|
def test_explicitly_allowed_instance_methods_should_be_accessible
|
|
@@ -36,7 +37,8 @@ class TestJail < Test::Unit::TestCase
|
|
|
36
37
|
"allow_instance_method", "allow_class_method", "allowed_instance_method?",
|
|
37
38
|
"allowed_class_method?", "allowed_instance_methods", "allowed_class_methods",
|
|
38
39
|
"<", # < needed in Rails Object#subclasses_of
|
|
39
|
-
"ancestors", "=="
|
|
40
|
+
"ancestors", "==", # ancestors and == needed in Rails::Generator::Spec#lookup_class
|
|
41
|
+
"singleton_class?" ]
|
|
40
42
|
|
|
41
43
|
if defined?(JRUBY_VERSION)
|
|
42
44
|
(expected << ['method_missing', 'singleton_method_undefined', 'singleton_method_added']).flatten! # needed for running under jruby
|
|
@@ -56,6 +58,14 @@ class TestJail < Test::Unit::TestCase
|
|
|
56
58
|
assert !@article.respond_to?(:bogus)
|
|
57
59
|
end
|
|
58
60
|
|
|
61
|
+
def test_methodcall_comment
|
|
62
|
+
assert_equal "comment #{@comment.object_id}", @comment.text
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def test_methodcall_extended_comment
|
|
66
|
+
assert_equal "extended comment #{@extended_comment.object_id}", @extended_comment.extended_text
|
|
67
|
+
end
|
|
68
|
+
|
|
59
69
|
private
|
|
60
70
|
|
|
61
71
|
def objects
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: safemode
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sven Fuchs
|
|
@@ -10,10 +10,10 @@ authors:
|
|
|
10
10
|
- Kingsley Hendrickse
|
|
11
11
|
- Ohad Levy
|
|
12
12
|
- Dmitri Dolguikh
|
|
13
|
-
autorequire:
|
|
13
|
+
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date:
|
|
16
|
+
date: 2022-04-26 00:00:00.000000000 Z
|
|
17
17
|
dependencies:
|
|
18
18
|
- !ruby/object:Gem::Dependency
|
|
19
19
|
name: ruby2ruby
|
|
@@ -133,11 +133,11 @@ email: ohadlevy@gmail.com
|
|
|
133
133
|
executables: []
|
|
134
134
|
extensions: []
|
|
135
135
|
extra_rdoc_files:
|
|
136
|
+
- LICENSE
|
|
136
137
|
- README.markdown
|
|
137
138
|
files:
|
|
138
|
-
- ".travis.yml"
|
|
139
139
|
- Gemfile
|
|
140
|
-
-
|
|
140
|
+
- LICENSE
|
|
141
141
|
- README.markdown
|
|
142
142
|
- Rakefile
|
|
143
143
|
- VERSION
|
|
@@ -163,11 +163,11 @@ files:
|
|
|
163
163
|
- test/test_jail.rb
|
|
164
164
|
- test/test_safemode_eval.rb
|
|
165
165
|
- test/test_safemode_parser.rb
|
|
166
|
-
homepage:
|
|
166
|
+
homepage: https://github.com/svenfuchs/safemode
|
|
167
167
|
licenses:
|
|
168
168
|
- MIT
|
|
169
169
|
metadata: {}
|
|
170
|
-
post_install_message:
|
|
170
|
+
post_install_message:
|
|
171
171
|
rdoc_options: []
|
|
172
172
|
require_paths:
|
|
173
173
|
- lib
|
|
@@ -182,9 +182,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
182
182
|
- !ruby/object:Gem::Version
|
|
183
183
|
version: '0'
|
|
184
184
|
requirements: []
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
signing_key:
|
|
185
|
+
rubygems_version: 3.0.3
|
|
186
|
+
signing_key:
|
|
188
187
|
specification_version: 4
|
|
189
188
|
summary: A library for safe evaluation of Ruby code based on ParseTree/RubyParser
|
|
190
189
|
and Ruby2Ruby
|