secure 1.1.2 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/secure/child_process.rb +11 -5
- data/lib/secure/version.rb +1 -1
- data/spec/secure/runner_spec.rb +29 -32
- data/spec/spec_helper.rb +4 -0
- metadata +5 -5
data/lib/secure/child_process.rb
CHANGED
@@ -23,9 +23,9 @@ module Secure
|
|
23
23
|
|
24
24
|
def set_resource_limits
|
25
25
|
Process::setrlimit(Process::RLIMIT_AS, @limit_memory) if @limit_memory
|
26
|
-
Process::setrlimit(Process::RLIMIT_CPU, @limit_cpu,
|
26
|
+
Process::setrlimit(Process::RLIMIT_CPU, @limit_cpu, 1 + @limit_cpu) if @limit_cpu
|
27
27
|
Process::setrlimit(Process::RLIMIT_NOFILE, @limit_files, @limit_files) if @limit_files
|
28
|
-
|
28
|
+
Process::setrlimit(Process::RLIMIT_NPROC, @limit_procs, @limit_procs) if @limit_procs
|
29
29
|
end
|
30
30
|
|
31
31
|
def redirect_files
|
@@ -43,15 +43,21 @@ module Secure
|
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
46
|
-
def
|
46
|
+
def secure_process
|
47
|
+
run_before_methods
|
47
48
|
set_resource_limits
|
49
|
+
$SAFE = @safe_value
|
50
|
+
end
|
51
|
+
|
52
|
+
def safely_run_block
|
48
53
|
redirect_files
|
49
54
|
thread = Thread.start do
|
50
|
-
|
51
|
-
|
55
|
+
sleep
|
56
|
+
secure_process
|
52
57
|
yield
|
53
58
|
end
|
54
59
|
decorate_with_guard_threads(thread)
|
60
|
+
thread.wakeup
|
55
61
|
Response.success(thread.value)
|
56
62
|
rescue Exception => e
|
57
63
|
Response.error(e)
|
data/lib/secure/version.rb
CHANGED
data/spec/secure/runner_spec.rb
CHANGED
@@ -89,40 +89,36 @@ module Secure
|
|
89
89
|
while true; end
|
90
90
|
end
|
91
91
|
response.should_not be_success
|
92
|
-
response.error.should be_a(
|
92
|
+
response.error.should be_a(TimeoutError)
|
93
93
|
end
|
94
94
|
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
else
|
99
|
-
|
100
|
-
it "should kill a process with too much memory on linux" do
|
101
|
-
response = Runner.new(:limit_memory => 10 * 1024).run do
|
102
|
-
'a' * 10 * 1024
|
103
|
-
end
|
104
|
-
response.should_not be_success
|
105
|
-
response.error.should be_a(NoMemoryError)
|
95
|
+
it "kills a process using too much cpu" do
|
96
|
+
response = Runner.new(:limit_cpu => 1).run do
|
97
|
+
while true; end
|
106
98
|
end
|
99
|
+
response.should_not be_success
|
100
|
+
response.error.should be_a(ChildKilledError)
|
101
|
+
end
|
107
102
|
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
end
|
113
|
-
10
|
114
|
-
end
|
115
|
-
response.should_not be_success
|
116
|
-
response.error.should be_a(ThreadError)
|
103
|
+
it "should kill a process with too much memory" do
|
104
|
+
except_on_OSX
|
105
|
+
response = Runner.new(:limit_memory => 1024 * 1024).run do
|
106
|
+
'a' * 1024 * 1024
|
117
107
|
end
|
108
|
+
response.should_not be_success
|
109
|
+
response.error.should be_a(ChildKilledError)
|
118
110
|
end
|
119
111
|
|
120
|
-
it "kills a process
|
121
|
-
|
122
|
-
|
112
|
+
it "kills a process trying to fork" do
|
113
|
+
except_on_OSX
|
114
|
+
response = Runner.new(:safe => 0, :limit_procs => 0).run do
|
115
|
+
fork do
|
116
|
+
exit
|
117
|
+
end
|
118
|
+
10
|
123
119
|
end
|
124
120
|
response.should_not be_success
|
125
|
-
response.error.should be_a(
|
121
|
+
response.error.should be_a(ChildKilledError)
|
126
122
|
end
|
127
123
|
|
128
124
|
it "kills a process running trying to open a file" do
|
@@ -204,14 +200,15 @@ module Secure
|
|
204
200
|
read_file.read.should == "\"foobar\"\n"
|
205
201
|
end
|
206
202
|
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
203
|
+
it "redirects standard input" do
|
204
|
+
pending "this does not work due to some rspec wierdness" do
|
205
|
+
write_file.puts "foobar"
|
206
|
+
write_file.close
|
207
|
+
response = Runner.new(:pipe_stdin => read_file).run do
|
208
|
+
readline
|
209
|
+
end
|
210
|
+
response.value.should == "foobar\n"
|
213
211
|
end
|
214
|
-
response.value.should == "foobar\n"
|
215
212
|
end
|
216
213
|
end
|
217
214
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secure
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.3
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ date: 2011-10-27 00:00:00.000000000Z
|
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rspec
|
16
|
-
requirement: &
|
16
|
+
requirement: &70139064843180 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ~>
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: '2.6'
|
22
22
|
type: :development
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *70139064843180
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: rake
|
27
|
-
requirement: &
|
27
|
+
requirement: &70139064842760 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ! '>='
|
@@ -32,7 +32,7 @@ dependencies:
|
|
32
32
|
version: '0'
|
33
33
|
type: :development
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *70139064842760
|
36
36
|
description: see summary
|
37
37
|
email:
|
38
38
|
- tejas@gja.in
|