sandboxed_erb 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.3.0
1
+ 0.4.0
@@ -69,24 +69,50 @@ class Module
69
69
  # "this is NOT ok to call"
70
70
  # end
71
71
  # end
72
- def not_sandboxed_methods(include_superclasses = false, *disallowed_methods)
72
+ def not_sandboxed_methods(include_superclasses = false, allowed_mixins=[], *disallowed_methods)
73
73
 
74
74
  __the_methods_to_check = public_instance_methods(false)
75
75
  if include_superclasses
76
76
  clz = self.superclass
77
77
  while !clz.nil?
78
78
  unless clz == Object
79
+ puts "#{self.name}: #{clz.name}: #{clz.public_instance_methods(false).inspect}"
79
80
  __the_methods_to_check += clz.public_instance_methods(false)
80
81
  end
81
82
  clz = clz.superclass
82
83
  end
84
+
85
+ if allowed_mixins.length > 0
86
+ #we include any mixins
87
+ for m in self.included_modules
88
+ if allowed_mixins.include?(m)
89
+ puts "#{self.name}: #{m.name}: #{m.public_instance_methods(false).inspect}"
90
+ __the_methods_to_check += m.public_instance_methods(false)
91
+ end
92
+ end
93
+ end
83
94
  end
84
95
 
85
96
 
86
97
  __the_methods_to_check.uniq!
87
98
 
99
+ unless disallowed_methods.nil? || disallowed_methods.length == 0
100
+ not_bang = false
101
+ if disallowed_methods.include?(:bang_methods) #just remove all xxx! methods that modify in place
102
+ __the_methods_to_check.reject! { |meth| meth.to_s[-1, 1] == "!"}
103
+ not_bang = true
104
+ end
105
+ unless not_bang || disallowed_methods.length > 1
106
+ __the_methods_to_check.reject! { |meth| disallowed_methods.include?(meth)}
107
+ end
108
+ end
109
+
110
+ puts "#{self.name}: #{__the_methods_to_check.inspect}"
111
+
88
112
  sandboxed_methods(*__the_methods_to_check)
89
113
 
114
+
115
+
90
116
  end
91
117
 
92
118
  end
@@ -21,17 +21,32 @@ along with shikashi. if not, see <http://www.gnu.org/licenses/>.
21
21
 
22
22
 
23
23
  #add sandboxed method to basic inbuilt objects
24
-
25
- String.not_sandboxed_methods true
26
- Fixnum.not_sandboxed_methods true
27
- Float.not_sandboxed_methods true
28
- Range.not_sandboxed_methods true
29
- Symbol.not_sandboxed_methods true
30
- Time.not_sandboxed_methods true
31
- Date.not_sandboxed_methods true
32
- DateTime.not_sandboxed_methods true
33
- NilClass.not_sandboxed_methods true
34
- Array.not_sandboxed_methods true
35
- Hash.not_sandboxed_methods true
36
- FalseClass.not_sandboxed_methods true
37
- TrueClass.not_sandboxed_methods true
24
+ if defined? ActiveSupport
25
+ String.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::String::Iterators,ActiveSupport::CoreExtensions::String::StartsEndsWith, ActiveSupport::CoreExtensions::String::Inflections, ActiveSupport::CoreExtensions::String::Conversions, Comparable, Enumerable], :bang_methods
26
+ Fixnum.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Integer::Inflections, ActiveSupport::CoreExtensions::Integer::EvenOdd,ActiveSupport::CoreExtensions::Numeric::Bytes, ActiveSupport::CoreExtensions::Numeric::Time, Comparable], :bang_methods
27
+ Float.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Numeric::Bytes, ActiveSupport::CoreExtensions::Numeric::Time, Comparable], :bang_methods
28
+ Range.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Range::Conversions, Enumerable], :bang_methods
29
+ Symbol.not_sandboxed_methods true
30
+ Time.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Time::Conversions, ActiveSupport::CoreExtensions::Time::Calculations, Comparable], :bang_methods
31
+ Date.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Date::Conversions, Comparable], :bang_methods
32
+ DateTime.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Date::Conversions, Comparable], :bang_methods
33
+ NilClass.not_sandboxed_methods true
34
+ Array.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Array::Grouping, ActiveSupport::CoreExtensions::Array::Conversions, Enumerable], :bang_methods
35
+ Hash.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Hash::Diff, ActiveSupport::CoreExtensions::Hash::Conversions, ActiveSupport::CoreExtensions::Hash::ReverseMerge, ActiveSupport::CoreExtensions::Hash::IndifferentAccess, ActiveSupport::CoreExtensions::Hash::Keys, Enumerable], :bang_methods
36
+ FalseClass.not_sandboxed_methods true
37
+ TrueClass.not_sandboxed_methods true
38
+ else
39
+ String.not_sandboxed_methods true, [Comparable, Enumerable], :bang_methods
40
+ Fixnum.not_sandboxed_methods true, [Comparable], :bang_methods
41
+ Float.not_sandboxed_methods true, [Comparable], :bang_methods
42
+ Range.not_sandboxed_methods true, [Enumerable], :bang_methods
43
+ Symbol.not_sandboxed_methods true
44
+ Time.not_sandboxed_methods true, [Comparable], :bang_methods
45
+ Date.not_sandboxed_methods true, [Comparable], :bang_methods
46
+ DateTime.not_sandboxed_methods true, [Comparable], :bang_methods
47
+ NilClass.not_sandboxed_methods true
48
+ Array.not_sandboxed_methods true, [Enumerable], :bang_methods
49
+ Hash.not_sandboxed_methods true, [Enumerable], :bang_methods
50
+ FalseClass.not_sandboxed_methods true
51
+ TrueClass.not_sandboxed_methods true
52
+ end
@@ -152,7 +152,7 @@ module SandboxedErb
152
152
 
153
153
  #allowed
154
154
 
155
- [[:block, true],[:lasgn, true],[:arglist, true],[:str, true],[:dstr, true],[:evstr, true],[:lit, true],[:lvar, true],[:for, true], [:while, true], [:do, true], [:if, true], [:case, true], [:when, true], [:array, true], [:hash, true]].each { |action, add_line_number|
155
+ [[:block, true],[:lasgn, true],[:arglist, true],[:str, true],[:dstr, true],[:evstr, true],[:lit, true],[:lvar, true],[:for, true], [:while, true], [:do, true], [:if, true], [:case, true], [:when, true], [:array, true], [:hash, true],[:iter, true]].each { |action, add_line_number|
156
156
  if add_line_number
157
157
  define_method "process_#{action}".intern do |tree|
158
158
  puts tree.inspect if $DEBUG
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{sandboxed_erb}
8
- s.version = "0.3.0"
8
+ s.version = "0.4.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["MarkPent"]
12
- s.date = %q{2011-06-05}
12
+ s.date = %q{2012-03-19}
13
13
  s.description = %q{Run erb templates safely within a sandbox.}
14
14
  s.email = %q{mark.pent@gmail.com}
15
15
  s.extra_rdoc_files = [
@@ -46,7 +46,7 @@ Gem::Specification.new do |s|
46
46
  s.homepage = %q{http://github.com/markpent/SandboxedERB}
47
47
  s.licenses = ["MIT"]
48
48
  s.require_paths = ["lib"]
49
- s.rubygems_version = %q{1.7.2}
49
+ s.rubygems_version = %q{1.5.2}
50
50
  s.summary = %q{Run an erb template in a sandbox.}
51
51
 
52
52
  if s.respond_to? :specification_version then
@@ -49,11 +49,11 @@ class TestSandboxedErb < Test::Unit::TestCase
49
49
  end
50
50
 
51
51
  tc = TestClass.new
52
- assert_equal "A", tc._sbm(:ok_to_call)
52
+ assert_equal "A", tc._sbm(:ok_to_call, {})
53
53
 
54
54
 
55
55
  assert_raise(SandboxedErb::MissingMethodError) {
56
- tc._sbm(:not_ok_to_call).to_s
56
+ tc._sbm(:not_ok_to_call, {}).to_s
57
57
  }
58
58
 
59
59
  end
@@ -130,6 +130,23 @@ class TestSandboxedErb < Test::Unit::TestCase
130
130
  assert_equal "Error on line 1: Unknown method '__send__' on object 'TestSandboxedErb::TestObject'", template.get_error
131
131
  end
132
132
 
133
+ should "not be able to call bang methods on system classes" do
134
+ str_template = "test=<%=[1,2,3].reject!{ |i| i==2} %>"
135
+
136
+ class TestObject
137
+ sandboxed_methods :valid_method
138
+ def valid_method
139
+ "ABC"
140
+ end
141
+ end
142
+
143
+ template = SandboxedErb::Template.new
144
+ assert_equal true, template.compile(str_template), template.get_error
145
+ assert_equal nil, template.run(nil, {:test_object=>TestObject.new})
146
+
147
+ assert_equal "Error on line 1: Unknown method 'reject!' on object 'Array'", template.get_error
148
+ end
149
+
133
150
 
134
151
  should "not be able to call Object methods on literal values" do
135
152
  str_template = "test=<%=2.__send__(:object_id)%>"
@@ -158,7 +175,6 @@ class TestSandboxedErb < Test::Unit::TestCase
158
175
  assert_equal "Error on line 1: Unknown method 'valid_method=' on object 'TestSandboxedErb::TestObject'", template.get_error
159
176
  end
160
177
 
161
-
162
178
  should "allow mixins" do
163
179
 
164
180
  module MixinTest
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sandboxed_erb
3
3
  version: !ruby/object:Gem::Version
4
- hash: 19
4
+ hash: 15
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
- - 3
8
+ - 4
9
9
  - 0
10
- version: 0.3.0
10
+ version: 0.4.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - MarkPent
@@ -15,9 +15,11 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-06-05 00:00:00 Z
18
+ date: 2012-03-19 00:00:00 +10:00
19
+ default_executable:
19
20
  dependencies:
20
21
  - !ruby/object:Gem::Dependency
22
+ prerelease: false
21
23
  requirement: &id001 !ruby/object:Gem::Requirement
22
24
  none: false
23
25
  requirements:
@@ -29,11 +31,11 @@ dependencies:
29
31
  - 2
30
32
  - 0
31
33
  version: 0.2.0
32
- version_requirements: *id001
33
34
  name: partialruby
34
- prerelease: false
35
35
  type: :runtime
36
+ version_requirements: *id001
36
37
  - !ruby/object:Gem::Dependency
38
+ prerelease: false
37
39
  requirement: &id002 !ruby/object:Gem::Requirement
38
40
  none: false
39
41
  requirements:
@@ -45,11 +47,11 @@ dependencies:
45
47
  - 0
46
48
  - 6
47
49
  version: 2.0.6
48
- version_requirements: *id002
49
50
  name: ruby_parser
50
- prerelease: false
51
51
  type: :runtime
52
+ version_requirements: *id002
52
53
  - !ruby/object:Gem::Dependency
54
+ prerelease: false
53
55
  requirement: &id003 !ruby/object:Gem::Requirement
54
56
  none: false
55
57
  requirements:
@@ -59,11 +61,11 @@ dependencies:
59
61
  segments:
60
62
  - 0
61
63
  version: "0"
62
- version_requirements: *id003
63
64
  name: shoulda
64
- prerelease: false
65
65
  type: :development
66
+ version_requirements: *id003
66
67
  - !ruby/object:Gem::Dependency
68
+ prerelease: false
67
69
  requirement: &id004 !ruby/object:Gem::Requirement
68
70
  none: false
69
71
  requirements:
@@ -75,11 +77,11 @@ dependencies:
75
77
  - 0
76
78
  - 0
77
79
  version: 1.0.0
78
- version_requirements: *id004
79
80
  name: bundler
80
- prerelease: false
81
81
  type: :development
82
+ version_requirements: *id004
82
83
  - !ruby/object:Gem::Dependency
84
+ prerelease: false
83
85
  requirement: &id005 !ruby/object:Gem::Requirement
84
86
  none: false
85
87
  requirements:
@@ -91,11 +93,11 @@ dependencies:
91
93
  - 6
92
94
  - 1
93
95
  version: 1.6.1
94
- version_requirements: *id005
95
96
  name: jeweler
96
- prerelease: false
97
97
  type: :development
98
+ version_requirements: *id005
98
99
  - !ruby/object:Gem::Dependency
100
+ prerelease: false
99
101
  requirement: &id006 !ruby/object:Gem::Requirement
100
102
  none: false
101
103
  requirements:
@@ -105,10 +107,9 @@ dependencies:
105
107
  segments:
106
108
  - 0
107
109
  version: "0"
108
- version_requirements: *id006
109
110
  name: rcov
110
- prerelease: false
111
111
  type: :development
112
+ version_requirements: *id006
112
113
  description: Run erb templates safely within a sandbox.
113
114
  email: mark.pent@gmail.com
114
115
  executables: []
@@ -144,6 +145,7 @@ files:
144
145
  - test/test_error_handling.rb
145
146
  - test/test_sandboxed_erb.rb
146
147
  - test/test_valid_templates.rb
148
+ has_rdoc: true
147
149
  homepage: http://github.com/markpent/SandboxedERB
148
150
  licenses:
149
151
  - MIT
@@ -173,7 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
173
175
  requirements: []
174
176
 
175
177
  rubyforge_project:
176
- rubygems_version: 1.7.2
178
+ rubygems_version: 1.5.2
177
179
  signing_key:
178
180
  specification_version: 3
179
181
  summary: Run an erb template in a sandbox.