secure 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/.gitignore CHANGED
@@ -2,3 +2,5 @@
2
2
  .bundle
3
3
  Gemfile.lock
4
4
  pkg/*
5
+ .rbenv-version
6
+ .DS_STORE
data/README.md CHANGED
@@ -37,6 +37,8 @@ Options:
37
37
  * :limit_cpu => This is the limit of how many cpu-seconds your process can use. MUST be an integer. This should be used as a fallback in case :timeout is not honored
38
38
  * :run_before => A block, or array of blocks that is run before your code is sandboxed. Be careful. Remember how lambdas are bound in ruby. Refer to this for more details: http://blog.sidu.in/2007/11/ruby-blocks-gotchas.html
39
39
  * :pipe_stdin, :pipe_stdout, :pipe_stderr => A File to pipe the stdin, out ond stderr to
40
+ * :safe => An integer that represents the new safe mode (default 3)
41
+ * :limit_files => Maximum file descriptor the block can open. If you want to say no files, set this to 0
40
42
 
41
43
  Errors:
42
44
  =======
@@ -12,6 +12,8 @@ module Secure
12
12
  @pipe_stderr = opts[:pipe_stderr]
13
13
  @pipe_stdin = opts[:pipe_stdin]
14
14
  @run_before = opts[:run_before]
15
+ @safe_value = opts[:safe] || 3
16
+ @limit_files = opts[:limit_files]
15
17
  end
16
18
 
17
19
  def guard_threads
@@ -21,6 +23,7 @@ module Secure
21
23
  def set_resource_limits
22
24
  Process::setrlimit(Process::RLIMIT_AS, @limit_memory) if @limit_memory
23
25
  Process::setrlimit(Process::RLIMIT_CPU, @limit_cpu, 2 + @limit_cpu) if @limit_cpu
26
+ Process::setrlimit(Process::RLIMIT_NOFILE, @limit_files, @limit_files) if @limit_files
24
27
  end
25
28
 
26
29
  def redirect_files
@@ -43,7 +46,7 @@ module Secure
43
46
  redirect_files
44
47
  thread = Thread.start do
45
48
  run_before_methods
46
- $SAFE=3
49
+ $SAFE = @safe_value
47
50
  yield
48
51
  end
49
52
  decorate_with_guard_threads(thread)
@@ -1,3 +1,3 @@
1
1
  module Secure
2
- VERSION = "1.0.0"
2
+ VERSION = "1.1.0"
3
3
  end
@@ -57,6 +57,14 @@ module Secure
57
57
  response.should be_success
58
58
  $SAFE.should == 0
59
59
  end
60
+
61
+ it "can change the safe value if needed" do
62
+ response = Runner.new(:safe => 0).run do
63
+ $SAFE
64
+ end
65
+ response.should be_success
66
+ response.value.should == 0
67
+ end
60
68
  end
61
69
 
62
70
  context "security violations" do
@@ -104,6 +112,14 @@ module Secure
104
112
  response.error.should be_a(Secure::ChildKilledError)
105
113
  end
106
114
 
115
+ it "kills a process running trying to open a file" do
116
+ response = Runner.new(:safe => 0, :limit_files => 0).run do
117
+ File.read(__FILE__)
118
+ end
119
+ response.should_not be_success
120
+ response.error.should be_a(Errno::EMFILE)
121
+ end
122
+
107
123
  it "should not be able to open a file" do
108
124
  response = Runner.new.run do
109
125
  File.open("/etc/passwd")
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2011-10-26 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &70153208867340 !ruby/object:Gem::Requirement
16
+ requirement: &70276562098440 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ~>
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '2.6'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *70153208867340
24
+ version_requirements: *70276562098440
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: rake
27
- requirement: &70153208866920 !ruby/object:Gem::Requirement
27
+ requirement: &70276562098020 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
32
32
  version: '0'
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *70153208866920
35
+ version_requirements: *70276562098020
36
36
  description: see summary
37
37
  email:
38
38
  - tejas@gja.in