secure 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
data/.gitignore CHANGED
@@ -2,3 +2,5 @@
2
2
  .bundle
3
3
  Gemfile.lock
4
4
  pkg/*
5
+ .rbenv-version
6
+ .DS_STORE
data/README.md CHANGED
@@ -37,6 +37,8 @@ Options:
37
37
  * :limit_cpu => This is the limit of how many cpu-seconds your process can use. MUST be an integer. This should be used as a fallback in case :timeout is not honored
38
38
  * :run_before => A block, or array of blocks that is run before your code is sandboxed. Be careful. Remember how lambdas are bound in ruby. Refer to this for more details: http://blog.sidu.in/2007/11/ruby-blocks-gotchas.html
39
39
  * :pipe_stdin, :pipe_stdout, :pipe_stderr => A File to pipe the stdin, out ond stderr to
40
+ * :safe => An integer that represents the new safe mode (default 3)
41
+ * :limit_files => Maximum file descriptor the block can open. If you want to say no files, set this to 0
40
42
 
41
43
  Errors:
42
44
  =======
@@ -12,6 +12,8 @@ module Secure
12
12
  @pipe_stderr = opts[:pipe_stderr]
13
13
  @pipe_stdin = opts[:pipe_stdin]
14
14
  @run_before = opts[:run_before]
15
+ @safe_value = opts[:safe] || 3
16
+ @limit_files = opts[:limit_files]
15
17
  end
16
18
 
17
19
  def guard_threads
@@ -21,6 +23,7 @@ module Secure
21
23
  def set_resource_limits
22
24
  Process::setrlimit(Process::RLIMIT_AS, @limit_memory) if @limit_memory
23
25
  Process::setrlimit(Process::RLIMIT_CPU, @limit_cpu, 2 + @limit_cpu) if @limit_cpu
26
+ Process::setrlimit(Process::RLIMIT_NOFILE, @limit_files, @limit_files) if @limit_files
24
27
  end
25
28
 
26
29
  def redirect_files
@@ -43,7 +46,7 @@ module Secure
43
46
  redirect_files
44
47
  thread = Thread.start do
45
48
  run_before_methods
46
- $SAFE=3
49
+ $SAFE = @safe_value
47
50
  yield
48
51
  end
49
52
  decorate_with_guard_threads(thread)
@@ -1,3 +1,3 @@
1
1
  module Secure
2
- VERSION = "1.0.0"
2
+ VERSION = "1.1.0"
3
3
  end
@@ -57,6 +57,14 @@ module Secure
57
57
  response.should be_success
58
58
  $SAFE.should == 0
59
59
  end
60
+
61
+ it "can change the safe value if needed" do
62
+ response = Runner.new(:safe => 0).run do
63
+ $SAFE
64
+ end
65
+ response.should be_success
66
+ response.value.should == 0
67
+ end
60
68
  end
61
69
 
62
70
  context "security violations" do
@@ -104,6 +112,14 @@ module Secure
104
112
  response.error.should be_a(Secure::ChildKilledError)
105
113
  end
106
114
 
115
+ it "kills a process running trying to open a file" do
116
+ response = Runner.new(:safe => 0, :limit_files => 0).run do
117
+ File.read(__FILE__)
118
+ end
119
+ response.should_not be_success
120
+ response.error.should be_a(Errno::EMFILE)
121
+ end
122
+
107
123
  it "should not be able to open a file" do
108
124
  response = Runner.new.run do
109
125
  File.open("/etc/passwd")
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2011-10-26 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70153208867340 !ruby/object:Gem::Requirement
16
+ requirement: &70276562098440 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ~>
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '2.6'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70153208867340
24
+ version_requirements: *70276562098440
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: rake
27
- requirement: &70153208866920 !ruby/object:Gem::Requirement
27
+ requirement: &70276562098020 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
32
32
  version: '0'
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *70153208866920
35
+ version_requirements: *70276562098020
36
36
  description: see summary
37
37
  email:
38
38
  - tejas@gja.in