sandboxed 0.0.1

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+Copyright (c) 2011 Michael Klaus
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/lib/sandboxed.rb

@@ -0,0 +1,45 @@
+require 'sandboxed/compat'
+require 'sandboxed/proc'
+require 'sandboxed/fiber'
+
+module Kernel
+
+  # initialize worker fiber for sandboxed execution
+  SAFE_FIBER = Fiber.new do |msg|
+    while true
+      obj, m, args, block = msg
+      begin
+        msg = Fiber.yield(block ? obj.send(m, *args, &block) : obj.send(m, *args))
+      rescue Exception => e
+        msg = Fiber.yield(e)
+      end
+    end
+  end.freeze
+
+  def safe(*args, &block)
+    opts = args.last.is_a?(Hash) ? args.pop : {}
+    level = opts.delete(:level) || 4
+    ctx = opts.delete(:context) || eval('self', block.binding) # rebind to actual declaring object
+    args << opts unless opts.empty? # be nicer about passed in hashes
+
+    bound = block.bind(ctx) # TODO 1.8 compat is missing out here. How to?
+    Fiber.new do |l, c, b, a|
+      $SAFE = l
+      b.call *a
+    end.resume(level, ctx, bound, args)
+  end
+
+  def safe_method(*ms)
+    ms.each do |m|
+      safe_m = :"#{m}__safe_"
+      alias_method safe_m, m
+      define_method m do |*args, &block|
+        result = SAFE_FIBER.resume([self, safe_m, args, block])
+        result.is_a?(Exception) ? throw(result) : result  # TODO find a better way
+      end
+    end
+  end
+
+end
+
+

data/lib/sandboxed/compat.rb

@@ -0,0 +1,5 @@
+module Kernel
+  unless method_defined?(:untrust)
+    alias untrust taint
+  end
+end

data/lib/sandboxed/fiber.rb

@@ -0,0 +1,73 @@
+# Poor Man's Fiber (API compatible Thread based Fiber implementation for Ruby 1.8)
+# (c) 2008 Aman Gupta (tmm1)
+
+unless defined? Fiber
+  require 'thread'
+
+  class FiberError < StandardError; end
+
+  class Fiber
+    def initialize
+      raise ArgumentError, 'new Fiber requires a block' unless block_given?
+
+      @yield = Queue.new
+      @resume = Queue.new
+
+      @thread = Thread.new{ @yield.push [yield(*@resume.pop)] }
+      @thread.abort_on_exception = true
+      @thread[:fiber] = self
+    end
+    attr_reader :thread
+
+    def resume *args
+      raise FiberError, 'dead fiber called' unless @thread.alive?
+      @resume.push(args)
+      result = @yield.pop
+      result.size > 1 ? result : result.first
+    end
+    
+    def yield *args
+      @yield.push(args)
+      result = @resume.pop
+      result.size > 1 ? result : result.first
+    end
+    
+    def self.yield *args
+      raise FiberError, "can't yield from root fiber" unless fiber = Thread.current[:fiber]
+      fiber.yield(*args)
+    end
+
+    def self.current
+      Thread.current[:fiber] or raise FiberError, 'not inside a fiber'
+    end
+
+    def inspect
+      "#<#{self.class}:0x#{self.object_id.to_s(16)}>"
+    end
+  end
+end
+
+if __FILE__ == $0
+  f = Fiber.new{ puts 'hi'; p Fiber.yield(1); puts 'bye'; :done }
+  p f.resume
+  p f.resume(2)
+end
+
+__END__
+
+$ ruby fbr.rb
+hi
+1
+2
+bye
+:done
+
+$ ruby1.9 fbr.rb
+hi
+1
+2
+bye
+:done
+
+
+

data/lib/sandboxed/proc.rb

@@ -0,0 +1,17 @@
+unless Proc.method_defined?(:bind)
+
+  # copied from active_support proc.h to reduce dependencies
+  class Proc
+    def bind(object)
+      block, time = self, Time.now
+      class << object; self; end.class_eval do
+        method_name = "__bind_#{time.to_i}_#{time.usec}"
+        define_method(method_name, &block)
+        method = instance_method(method_name)
+        remove_method(method_name)
+        method
+      end.bind(object)
+    end
+  end
+end
+

data/lib/sandboxed/version.rb

@@ -0,0 +1,3 @@
+module Sandboxed
+  VERSION = "0.0.1"
+end

data/spec/sandboxed_spec.rb

@@ -0,0 +1,64 @@
+require 'sandboxed'
+
+class Ctx
+  attr_reader :log
+  def initialize
+    @log = []
+  end
+
+  def internal_log(text)
+    @log << text
+  end
+
+  def sandbox_log(text)
+    @log << text
+  end
+  safe_method :sandbox_log
+end
+
+describe Kernel do
+  describe "#safe" do
+    it "should use :level => 4 as default" do
+      safe { $SAFE }.should == 4
+    end
+    it "should execute safe operations" do
+      safe { 2 + 2 }.should == 4
+    end
+    it "should not execute unsafe operations" do
+      lambda{ safe{puts 'foo'} }.should raise_error SecurityError
+    end
+    it "should allow access depending on the :level" do
+      lambda{ safe(:level => 0){'foo'.taint} }.should_not raise_error SecurityError
+    end
+    it "should execute on the context object" do
+      safe(:context => 'foo'){ reverse }.should == 'oof'
+    end
+    it "should pass in safe local variables" do
+      arr = [].untrust
+      safe(arr){ |a| a << 'foo'}.should == ['foo']
+      arr.should == ['foo']
+    end
+    it "should pass in unsafe local variables" do
+      arr = []
+      lambda{ safe(arr){|a| a << 'foo'} }.should raise_error SecurityError
+      arr.should == []
+    end
+    it "should pass in hash local variables and options" do
+      safe(:from => 2, :len => 3, :context => 'foobar'){ |h| self[h[:from],h[:len]] }.should == 'oba'
+    end
+  end
+
+  describe "#safe_method" do
+    before(:each) do
+      @ctx = Ctx.new
+    end
+
+    it "should not execute unsafe methods" do
+      lambda{ safe(:context => @ctx){internal_log 'foo'} }.should raise_error SecurityError
+    end
+    it "should execute safe methods" do
+      safe(:context => @ctx){sandbox_log 'foo'}.should == ['foo']
+    end  
+  end
+
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification 
+name: sandboxed
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Michael Klaus
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-04-11 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+description: Execute code blocks in a $SAFE environment.
+email: 
+- Michael.Klaus@gmx.net
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/sandboxed.rb
+- lib/sandboxed/compat.rb
+- lib/sandboxed/version.rb
+- lib/sandboxed/proc.rb
+- lib/sandboxed/fiber.rb
+- spec/sandboxed_spec.rb
+- LICENSE
+- Gemfile
+has_rdoc: true
+homepage: http://github.com/QaDeS/sandboxed
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 1
+      - 3
+      - 6
+      version: 1.3.6
+requirements: []
+
+rubyforge_project: sandboxed
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: A ruby execution sandbox
+test_files: []
+