sandboxed_erb 0.4.4 → 0.4.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +1 -1
- data/Rakefile +7 -7
- data/VERSION +1 -1
- data/lib/sandboxed_erb/sandbox_methods.rb +5 -4
- data/lib/sandboxed_erb/template.rb +6 -1
- data/sandboxed_erb.gemspec +5 -6
- data/test/test_compile_errors.rb +2 -2
- data/test/test_error_handling.rb +1 -1
- data/test/test_sandboxed_erb.rb +1 -1
- data/test/test_valid_templates.rb +1 -1
- metadata +23 -23
data/Gemfile
CHANGED
data/Rakefile
CHANGED
|
@@ -33,13 +33,13 @@ Rake::TestTask.new(:test) do |test|
|
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
|
|
36
|
-
require 'rcov/rcovtask'
|
|
37
|
-
Rcov::RcovTask.new do |test|
|
|
38
|
-
test.libs << 'test'
|
|
39
|
-
test.pattern = 'test/**/test_*.rb'
|
|
40
|
-
test.verbose = true
|
|
41
|
-
test.rcov_opts << '--exclude "gems/*"'
|
|
42
|
-
end
|
|
36
|
+
#require 'rcov/rcovtask'
|
|
37
|
+
#Rcov::RcovTask.new do |test|
|
|
38
|
+
# test.libs << 'test'
|
|
39
|
+
# test.pattern = 'test/**/test_*.rb'
|
|
40
|
+
# test.verbose = true
|
|
41
|
+
# test.rcov_opts << '--exclude "gems/*"'
|
|
42
|
+
#end
|
|
43
43
|
|
|
44
44
|
task :default => :test
|
|
45
45
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.4.
|
|
1
|
+
0.4.5
|
|
@@ -72,11 +72,12 @@ class Module
|
|
|
72
72
|
def not_sandboxed_methods(include_superclasses = false, allowed_mixins=[], *disallowed_methods)
|
|
73
73
|
|
|
74
74
|
__the_methods_to_check = public_instance_methods(false)
|
|
75
|
+
puts "#{self.name}: direct: #{__the_methods_to_check.inspect}" if $DEBUG
|
|
75
76
|
if include_superclasses
|
|
76
77
|
clz = self.superclass
|
|
77
78
|
while !clz.nil?
|
|
78
|
-
unless clz == Object
|
|
79
|
-
|
|
79
|
+
unless clz == Object || (defined? BasicObject && clz == BasicObject)
|
|
80
|
+
puts "#{self.name}: #{clz.name}: #{clz.public_instance_methods(false).inspect}" if $DEBUG
|
|
80
81
|
__the_methods_to_check += clz.public_instance_methods(false)
|
|
81
82
|
end
|
|
82
83
|
clz = clz.superclass
|
|
@@ -86,7 +87,7 @@ class Module
|
|
|
86
87
|
#we include any mixins
|
|
87
88
|
for m in self.included_modules
|
|
88
89
|
if allowed_mixins.include?(m)
|
|
89
|
-
|
|
90
|
+
puts "#{self.name}: #{m.name}: #{m.public_instance_methods(false).inspect}" if $DEBUG
|
|
90
91
|
__the_methods_to_check += m.public_instance_methods(false)
|
|
91
92
|
end
|
|
92
93
|
end
|
|
@@ -108,7 +109,7 @@ class Module
|
|
|
108
109
|
end
|
|
109
110
|
end
|
|
110
111
|
|
|
111
|
-
|
|
112
|
+
puts "#{self.name}: #{__the_methods_to_check.inspect}" if $DEBUG
|
|
112
113
|
|
|
113
114
|
sandboxed_methods(*__the_methods_to_check)
|
|
114
115
|
|
|
@@ -119,7 +119,12 @@ module SandboxedErb
|
|
|
119
119
|
cmd.push('_erbout')
|
|
120
120
|
|
|
121
121
|
ecompiler.post_cmd = cmd
|
|
122
|
-
ecompiler.compile(str_template)
|
|
122
|
+
e_template = ecompiler.compile(str_template)
|
|
123
|
+
if e_template.class == Array #ruby 1.9 returns an array with the encoding prefixed as a comment on the first line...
|
|
124
|
+
e_template = e_template[0].lines.to_a[1..-1].join
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
e_template
|
|
123
128
|
end
|
|
124
129
|
|
|
125
130
|
def sandbox_code(erb_template) #:nodoc:
|
data/sandboxed_erb.gemspec
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{sandboxed_erb}
|
|
8
|
-
s.version = "0.4.
|
|
8
|
+
s.version = "0.4.5"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["MarkPent"]
|
|
@@ -46,11 +46,10 @@ Gem::Specification.new do |s|
|
|
|
46
46
|
s.homepage = %q{http://github.com/markpent/SandboxedERB}
|
|
47
47
|
s.licenses = ["MIT"]
|
|
48
48
|
s.require_paths = ["lib"]
|
|
49
|
-
s.rubygems_version = %q{1.
|
|
49
|
+
s.rubygems_version = %q{1.5.2}
|
|
50
50
|
s.summary = %q{Run an erb template in a sandbox.}
|
|
51
51
|
|
|
52
52
|
if s.respond_to? :specification_version then
|
|
53
|
-
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
|
54
53
|
s.specification_version = 3
|
|
55
54
|
|
|
56
55
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
|
@@ -59,14 +58,14 @@ Gem::Specification.new do |s|
|
|
|
59
58
|
s.add_development_dependency(%q<shoulda>, [">= 0"])
|
|
60
59
|
s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
|
|
61
60
|
s.add_development_dependency(%q<jeweler>, ["~> 1.6.1"])
|
|
62
|
-
s.add_development_dependency(%q<
|
|
61
|
+
s.add_development_dependency(%q<simplecov>, [">= 0"])
|
|
63
62
|
else
|
|
64
63
|
s.add_dependency(%q<partialruby>, [">= 0.2.0"])
|
|
65
64
|
s.add_dependency(%q<ruby_parser>, [">= 2.0.6"])
|
|
66
65
|
s.add_dependency(%q<shoulda>, [">= 0"])
|
|
67
66
|
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
|
68
67
|
s.add_dependency(%q<jeweler>, ["~> 1.6.1"])
|
|
69
|
-
s.add_dependency(%q<
|
|
68
|
+
s.add_dependency(%q<simplecov>, [">= 0"])
|
|
70
69
|
end
|
|
71
70
|
else
|
|
72
71
|
s.add_dependency(%q<partialruby>, [">= 0.2.0"])
|
|
@@ -74,7 +73,7 @@ Gem::Specification.new do |s|
|
|
|
74
73
|
s.add_dependency(%q<shoulda>, [">= 0"])
|
|
75
74
|
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
|
76
75
|
s.add_dependency(%q<jeweler>, ["~> 1.6.1"])
|
|
77
|
-
s.add_dependency(%q<
|
|
76
|
+
s.add_dependency(%q<simplecov>, [">= 0"])
|
|
78
77
|
end
|
|
79
78
|
end
|
|
80
79
|
|
data/test/test_compile_errors.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require 'helper'
|
|
1
|
+
require File.expand_path('../helper', __FILE__)
|
|
2
2
|
|
|
3
3
|
class TestCompileErrors < Test::Unit::TestCase
|
|
4
4
|
should "report insecure call during compile: global" do
|
|
@@ -137,6 +137,6 @@ class TestCompileErrors < Test::Unit::TestCase
|
|
|
137
137
|
template = SandboxedErb::Template.new
|
|
138
138
|
assert_equal false, template.compile(str_template)
|
|
139
139
|
|
|
140
|
-
assert_match /
|
|
140
|
+
assert_match /line:4: syntax error/, template.get_error
|
|
141
141
|
end
|
|
142
142
|
end
|
data/test/test_error_handling.rb
CHANGED
data/test/test_sandboxed_erb.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sandboxed_erb
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
5
|
-
prerelease:
|
|
4
|
+
hash: 5
|
|
5
|
+
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 4
|
|
9
|
-
-
|
|
10
|
-
version: 0.4.
|
|
9
|
+
- 5
|
|
10
|
+
version: 0.4.5
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- MarkPent
|
|
@@ -20,8 +20,7 @@ default_executable:
|
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|
|
22
22
|
prerelease: false
|
|
23
|
-
|
|
24
|
-
version_requirements: &id001 !ruby/object:Gem::Requirement
|
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
25
24
|
none: false
|
|
26
25
|
requirements:
|
|
27
26
|
- - ">="
|
|
@@ -32,12 +31,12 @@ dependencies:
|
|
|
32
31
|
- 2
|
|
33
32
|
- 0
|
|
34
33
|
version: 0.2.0
|
|
35
|
-
|
|
34
|
+
name: partialruby
|
|
36
35
|
type: :runtime
|
|
36
|
+
version_requirements: *id001
|
|
37
37
|
- !ruby/object:Gem::Dependency
|
|
38
38
|
prerelease: false
|
|
39
|
-
|
|
40
|
-
version_requirements: &id002 !ruby/object:Gem::Requirement
|
|
39
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
|
41
40
|
none: false
|
|
42
41
|
requirements:
|
|
43
42
|
- - ">="
|
|
@@ -48,12 +47,12 @@ dependencies:
|
|
|
48
47
|
- 0
|
|
49
48
|
- 6
|
|
50
49
|
version: 2.0.6
|
|
51
|
-
|
|
50
|
+
name: ruby_parser
|
|
52
51
|
type: :runtime
|
|
52
|
+
version_requirements: *id002
|
|
53
53
|
- !ruby/object:Gem::Dependency
|
|
54
54
|
prerelease: false
|
|
55
|
-
|
|
56
|
-
version_requirements: &id003 !ruby/object:Gem::Requirement
|
|
55
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
|
57
56
|
none: false
|
|
58
57
|
requirements:
|
|
59
58
|
- - ">="
|
|
@@ -62,12 +61,12 @@ dependencies:
|
|
|
62
61
|
segments:
|
|
63
62
|
- 0
|
|
64
63
|
version: "0"
|
|
65
|
-
|
|
64
|
+
name: shoulda
|
|
66
65
|
type: :development
|
|
66
|
+
version_requirements: *id003
|
|
67
67
|
- !ruby/object:Gem::Dependency
|
|
68
68
|
prerelease: false
|
|
69
|
-
|
|
70
|
-
version_requirements: &id004 !ruby/object:Gem::Requirement
|
|
69
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
|
71
70
|
none: false
|
|
72
71
|
requirements:
|
|
73
72
|
- - ~>
|
|
@@ -78,12 +77,12 @@ dependencies:
|
|
|
78
77
|
- 0
|
|
79
78
|
- 0
|
|
80
79
|
version: 1.0.0
|
|
81
|
-
|
|
80
|
+
name: bundler
|
|
82
81
|
type: :development
|
|
82
|
+
version_requirements: *id004
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
prerelease: false
|
|
85
|
-
|
|
86
|
-
version_requirements: &id005 !ruby/object:Gem::Requirement
|
|
85
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
|
87
86
|
none: false
|
|
88
87
|
requirements:
|
|
89
88
|
- - ~>
|
|
@@ -94,12 +93,12 @@ dependencies:
|
|
|
94
93
|
- 6
|
|
95
94
|
- 1
|
|
96
95
|
version: 1.6.1
|
|
97
|
-
|
|
96
|
+
name: jeweler
|
|
98
97
|
type: :development
|
|
98
|
+
version_requirements: *id005
|
|
99
99
|
- !ruby/object:Gem::Dependency
|
|
100
100
|
prerelease: false
|
|
101
|
-
|
|
102
|
-
version_requirements: &id006 !ruby/object:Gem::Requirement
|
|
101
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
|
103
102
|
none: false
|
|
104
103
|
requirements:
|
|
105
104
|
- - ">="
|
|
@@ -108,8 +107,9 @@ dependencies:
|
|
|
108
107
|
segments:
|
|
109
108
|
- 0
|
|
110
109
|
version: "0"
|
|
111
|
-
|
|
110
|
+
name: simplecov
|
|
112
111
|
type: :development
|
|
112
|
+
version_requirements: *id006
|
|
113
113
|
description: Run erb templates safely within a sandbox.
|
|
114
114
|
email: mark.pent@gmail.com
|
|
115
115
|
executables: []
|
|
@@ -175,7 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
175
175
|
requirements: []
|
|
176
176
|
|
|
177
177
|
rubyforge_project:
|
|
178
|
-
rubygems_version: 1.
|
|
178
|
+
rubygems_version: 1.5.2
|
|
179
179
|
signing_key:
|
|
180
180
|
specification_version: 3
|
|
181
181
|
summary: Run an erb template in a sandbox.
|