sandrbox 0.0.2

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,12 @@
+source "http://rubygems.org"
+
+group :development do
+  gem "mocha"
+  gem "rake"
+  gem "rspec"
+  gem "bundler"
+  gem "jeweler"
+  gem "yard"
+  gem "redcarpet", '1.17.2'
+  gem 'github-markup'
+end

data/Gemfile.lock

@@ -0,0 +1,41 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.3)
+    git (1.2.5)
+    github-markup (0.7.1)
+    jeweler (1.8.3)
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      rake
+      rdoc
+    json (1.6.6)
+    metaclass (0.0.1)
+    mocha (0.10.5)
+      metaclass (~> 0.0.1)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    redcarpet (1.17.2)
+    rspec (2.9.0)
+      rspec-core (~> 2.9.0)
+      rspec-expectations (~> 2.9.0)
+      rspec-mocks (~> 2.9.0)
+    rspec-core (2.9.0)
+    rspec-expectations (2.9.0)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.9.0)
+    yard (0.7.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler
+  github-markup
+  jeweler
+  mocha
+  rake
+  redcarpet (= 1.17.2)
+  rspec
+  yard

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2012 Josh Symonds
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,45 @@
+# Sandrbox
+
+Sandrbox allows you to execute arbitrary Ruby code while being assured it won't destroy your life (or your server). It's intended to be small, fast, and secure. I built it to replace TryRuby's really slow Ruby sandbox, since I wanted something faster.
+
+Note that while I made a concentrated effort to make this secure, it's still possible it's not. I wouldn't run this code outside of a secure prison of some sort, and definitely not on anything connected to a database whose data you care about. (I intend to run this on Heroku without a database.)
+
+## Set It Up
+
+I automatically remove all the bad methods and classes I can think of. But maybe you need more:
+
+```ruby
+Sandrbox.configure do |config|
+  config.bad_classes << [:Rails]
+  config.bad_classes << [:ActiveRecord]
+end
+```
+
+## How To Use It
+
+```ruby
+require 'sandrbox'
+
+Sandrbox.perform(['a = 1']).output # => [1]
+Sandrbox.perform(['a = 1', 'a = a + a', 'a ** a']).output # => [1, 2, 4]
+Sandrbox.perform(['a = 1', 'a = a + a', 'a ** b']).output # => [1, 2, "NameError: undefined local variable or method `b' for main:Object"] 
+
+Sandrbox.perform(['`rm -rf /`']).output # => ["NameError: undefined local variable or method ``' for Kernel:Module"]
+Sandrbox.perform(['exec("rm -rf /")']).output # => ["NameError: undefined local variable or method `exec' for main:Object"] 
+Sandrbox.perform(['Kernel.exec("rm -rf /")']).output # => ["NameError: undefined local variable or method `exec' for Kernel:Module"]
+
+Sandrbox.perform(['require "open3"']).output # => ["NameError: undefined local variable or method `require' for main:Object"]
+
+Sandrbox.perform(['class Foo', 'def test', '"hi"', 'end', 'end']).output # => [nil]
+Sandrbox.perform(['class Foo', 'def test', '"hi"', 'end', 'end', 'Foo.new.test']).output # => [nil, "hi"]
+Sandrbox.perform(['Foo.new.test']).output # => ["NameError: uninitialized constant Foo"] Each perform is independent of previous performs
+
+Sandrbox.perform(['class Foo']).output # => []
+Sandrbox.perform(['class Foo']).complete? # => false
+Sandrbox.perform(['class Foo']).indent_level # => 1
+Sandrbox.perform(['class Foo']).indent_character # => "class"
+```
+
+## Copyright
+
+Copyright (c) 2012 Josh Symonds. See LICENSE.txt for further details.

data/Rakefile

@@ -0,0 +1,44 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "sandrbox"
+  gem.homepage = "http://github.com/Veraticus/Sandrbox"
+  gem.license = "MIT"
+  gem.summary = 'A sanitizing sandbox for executing Ruby code'
+  gem.description = 'A sandbox for that tries to change all Ruby code executed to be safe and non-destructive, both to the filesystem and the currently running process'
+  gem.email = "josh@joshsymonds.com"
+  gem.authors = ["Josh Symonds"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+desc "Open an irb session preloaded with this library"
+task :cons do
+  sh "irb -rubygems -I lib -r sandrbox.rb"
+end
+
+task :default => :spec

data/Sandrbox.gemspec

@@ -0,0 +1,78 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "sandrbox"
+  s.version = "0.0.2"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Josh Symonds"]
+  s.date = "2012-03-30"
+  s.description = "A sandbox for that tries to change all Ruby code executed to be safe and non-destructive, both to the filesystem and the currently running process"
+  s.email = "josh@joshsymonds.com"
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.markdown"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.markdown",
+    "Rakefile",
+    "Sandrbox.gemspec",
+    "VERSION",
+    "lib/sandrbox.rb",
+    "lib/sandrbox/config.rb",
+    "lib/sandrbox/options/option.rb",
+    "lib/sandrbox/response.rb",
+    "lib/sandrbox/value.rb",
+    "spec/sandrbox/config_spec.rb",
+    "spec/sandrbox/response_spec.rb",
+    "spec/sandrbox/value_spec.rb",
+    "spec/sandrbox_spec.rb",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = "http://github.com/Veraticus/Sandrbox"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.19"
+  s.summary = "A sanitizing sandbox for executing Ruby code"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<mocha>, [">= 0"])
+      s.add_development_dependency(%q<rake>, [">= 0"])
+      s.add_development_dependency(%q<rspec>, [">= 0"])
+      s.add_development_dependency(%q<bundler>, [">= 0"])
+      s.add_development_dependency(%q<jeweler>, [">= 0"])
+      s.add_development_dependency(%q<yard>, [">= 0"])
+      s.add_development_dependency(%q<redcarpet>, ["= 1.17.2"])
+      s.add_development_dependency(%q<github-markup>, [">= 0"])
+    else
+      s.add_dependency(%q<mocha>, [">= 0"])
+      s.add_dependency(%q<rake>, [">= 0"])
+      s.add_dependency(%q<rspec>, [">= 0"])
+      s.add_dependency(%q<bundler>, [">= 0"])
+      s.add_dependency(%q<jeweler>, [">= 0"])
+      s.add_dependency(%q<yard>, [">= 0"])
+      s.add_dependency(%q<redcarpet>, ["= 1.17.2"])
+      s.add_dependency(%q<github-markup>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<mocha>, [">= 0"])
+    s.add_dependency(%q<rake>, [">= 0"])
+    s.add_dependency(%q<rspec>, [">= 0"])
+    s.add_dependency(%q<bundler>, [">= 0"])
+    s.add_dependency(%q<jeweler>, [">= 0"])
+    s.add_dependency(%q<yard>, [">= 0"])
+    s.add_dependency(%q<redcarpet>, ["= 1.17.2"])
+    s.add_dependency(%q<github-markup>, [">= 0"])
+  end
+end
+

data/VERSION

@@ -0,0 +1 @@
+0.0.2

data/lib/sandrbox/config.rb

@@ -0,0 +1,57 @@
+require 'sandrbox/options/option'
+
+module Sandrbox
+  
+  module Config
+    extend self
+    extend Options
+
+    option :bad_methods, :default => [
+      [:Object, :abort],
+      [:Kernel, :abort],
+      [:Object, :autoload],
+      [:Kernel, :autoload],
+      [:Object, :autoload?],
+      [:Kernel, :autoload?],
+      [:Object, :callcc],
+      [:Kernel, :callcc],
+      [:Object, :exit],
+      [:Kernel, :exit],
+      [:Object, :exit!],
+      [:Kernel, :exit!],
+      [:Object, :at_exit],
+      [:Kernel, :at_exit],
+      [:Object, :exec],
+      [:Kernel, :exec],
+      [:Object, :fork],
+      [:Kernel, :fork],
+      [:Object, :load],
+      [:Kernel, :load],
+      [:Object, :open],
+      [:Kernel, :open],
+      [:Object, :set_trace_func],
+      [:Kernel, :set_trace_func],
+      [:Object, :spawn],
+      [:Kernel, :spawn],
+      [:Object, :syscall],
+      [:Kernel, :syscall],
+      [:Object, :system],
+      [:Kernel, :system],
+      [:Object, :test],
+      [:Kernel, :test],
+      [:Object, :remove_method],
+      [:Kernel, :remove_method],
+      [:Object, :require],
+      [:Kernel, :require],
+      [:Object, :require_relative],
+      [:Kernel, :require_relative],
+      [:Object, :undef_method],
+      [:Kernel, :undef_method],
+      [:Object, "`".to_sym],
+      [:Kernel, "`".to_sym],
+      [:Class, "`".to_sym]
+    ]
+    option :bad_constants, :default => [:Continuation, :Open3, :File, :Dir, :IO, :Sandrbox, :Process, :Thread, :Fiber, :Gem, :Net, :ThreadGroup, :SystemExit, :SignalException, :Interrupt, :FileTest, :Signal]
+    
+  end
+end

data/lib/sandrbox/options/option.rb

@@ -0,0 +1,70 @@
+# Shamelessly stolen from Mongoid!
+module Sandrbox #:nodoc
+  module Config
+
+    # Encapsulates logic for setting options.
+    module Options
+
+      # Get the defaults or initialize a new empty hash.
+      #
+      # @example Get the defaults.
+      #   options.defaults
+      #
+      # @return [ Hash ] The default options.
+      def defaults
+        @defaults ||= {}
+      end
+
+      # Define a configuration option with a default.
+      #
+      # @example Define the option.
+      #   Options.option(:persist_in_safe_mode, :default => false)
+      #
+      # @param [ Symbol ] name The name of the configuration option.
+      # @param [ Hash ] options Extras for the option.
+      #
+      # @option options [ Object ] :default The default value.
+      def option(name, options = {})
+        defaults[name] = settings[name] = options[:default]
+
+        class_eval <<-RUBY
+          def #{name}
+            settings[#{name.inspect}]
+          end
+
+          def #{name}=(value)
+            settings[#{name.inspect}] = value
+          end
+
+          def #{name}?
+            #{name}
+          end
+          
+          def reset_#{name}
+            settings[#{name.inspect}] = defaults[#{name.inspect}]
+          end
+        RUBY
+      end
+
+      # Reset the configuration options to the defaults.
+      #
+      # @example Reset the configuration options.
+      #   config.reset
+      #
+      # @return [ Hash ] The defaults.
+      def reset
+        settings.replace(defaults)
+      end
+
+      # Get the settings or initialize a new empty hash.
+      #
+      # @example Get the settings.
+      #   options.settings
+      #
+      # @return [ Hash ] The setting options.
+      def settings
+        @settings ||= {}
+      end
+    end
+  end
+end

data/lib/sandrbox/response.rb

@@ -0,0 +1,101 @@
+module Sandrbox
+  class Response
+    attr_accessor :array, :compressed_array, :expanded_array, :indents, :results, :old_constants
+    attr_accessor :class_count, :module_count, :def_count, :end_count, :do_count, :left_curly_count, :right_curly_count, :left_bracket_count, :right_bracket_count
+    
+    def initialize(array)
+      self.array = array
+      [:expanded_array, :compressed_array, :indents, :results].each do |arr|
+        self.send("#{arr}=".to_sym, [])
+      end
+      [:class, :module, :def, :end, :do, :left_curly, :right_curly, :left_bracket, :right_bracket].each do |count|
+        self.send("#{count}_count=".to_sym, 0)
+      end
+      expand
+      compress
+    end
+    
+    def expand
+      self.array.each do |line| 
+        next if line.empty?
+        self.expanded_array << uncomment(line).split(';').collect(&:strip)
+      end
+      self.expanded_array.flatten!
+    end
+    
+    def compress
+      self.expanded_array.each do |line|
+        uncommented_line = uncomment(line)
+        ending = nil
+        
+        [:class, :module, :def, :end, :do].each do |count|
+          if uncommented_line =~ /\s*#{count.to_s}\s*/
+            self.send("#{count}_count=".to_sym, self.send("#{count}_count".to_sym) + 1) 
+            self.indents.push(count.to_s) unless count == :end
+            ending = self.indents.pop if count == :end
+          end
+        end
+        
+        {:left_curly => ['{', '}'], :right_curly => ['}', '{'], :left_bracket => ['[', ']'], :right_bracket => [']', '[']}.each do |name, sym|
+          if uncommented_line.count(sym.first) > uncommented_line.count(sym.last)
+            self.send("#{name}_count=".to_sym, self.send("#{name}_count".to_sym) + 1) 
+            self.indents.push(sym.first) if name.to_s.include?('left')
+            ending = self.indents.pop if name.to_s.include?('right')
+          end
+        end
+        
+        if ending
+          self.compressed_array.last << "#{uncommented_line}#{semicolon(ending)}"
+        elsif indent_level == 1 || self.compressed_array.empty?
+          self.compressed_array << "#{uncommented_line}#{semicolon}"
+        elsif indent_level > 1
+          self.compressed_array.last << "#{uncommented_line}#{semicolon}"
+        else
+          self.compressed_array << uncommented_line
+        end
+      end
+      
+      return evaluate if complete?
+    end
+    
+    def evaluate
+      preserve_namespace
+      self.compressed_array.each_with_index {|line, line_no| self.results << Sandrbox::Value.new(line, line_no)}
+      restore_namespace
+    end
+    
+    def semicolon(char = nil)
+      char ||= indent_character
+      (char == '{' || char == '[') ? '' : ';'
+    end
+    
+    def uncomment(line)
+      line.split('#').first.strip
+    end
+    
+    def indent_level
+      self.indents.count
+    end
+    
+    def indent_character
+      self.indents.last
+    end
+    
+    def complete?
+      self.indents.empty?
+    end
+    
+    def output
+      results.collect(&:to_s)
+    end
+    
+    def preserve_namespace
+      self.old_constants = Object.constants
+    end
+    
+    def restore_namespace
+      (Object.constants - self.old_constants).each {|bad_constant| Object.send(:remove_const, bad_constant)}
+    end
+
+  end
+end

data/lib/sandrbox/value.rb

@@ -0,0 +1,90 @@
+module Sandrbox
+  class Value
+    attr_accessor :line, :line_no, :result, :time, :unbound_methods, :unbound_constants
+    
+    def initialize(line, line_no)
+      self.unbound_methods = []
+      self.unbound_constants = []
+      self.line = line
+      self.line_no = line_no
+      evaluate
+    end
+    
+    def evaluate
+      t = Thread.new do
+        $SAFE = 2
+        begin
+          Timeout::timeout(0.5) do
+            Sandrbox.config.bad_methods.each {|meth| remove_method(meth.first, meth.last)}
+            Sandrbox.config.bad_constants.each {|const| remove_constant(const)}
+            self.result = eval(line, TOPLEVEL_BINDING, "sandrbox", line_no)
+          end
+        rescue Exception => e
+          self.result = "#{e.class}: #{e.to_s}"
+        ensure
+          restore_constants
+          restore_methods
+        end
+      end
+      
+      timeout = t.join(3)
+      self.result = "SandrboxError: execution expired" if timeout.nil?
+
+      self
+    end
+    
+    def to_s
+      self.result
+    end
+    
+    private
+      
+    def remove_method(klass, method)
+      const = Object.const_get(klass.to_s)
+      if const.methods.include?(method) || const.instance_methods.include?(method)
+        self.unbound_methods << [const, const.method(method).unbind]
+        metaclass = class << const; self; end
+
+        message = if const == Object
+          "undefined local variable or method `#{method}' for main:Object"
+        else
+          "undefined local variable or method `#{method}' for #{klass}:#{const.class}"
+        end
+
+        metaclass.send(:define_method, method) do |*args|
+          raise NameError, message
+        end
+
+        const.send(:define_method, method) do |*args|
+          raise NameError, message
+        end
+      end
+    end
+    
+    def restore_methods
+      self.unbound_methods.each do |unbound|
+        klass = unbound.first
+        method = unbound.last
+
+        metaclass = class << klass; self; end
+
+        metaclass.send(:define_method, method.name) do |*args|
+          method.bind(klass).call(*args)
+        end
+
+        klass.send(:define_method, method.name) do |*args|
+          method.bind(klass).call(*args)
+        end
+      end
+    end
+
+    def remove_constant(constant)
+      self.unbound_constants << Object.send(:remove_const, constant) if Object.const_defined?(constant)
+    end
+
+    def restore_constants
+      self.unbound_constants.each {|const| Object.const_set(const.to_s.to_sym, const) unless Object.const_defined?(const.to_s.to_sym)}
+    end
+        
+  end
+end

data/lib/sandrbox.rb

@@ -0,0 +1,20 @@
+require 'irb'
+require 'timeout'
+
+require 'sandrbox/response'
+require 'sandrbox/value'
+require 'sandrbox/config'
+
+module Sandrbox
+  extend self
+  
+  def configure
+    block_given? ? yield(Sandrbox::Config) : Sandrbox::Config
+  end
+  alias :config :configure
+  
+  def perform(array)
+    Sandrbox::Response.new(array)
+  end
+  
+end

data/spec/sandrbox/config_spec.rb

@@ -0,0 +1,5 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe "Sandrbox::Config" do
+
+end

data/spec/sandrbox/response_spec.rb

@@ -0,0 +1,105 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe "Sandrbox::Response" do
+  it 'initializes values correctly' do
+    @response = Sandrbox::Response.new([])
+    
+    @response.class_count.should == 0
+    @response.module_count.should == 0
+    @response.def_count.should == 0
+    @response.end_count.should == 0
+    @response.do_count.should == 0
+    @response.left_curly_count.should == 0
+    @response.right_curly_count.should == 0
+    @response.compressed_array.should == []
+  end
+  
+  it 'expands semicolons into new lines' do
+    Sandrbox::Response.new(['class Test; def foo; "hi"; end; end']).expanded_array == ['class Test', 'def foo', '"hi"', 'end', 'end']
+  end
+  
+  it 'detects class correctly' do
+    Sandrbox::Response.new(['class Test < ActiveRecord::Base']).class_count.should == 1
+  end
+  
+  it 'detects module correctly' do
+    Sandrbox::Response.new(['  module Enumerable']).module_count.should == 1
+  end
+  
+  it 'detects def correctly' do
+    Sandrbox::Response.new(['def method(test)']).def_count.should == 1
+  end
+  
+  it 'detects end correctly' do
+    Sandrbox::Response.new(['   end']).end_count.should == 1
+  end
+  
+  it 'detects do correctly' do
+    Sandrbox::Response.new(['test.each do |foo, wee|']).do_count.should == 1
+  end
+  
+  it 'detects left curly correctly' do
+    Sandrbox::Response.new(['test.each { |foo| ']).left_curly_count.should == 1
+  end
+  
+  it 'detects right curly correctly' do
+    Sandrbox::Response.new([' } ']).right_curly_count.should == 1
+  end
+  
+  it 'detects left bracket correctly' do
+    Sandrbox::Response.new(['[ "test", ']).left_bracket_count.should == 1
+  end
+  
+  it 'detects right curly correctly' do
+    Sandrbox::Response.new(['] ']).right_bracket_count.should == 1
+  end
+  
+  it 'compresses multiline statements into one line' do
+    Sandrbox::Response.new(['class Test', 'def foo', '"hi"', 'end', 'end']).compressed_array.should == ['class Test;def foo;"hi";end;end;']
+  end
+  
+  it 'ignores comments in parsing' do
+    response = Sandrbox::Response.new([]).uncomment('def method(test) # end class module').should == 'def method(test)'
+  end
+  
+  it 'correctly determines a line is complete for def, class, module, do and end' do
+    Sandrbox::Response.new(['class Test; def foo; "hi"; end; end']).should be_complete
+    Sandrbox::Response.new(['class Test', 'def foo', '"hi"', 'end', 'end']).should be_complete
+    Sandrbox::Response.new(['module Wee', '[1, 2, 3].each do |num|', '"#{num}"', 'end', 'end']).should be_complete
+  end
+  
+  it 'correctly determines a line is incomplete for def, class, module, do and end' do
+    Sandrbox::Response.new(['class Test; def foo; "hi"; end']).should_not be_complete
+    Sandrbox::Response.new(['class Test', 'def foo', '"hi"', 'end']).should_not be_complete
+    Sandrbox::Response.new(['module Wee', '[1, 2, 3].each do |num|', '"#{num}"']).should_not be_complete
+  end
+  
+  it 'correctly determines indent level' do
+    Sandrbox::Response.new(['class Test; def foo; "hi"; end']).indent_level.should == 1
+    Sandrbox::Response.new(['class Test', 'def foo', '"hi"', 'end']).indent_level.should == 1
+    Sandrbox::Response.new(['module Wee', '[1, 2, 3].each do |num|', '"#{num}"']).indent_level.should == 2
+    Sandrbox::Response.new(['[1, 2, 3].each { |num|', '']).indent_level.should == 1
+    Sandrbox::Response.new(['module Test', 'class Weeha', 'def Foo', '[ "test", ']).indent_level.should == 4
+  end
+  
+  it 'correctly determines indent character' do
+    Sandrbox::Response.new(['class Test; def foo; "hi"; end']).indent_character.should == 'class'
+    Sandrbox::Response.new(['class Test', 'def foo', '"hi"', 'end']).indent_character.should == 'class'
+    Sandrbox::Response.new(['module Wee', '[1, 2, 3].each do |num|', '"#{num}"']).indent_character.should == 'do'
+    Sandrbox::Response.new(['[1, 2, 3].each { |num|', '']).indent_character.should == '{'
+    Sandrbox::Response.new(['module Test', 'class Weeha', 'def Foo', '[ "test", ']).indent_character.should == '['
+  end
+  
+  it 'does not make an indent character if indents are on the same line' do
+    Sandrbox::Response.new(['[1, 2, 3]']).indent_character.should == nil
+    Sandrbox::Response.new(['{:test => "foo"}']).indent_character.should == nil
+  end
+  
+  it 'does make an indent character if indents are on the same line but are unmatched' do
+    Sandrbox::Response.new(['{:test => "foo"}, {:test => "wee"']).indent_character.should == '{'
+  end
+  
+  it 'does not return a negative indent level' do
+    Sandrbox::Response.new(['end', 'end', 'end']).indent_level.should == 0
+  end
+end

data/spec/sandrbox_spec.rb

@@ -0,0 +1,85 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "Sandrbox" do
+
+  it 'performs arbitrary correct irb commands' do
+    Sandrbox.perform(['a = 1 + 1', 'a + a', 'a * a']).output.should == [2, 4, 4]
+  end
+  
+  it 'returns syntax errors immediately' do
+    Sandrbox.perform(['a = 1 + 1', 'b', 'a * a']).output.should == [2, "NameError: undefined local variable or method `b' for main:Object", 4]
+  end
+  
+  it 'allows constants to be used after uninitializing them' do
+    Sandrbox.perform(['a = 1 + 1'])
+    lambda {Object.const_get(:File)}.should_not raise_error
+  end
+  
+  it 'allows methods to be called after removing them' do
+    Sandrbox.perform(['a = 1 + 1'])
+    Kernel.methods.should include(:exit)
+  end
+  
+  it 'only waits half a second for each command' do
+    Sandrbox.perform(['sleep 5']).output.should == ["Timeout::Error: execution expired"]
+  end
+  
+  it 'does multiline class definitions correctly' do
+    Sandrbox.perform(['class Foo', 'def test', '"hi"', 'end', 'end', 'Foo.new.test']).output.should == [nil, "hi"]
+  end
+  
+  it 'removes previous class definitions and methods between calls' do
+    Sandrbox.perform(['class Foo', 'def test', '"hi"', 'end', 'end'])
+    Sandrbox.perform(['Foo.new.test']).output.should == ["NameError: uninitialized constant Foo"]
+  end
+  
+  context 'unsafe commands' do
+    it 'does not exit' do
+      Sandrbox.perform(['exit']).output.should == ["NameError: undefined local variable or method `exit' for main:Object"]
+    end
+    
+    it 'does not exit for kernel' do
+      Sandrbox.perform(['Kernel.exit']).output.should == ["NameError: undefined local variable or method `exit' for Kernel:Module"]
+    end
+    
+    it 'does not exec' do
+      Sandrbox.perform(['exec("ps")']).output.should == ["NameError: undefined local variable or method `exec' for main:Object"]
+    end
+    
+    it 'does not exec for kernel' do
+      Sandrbox.perform(['Kernel.exec("ps")']).output.should == ["NameError: undefined local variable or method `exec' for Kernel:Module"]
+    end
+    
+    it 'does not `' do
+      Sandrbox.perform(['`ls`']).output.should == ["NameError: undefined local variable or method ``' for main:Object"]
+    end
+    
+    it 'does not implement File' do
+      Sandrbox.perform(['File']).output.should == ["NameError: uninitialized constant File"]
+    end
+    
+    it 'does not implement Dir' do
+      Sandrbox.perform(['Dir']).output.should == ["NameError: uninitialized constant Dir"]
+    end
+    
+    it 'does not implement IO' do
+      Sandrbox.perform(['IO']).output.should == ["NameError: uninitialized constant IO"]
+    end
+    
+    it 'does not implement Open3' do
+      Sandrbox.perform(['Open3']).output.should == ["NameError: uninitialized constant Open3"]
+    end
+    
+    it 'does not implement Open3 even after requiring it' do
+      Sandrbox.perform(['require "open3"', 'Open3']).output.should == ["NameError: undefined local variable or method `require' for main:Object", "NameError: uninitialized constant Open3"]
+    end
+    
+    it 'does not allow you to manually call protected Sandrbox methods' do
+      Sandrbox.perform(['Sandrbox Sandrbox.inspect']).output.should == ["NameError: uninitialized constant Sandrbox"]
+    end
+    
+    it 'does not allow you to manually call children of removed classes' do
+      Sandrbox.perform(['Sandrbox Sandrbox::Config.inspect']).output.should == ["NameError: uninitialized constant Sandrbox"]
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+require 'rspec'
+require 'sandrbox'
+require 'mocha'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  config.mock_with(:mocha)
+  config.backtrace_clean_patterns = []
+  config.before(:each) {Sandrbox.config.reset_bad_methods}
+end

metadata

@@ -0,0 +1,197 @@
+--- !ruby/object:Gem::Specification
+name: sandrbox
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+  prerelease: 
+platform: ruby
+authors:
+- Josh Symonds
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-03-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.17.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.17.2
+- !ruby/object:Gem::Dependency
+  name: github-markup
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A sandbox for that tries to change all Ruby code executed to be safe
+  and non-destructive, both to the filesystem and the currently running process
+email: josh@joshsymonds.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.markdown
+files:
+- .document
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.markdown
+- Rakefile
+- Sandrbox.gemspec
+- VERSION
+- lib/sandrbox.rb
+- lib/sandrbox/config.rb
+- lib/sandrbox/options/option.rb
+- lib/sandrbox/response.rb
+- lib/sandrbox/value.rb
+- spec/sandrbox/config_spec.rb
+- spec/sandrbox/response_spec.rb
+- spec/sandrbox/value_spec.rb
+- spec/sandrbox_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/Veraticus/Sandrbox
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 928819448596422268
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.19
+signing_key: 
+specification_version: 3
+summary: A sanitizing sandbox for executing Ruby code
+test_files: []