secure 0.1.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. data/Rakefile +4 -5
  2. data/lib/secure.rb +5 -2
  3. data/lib/secure/runner.rb +3 -2
  4. data/lib/secure/version.rb +1 -1
  5. data/secure.gemspec +3 -0
  6. data/spec/secure/runner_spec.rb +107 -0
  7. data/spec/secure_spec.rb +5 -99
  8. metadata +36 -7
data/Rakefile CHANGED
@@ -1,12 +1,11 @@
1
1
  require 'bundler/gem_tasks'
2
2
  require 'rake'
3
- require 'spec/rake/spectask'
3
+ require 'rspec/core/rake_task'
4
4
 
5
5
  desc "Run all examples"
6
- Spec::Rake::SpecTask.new('spec') do |t|
7
- t.spec_opts << "--colour --format specdoc --loadby mtime --reverse"
8
- t.spec_opts << "-r spec/spec_helper"
9
- t.spec_files = FileList['spec/**/*.rb']
6
+ RSpec::Core::RakeTask.new('spec') do |t|
7
+ t.rspec_opts = "--colour --format documentation -r spec/spec_helper"
8
+ t.pattern = 'spec/**/*.rb'
10
9
  end
11
10
 
12
11
  task :default => :spec
data/lib/secure.rb CHANGED
@@ -9,9 +9,12 @@ require "secure/runner"
9
9
  module Secure
10
10
  class << self
11
11
  def run(opts = {}, *args)
12
- Runner.new(opts).run do
13
- yield *args
12
+ response = Runner.new(opts, *args).run do |*a|
13
+ yield *a
14
14
  end
15
+
16
+ raise response.error unless response.success?
17
+ response.value
15
18
  end
16
19
 
17
20
  alias :ly :run
data/lib/secure/runner.rb CHANGED
@@ -1,7 +1,8 @@
1
1
  module Secure
2
2
  class Runner
3
- def initialize(opts)
3
+ def initialize(opts = {}, *args)
4
4
  @opts = opts
5
+ @args = args
5
6
  end
6
7
 
7
8
  def run
@@ -9,7 +10,7 @@ module Secure
9
10
 
10
11
  child = fork do
11
12
  begin
12
- ChildProcess.new(@opts, read_file, write_file).execute { yield }
13
+ ChildProcess.new(@opts, read_file, write_file).execute { yield *@args }
13
14
  ensure
14
15
  exit
15
16
  end
data/lib/secure/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Secure
2
- VERSION = "0.1.1"
2
+ VERSION = "0.2.0"
3
3
  end
data/secure.gemspec CHANGED
@@ -17,4 +17,7 @@ Gem::Specification.new do |s|
17
17
  s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
18
18
  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
19
19
  s.require_paths = ["lib"]
20
+
21
+ s.add_development_dependency('rspec')
22
+ s.add_development_dependency('rake')
20
23
  end
data/spec/secure/runner_spec.rb ADDED
@@ -0,0 +1,107 @@
1
+ module Secure
2
+ describe Runner do
3
+ it "should execute normal code as expected" do
4
+ response = Runner.new.run do
5
+ 4 + 4
6
+ end
7
+ response.should be_success
8
+ response.value.should == 8
9
+ end
10
+
11
+ it "should kill all threads after running" do
12
+ response = Runner.new.run do
13
+ 10
14
+ end
15
+ response.should be_success
16
+ Thread.list.should have(1).things
17
+ end
18
+
19
+ it "should take parameters" do
20
+ response = Runner.new({}, 4, 2).run do |a, b|
21
+ a + b
22
+ end
23
+ response.should be_success
24
+ response.value.should == 6
25
+ end
26
+
27
+ context "safe value" do
28
+ it "should be set to 3" do
29
+ response = Runner.new.run do
30
+ $SAFE
31
+ end
32
+ response.should be_success
33
+ response.value.should == 3
34
+ end
35
+
36
+ it "should not be affected in the parent thread" do
37
+ response = Runner.new.run {}
38
+ response.should be_success
39
+ $SAFE.should == 0
40
+ end
41
+ end
42
+
43
+ context "security violations" do
44
+ it "should not allow an eval to be called" do
45
+ response = Runner.new.run do
46
+ eval "45"
47
+ end
48
+ response.should_not be_success
49
+ response.error.should be_a(SecurityError)
50
+ end
51
+
52
+ it "should not allow system calls" do
53
+ response = Runner.new.run do
54
+ system("echo hi")
55
+ end
56
+ response.should_not be_success
57
+ response.error.should be_a(SecurityError)
58
+ end
59
+
60
+ it "should kill infinite loops" do
61
+ response = Runner.new(:timeout => 0.005).run do
62
+ while true; end
63
+ end
64
+ response.should_not be_success
65
+ response.error.should be_a(Secure::TimeoutError)
66
+ end
67
+
68
+ it "should not be able to open a file" do
69
+ response = Runner.new.run do
70
+ File.open("/etc/passwd")
71
+ end
72
+ response.should_not be_success
73
+ response.error.should be_a(SecurityError)
74
+ end
75
+ end
76
+
77
+ context "allowed syntax" do
78
+ it "should allow eval on an untainted string" do
79
+ string = "45".untaint
80
+ response = Runner.new({}, string).run do |str|
81
+ eval(str)
82
+ end
83
+ response.should be_success
84
+ response.value.should == 45
85
+ end
86
+
87
+ it "should be able to read from an open file" do
88
+ file = File.open("/etc/hosts")
89
+ response = Runner.new({}, file).run do |file|
90
+ file.readline
91
+ end
92
+ response.should be_success
93
+ end
94
+ end
95
+
96
+ context "error information" do
97
+ it "should know where the syntax is invalid" do
98
+ string = "while true; end; end"
99
+ response = Runner.new({}, string).run do |string|
100
+ eval(string)
101
+ end
102
+ response.should_not be_success
103
+ response.error.should be_a(SyntaxError)
104
+ end
105
+ end
106
+ end
107
+ end
data/spec/secure_spec.rb CHANGED
@@ -1,105 +1,11 @@
1
1
  describe Secure do
2
- it "should execute normal code as expected" do
3
- response = Secure.ly do
4
- 4 + 4
5
- end
6
- response.should be_success
7
- response.value.should == 8
8
- end
9
-
10
- it "should kill all threads after running" do
11
- response = Secure.ly do
12
- 10
13
- end
14
- response.should be_success
15
- Thread.list.should have(1).things
16
- end
17
-
18
- it "should take parameters" do
19
- response = Secure.ly({}, 4, 2) do |a, b|
2
+ it "should execute a block with params" do
3
+ Secure.ly({}, 4, 2) do |a, b|
20
4
  a + b
21
- end
22
- response.should be_success
23
- response.value.should == 6
24
- end
25
-
26
- context "safe value" do
27
- it "should be set to 3" do
28
- response = Secure.ly do
29
- $SAFE
30
- end
31
- response.should be_success
32
- response.value.should == 3
33
- end
34
-
35
- it "should not be affected in the parent thread" do
36
- response = Secure.ly {}
37
- response.should be_success
38
- $SAFE.should == 0
39
- end
40
- end
41
-
42
- context "security violations" do
43
- it "should not allow an eval to be called" do
44
- response = Secure.ly do
45
- eval "45"
46
- end
47
- response.should_not be_success
48
- response.error.should be_a(SecurityError)
49
- end
50
-
51
- it "should not allow system calls" do
52
- response = Secure.ly do
53
- system("echo hi")
54
- end
55
- response.should_not be_success
56
- response.error.should be_a(SecurityError)
57
- end
58
-
59
- it "should kill infinite loops" do
60
- response = Secure.ly :timeout => 0.005 do
61
- while true; end
62
- end
63
- response.should_not be_success
64
- response.error.should be_a(Secure::TimeoutError)
65
- end
66
-
67
- it "should not be able to open a file" do
68
- response = Secure.ly do
69
- File.open("/etc/passwd")
70
- end
71
- response.should_not be_success
72
- response.error.should be_a(SecurityError)
73
- end
74
- end
75
-
76
- context "allowed syntax" do
77
- it "should allow eval on an untainted string" do
78
- string = "45".untaint
79
- response = Secure.ly({}, string) do |str|
80
- eval(str)
81
- end
82
- response.should be_success
83
- response.value.should == 45
84
- end
85
-
86
- it "should be able to read from an open file" do
87
- file = File.open("/etc/hosts")
88
- response = Secure.ly({}, file) do |file|
89
- file.readline
90
- end
91
- response.should be_success
92
- end
5
+ end.should eq(6)
93
6
  end
94
7
 
95
- context "error information" do
96
- it "should know where the syntax is invalid" do
97
- string = "while true; end; end"
98
- response = Secure.ly({}, string) do |string|
99
- eval(string)
100
- end
101
- response.should_not be_success
102
- response.error.should be_a(SyntaxError)
103
- end
8
+ it "should throw an exception if block fails" do
9
+ lambda { Secure.ly(:timeout => 0.1) { while true; end } }.should raise_error(Secure::TimeoutError)
104
10
  end
105
11
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure
3
3
  version: !ruby/object:Gem::Version
4
- hash: 25
4
+ hash: 23
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
- - 1
9
- - 1
10
- version: 0.1.1
8
+ - 2
9
+ - 0
10
+ version: 0.2.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Tejas Dinkar
@@ -15,10 +15,37 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-08-30 00:00:00 +05:30
18
+ date: 2011-09-02 00:00:00 +05:30
19
19
  default_executable:
20
- dependencies: []
21
-
20
+ dependencies:
21
+ - !ruby/object:Gem::Dependency
22
+ name: rspec
23
+ prerelease: false
24
+ requirement: &id001 !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ hash: 3
30
+ segments:
31
+ - 0
32
+ version: "0"
33
+ type: :development
34
+ version_requirements: *id001
35
+ - !ruby/object:Gem::Dependency
36
+ name: rake
37
+ prerelease: false
38
+ requirement: &id002 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ">="
42
+ - !ruby/object:Gem::Version
43
+ hash: 3
44
+ segments:
45
+ - 0
46
+ version: "0"
47
+ type: :development
48
+ version_requirements: *id002
22
49
  description: see summary
23
50
  email:
24
51
  - tejas@gja.in
@@ -42,6 +69,7 @@ files:
42
69
  - lib/secure/version.rb
43
70
  - secure.gemspec
44
71
  - spec/secure/response_spec.rb
72
+ - spec/secure/runner_spec.rb
45
73
  - spec/secure_spec.rb
46
74
  - spec/spec_helper.rb
47
75
  has_rdoc: true
@@ -80,5 +108,6 @@ specification_version: 3
80
108
  summary: gem to do things securely using ruby $SAFE
81
109
  test_files:
82
110
  - spec/secure/response_spec.rb
111
+ - spec/secure/runner_spec.rb
83
112
  - spec/secure_spec.rb
84
113
  - spec/spec_helper.rb