sandboxed_erb 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/lib/sandboxed_erb/sandbox_methods.rb +27 -1
- data/lib/sandboxed_erb/system_mixins.rb +29 -14
- data/lib/sandboxed_erb/tree_processor.rb +1 -1
- data/sandboxed_erb.gemspec +3 -3
- data/test/test_sandboxed_erb.rb +19 -3
- metadata +19 -17
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.
|
1
|
+
0.4.0
|
@@ -69,24 +69,50 @@ class Module
|
|
69
69
|
# "this is NOT ok to call"
|
70
70
|
# end
|
71
71
|
# end
|
72
|
-
def not_sandboxed_methods(include_superclasses = false, *disallowed_methods)
|
72
|
+
def not_sandboxed_methods(include_superclasses = false, allowed_mixins=[], *disallowed_methods)
|
73
73
|
|
74
74
|
__the_methods_to_check = public_instance_methods(false)
|
75
75
|
if include_superclasses
|
76
76
|
clz = self.superclass
|
77
77
|
while !clz.nil?
|
78
78
|
unless clz == Object
|
79
|
+
puts "#{self.name}: #{clz.name}: #{clz.public_instance_methods(false).inspect}"
|
79
80
|
__the_methods_to_check += clz.public_instance_methods(false)
|
80
81
|
end
|
81
82
|
clz = clz.superclass
|
82
83
|
end
|
84
|
+
|
85
|
+
if allowed_mixins.length > 0
|
86
|
+
#we include any mixins
|
87
|
+
for m in self.included_modules
|
88
|
+
if allowed_mixins.include?(m)
|
89
|
+
puts "#{self.name}: #{m.name}: #{m.public_instance_methods(false).inspect}"
|
90
|
+
__the_methods_to_check += m.public_instance_methods(false)
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
83
94
|
end
|
84
95
|
|
85
96
|
|
86
97
|
__the_methods_to_check.uniq!
|
87
98
|
|
99
|
+
unless disallowed_methods.nil? || disallowed_methods.length == 0
|
100
|
+
not_bang = false
|
101
|
+
if disallowed_methods.include?(:bang_methods) #just remove all xxx! methods that modify in place
|
102
|
+
__the_methods_to_check.reject! { |meth| meth.to_s[-1, 1] == "!"}
|
103
|
+
not_bang = true
|
104
|
+
end
|
105
|
+
unless not_bang || disallowed_methods.length > 1
|
106
|
+
__the_methods_to_check.reject! { |meth| disallowed_methods.include?(meth)}
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
puts "#{self.name}: #{__the_methods_to_check.inspect}"
|
111
|
+
|
88
112
|
sandboxed_methods(*__the_methods_to_check)
|
89
113
|
|
114
|
+
|
115
|
+
|
90
116
|
end
|
91
117
|
|
92
118
|
end
|
@@ -21,17 +21,32 @@ along with shikashi. if not, see <http://www.gnu.org/licenses/>.
|
|
21
21
|
|
22
22
|
|
23
23
|
#add sandboxed method to basic inbuilt objects
|
24
|
-
|
25
|
-
String.not_sandboxed_methods true
|
26
|
-
Fixnum.not_sandboxed_methods true
|
27
|
-
Float.not_sandboxed_methods true
|
28
|
-
Range.not_sandboxed_methods true
|
29
|
-
Symbol.not_sandboxed_methods true
|
30
|
-
Time.not_sandboxed_methods true
|
31
|
-
Date.not_sandboxed_methods true
|
32
|
-
DateTime.not_sandboxed_methods true
|
33
|
-
NilClass.not_sandboxed_methods true
|
34
|
-
Array.not_sandboxed_methods true
|
35
|
-
Hash.not_sandboxed_methods true
|
36
|
-
FalseClass.not_sandboxed_methods true
|
37
|
-
TrueClass.not_sandboxed_methods true
|
24
|
+
if defined? ActiveSupport
|
25
|
+
String.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::String::Iterators,ActiveSupport::CoreExtensions::String::StartsEndsWith, ActiveSupport::CoreExtensions::String::Inflections, ActiveSupport::CoreExtensions::String::Conversions, Comparable, Enumerable], :bang_methods
|
26
|
+
Fixnum.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Integer::Inflections, ActiveSupport::CoreExtensions::Integer::EvenOdd,ActiveSupport::CoreExtensions::Numeric::Bytes, ActiveSupport::CoreExtensions::Numeric::Time, Comparable], :bang_methods
|
27
|
+
Float.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Numeric::Bytes, ActiveSupport::CoreExtensions::Numeric::Time, Comparable], :bang_methods
|
28
|
+
Range.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Range::Conversions, Enumerable], :bang_methods
|
29
|
+
Symbol.not_sandboxed_methods true
|
30
|
+
Time.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Time::Conversions, ActiveSupport::CoreExtensions::Time::Calculations, Comparable], :bang_methods
|
31
|
+
Date.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Date::Conversions, Comparable], :bang_methods
|
32
|
+
DateTime.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Date::Conversions, Comparable], :bang_methods
|
33
|
+
NilClass.not_sandboxed_methods true
|
34
|
+
Array.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Array::Grouping, ActiveSupport::CoreExtensions::Array::Conversions, Enumerable], :bang_methods
|
35
|
+
Hash.not_sandboxed_methods true, [ActiveSupport::CoreExtensions::Hash::Diff, ActiveSupport::CoreExtensions::Hash::Conversions, ActiveSupport::CoreExtensions::Hash::ReverseMerge, ActiveSupport::CoreExtensions::Hash::IndifferentAccess, ActiveSupport::CoreExtensions::Hash::Keys, Enumerable], :bang_methods
|
36
|
+
FalseClass.not_sandboxed_methods true
|
37
|
+
TrueClass.not_sandboxed_methods true
|
38
|
+
else
|
39
|
+
String.not_sandboxed_methods true, [Comparable, Enumerable], :bang_methods
|
40
|
+
Fixnum.not_sandboxed_methods true, [Comparable], :bang_methods
|
41
|
+
Float.not_sandboxed_methods true, [Comparable], :bang_methods
|
42
|
+
Range.not_sandboxed_methods true, [Enumerable], :bang_methods
|
43
|
+
Symbol.not_sandboxed_methods true
|
44
|
+
Time.not_sandboxed_methods true, [Comparable], :bang_methods
|
45
|
+
Date.not_sandboxed_methods true, [Comparable], :bang_methods
|
46
|
+
DateTime.not_sandboxed_methods true, [Comparable], :bang_methods
|
47
|
+
NilClass.not_sandboxed_methods true
|
48
|
+
Array.not_sandboxed_methods true, [Enumerable], :bang_methods
|
49
|
+
Hash.not_sandboxed_methods true, [Enumerable], :bang_methods
|
50
|
+
FalseClass.not_sandboxed_methods true
|
51
|
+
TrueClass.not_sandboxed_methods true
|
52
|
+
end
|
@@ -152,7 +152,7 @@ module SandboxedErb
|
|
152
152
|
|
153
153
|
#allowed
|
154
154
|
|
155
|
-
[[:block, true],[:lasgn, true],[:arglist, true],[:str, true],[:dstr, true],[:evstr, true],[:lit, true],[:lvar, true],[:for, true], [:while, true], [:do, true], [:if, true], [:case, true], [:when, true], [:array, true], [:hash, true]].each { |action, add_line_number|
|
155
|
+
[[:block, true],[:lasgn, true],[:arglist, true],[:str, true],[:dstr, true],[:evstr, true],[:lit, true],[:lvar, true],[:for, true], [:while, true], [:do, true], [:if, true], [:case, true], [:when, true], [:array, true], [:hash, true],[:iter, true]].each { |action, add_line_number|
|
156
156
|
if add_line_number
|
157
157
|
define_method "process_#{action}".intern do |tree|
|
158
158
|
puts tree.inspect if $DEBUG
|
data/sandboxed_erb.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{sandboxed_erb}
|
8
|
-
s.version = "0.
|
8
|
+
s.version = "0.4.0"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["MarkPent"]
|
12
|
-
s.date = %q{
|
12
|
+
s.date = %q{2012-03-19}
|
13
13
|
s.description = %q{Run erb templates safely within a sandbox.}
|
14
14
|
s.email = %q{mark.pent@gmail.com}
|
15
15
|
s.extra_rdoc_files = [
|
@@ -46,7 +46,7 @@ Gem::Specification.new do |s|
|
|
46
46
|
s.homepage = %q{http://github.com/markpent/SandboxedERB}
|
47
47
|
s.licenses = ["MIT"]
|
48
48
|
s.require_paths = ["lib"]
|
49
|
-
s.rubygems_version = %q{1.
|
49
|
+
s.rubygems_version = %q{1.5.2}
|
50
50
|
s.summary = %q{Run an erb template in a sandbox.}
|
51
51
|
|
52
52
|
if s.respond_to? :specification_version then
|
data/test/test_sandboxed_erb.rb
CHANGED
@@ -49,11 +49,11 @@ class TestSandboxedErb < Test::Unit::TestCase
|
|
49
49
|
end
|
50
50
|
|
51
51
|
tc = TestClass.new
|
52
|
-
assert_equal "A", tc._sbm(:ok_to_call)
|
52
|
+
assert_equal "A", tc._sbm(:ok_to_call, {})
|
53
53
|
|
54
54
|
|
55
55
|
assert_raise(SandboxedErb::MissingMethodError) {
|
56
|
-
tc._sbm(:not_ok_to_call).to_s
|
56
|
+
tc._sbm(:not_ok_to_call, {}).to_s
|
57
57
|
}
|
58
58
|
|
59
59
|
end
|
@@ -130,6 +130,23 @@ class TestSandboxedErb < Test::Unit::TestCase
|
|
130
130
|
assert_equal "Error on line 1: Unknown method '__send__' on object 'TestSandboxedErb::TestObject'", template.get_error
|
131
131
|
end
|
132
132
|
|
133
|
+
should "not be able to call bang methods on system classes" do
|
134
|
+
str_template = "test=<%=[1,2,3].reject!{ |i| i==2} %>"
|
135
|
+
|
136
|
+
class TestObject
|
137
|
+
sandboxed_methods :valid_method
|
138
|
+
def valid_method
|
139
|
+
"ABC"
|
140
|
+
end
|
141
|
+
end
|
142
|
+
|
143
|
+
template = SandboxedErb::Template.new
|
144
|
+
assert_equal true, template.compile(str_template), template.get_error
|
145
|
+
assert_equal nil, template.run(nil, {:test_object=>TestObject.new})
|
146
|
+
|
147
|
+
assert_equal "Error on line 1: Unknown method 'reject!' on object 'Array'", template.get_error
|
148
|
+
end
|
149
|
+
|
133
150
|
|
134
151
|
should "not be able to call Object methods on literal values" do
|
135
152
|
str_template = "test=<%=2.__send__(:object_id)%>"
|
@@ -158,7 +175,6 @@ class TestSandboxedErb < Test::Unit::TestCase
|
|
158
175
|
assert_equal "Error on line 1: Unknown method 'valid_method=' on object 'TestSandboxedErb::TestObject'", template.get_error
|
159
176
|
end
|
160
177
|
|
161
|
-
|
162
178
|
should "allow mixins" do
|
163
179
|
|
164
180
|
module MixinTest
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sandboxed_erb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 15
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
-
|
8
|
+
- 4
|
9
9
|
- 0
|
10
|
-
version: 0.
|
10
|
+
version: 0.4.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- MarkPent
|
@@ -15,9 +15,11 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date:
|
18
|
+
date: 2012-03-19 00:00:00 +10:00
|
19
|
+
default_executable:
|
19
20
|
dependencies:
|
20
21
|
- !ruby/object:Gem::Dependency
|
22
|
+
prerelease: false
|
21
23
|
requirement: &id001 !ruby/object:Gem::Requirement
|
22
24
|
none: false
|
23
25
|
requirements:
|
@@ -29,11 +31,11 @@ dependencies:
|
|
29
31
|
- 2
|
30
32
|
- 0
|
31
33
|
version: 0.2.0
|
32
|
-
version_requirements: *id001
|
33
34
|
name: partialruby
|
34
|
-
prerelease: false
|
35
35
|
type: :runtime
|
36
|
+
version_requirements: *id001
|
36
37
|
- !ruby/object:Gem::Dependency
|
38
|
+
prerelease: false
|
37
39
|
requirement: &id002 !ruby/object:Gem::Requirement
|
38
40
|
none: false
|
39
41
|
requirements:
|
@@ -45,11 +47,11 @@ dependencies:
|
|
45
47
|
- 0
|
46
48
|
- 6
|
47
49
|
version: 2.0.6
|
48
|
-
version_requirements: *id002
|
49
50
|
name: ruby_parser
|
50
|
-
prerelease: false
|
51
51
|
type: :runtime
|
52
|
+
version_requirements: *id002
|
52
53
|
- !ruby/object:Gem::Dependency
|
54
|
+
prerelease: false
|
53
55
|
requirement: &id003 !ruby/object:Gem::Requirement
|
54
56
|
none: false
|
55
57
|
requirements:
|
@@ -59,11 +61,11 @@ dependencies:
|
|
59
61
|
segments:
|
60
62
|
- 0
|
61
63
|
version: "0"
|
62
|
-
version_requirements: *id003
|
63
64
|
name: shoulda
|
64
|
-
prerelease: false
|
65
65
|
type: :development
|
66
|
+
version_requirements: *id003
|
66
67
|
- !ruby/object:Gem::Dependency
|
68
|
+
prerelease: false
|
67
69
|
requirement: &id004 !ruby/object:Gem::Requirement
|
68
70
|
none: false
|
69
71
|
requirements:
|
@@ -75,11 +77,11 @@ dependencies:
|
|
75
77
|
- 0
|
76
78
|
- 0
|
77
79
|
version: 1.0.0
|
78
|
-
version_requirements: *id004
|
79
80
|
name: bundler
|
80
|
-
prerelease: false
|
81
81
|
type: :development
|
82
|
+
version_requirements: *id004
|
82
83
|
- !ruby/object:Gem::Dependency
|
84
|
+
prerelease: false
|
83
85
|
requirement: &id005 !ruby/object:Gem::Requirement
|
84
86
|
none: false
|
85
87
|
requirements:
|
@@ -91,11 +93,11 @@ dependencies:
|
|
91
93
|
- 6
|
92
94
|
- 1
|
93
95
|
version: 1.6.1
|
94
|
-
version_requirements: *id005
|
95
96
|
name: jeweler
|
96
|
-
prerelease: false
|
97
97
|
type: :development
|
98
|
+
version_requirements: *id005
|
98
99
|
- !ruby/object:Gem::Dependency
|
100
|
+
prerelease: false
|
99
101
|
requirement: &id006 !ruby/object:Gem::Requirement
|
100
102
|
none: false
|
101
103
|
requirements:
|
@@ -105,10 +107,9 @@ dependencies:
|
|
105
107
|
segments:
|
106
108
|
- 0
|
107
109
|
version: "0"
|
108
|
-
version_requirements: *id006
|
109
110
|
name: rcov
|
110
|
-
prerelease: false
|
111
111
|
type: :development
|
112
|
+
version_requirements: *id006
|
112
113
|
description: Run erb templates safely within a sandbox.
|
113
114
|
email: mark.pent@gmail.com
|
114
115
|
executables: []
|
@@ -144,6 +145,7 @@ files:
|
|
144
145
|
- test/test_error_handling.rb
|
145
146
|
- test/test_sandboxed_erb.rb
|
146
147
|
- test/test_valid_templates.rb
|
148
|
+
has_rdoc: true
|
147
149
|
homepage: http://github.com/markpent/SandboxedERB
|
148
150
|
licenses:
|
149
151
|
- MIT
|
@@ -173,7 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
173
175
|
requirements: []
|
174
176
|
|
175
177
|
rubyforge_project:
|
176
|
-
rubygems_version: 1.
|
178
|
+
rubygems_version: 1.5.2
|
177
179
|
signing_key:
|
178
180
|
specification_version: 3
|
179
181
|
summary: Run an erb template in a sandbox.
|