shikashi-the-north 0.1

data/shikashi.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |gem|
+  gem.name          = "shikashi-the-north"
+  gem.version       = '0.1'
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.authors       = ["Joey Perira", "Adam Williams"]
+  gem.email         = ["joey@pereira.io"]
+  gem.summary       = %q{Shikashi is a ruby sandbox for running arbitrary Ruby code with eval.}
+  gem.description   = %q{Shikashi allows whitelisting specific language features, from constants, to system modules, to arbitrary functions. This allows compete control over what evaluated code can do, restricting use outside of specification. WARNING: changes made in this package are experimental and can cause security flaws at the gain of performance.}
+  gem.homepage      = "https://github.com/xLegoz/shikashi"
+  # gem.license       = 'MIT'
+
+  gem.add_dependency 'evalhook', '~> 0.6.0'
+  gem.add_dependency 'getsource', '~> 0.2.2'
+end

data/spec/functional/encoding_spec.rb

@@ -0,0 +1,39 @@
+# encoding: utf-8
+require "test/unit"
+require "shikashi"
+
+include Shikashi
+
+describe Sandbox, "Shikashi sandbox" do
+  it "Should accept UTF-8 encoding via ruby header comments" do
+    Sandbox.new.run("# encoding: utf-8\n'кириллица'").should be == 'кириллица'
+  end
+
+  it "Should accept UTF-8 encoding via sandbox run options" do
+    Sandbox.new.run("'кириллица'", :encoding => "utf-8").should be == 'кириллица'
+  end
+
+  it "Should accept UTF-8 encoding via ruby header comments" do
+    Sandbox.new.run("# encoding:        utf-8\n'кириллица'").should be == 'кириллица'
+  end
+
+  it "Should accept UTF-8 encoding via ruby header comments" do
+    Sandbox.new.run("#        encoding: utf-8\n'кириллица'").should be == 'кириллица'
+  end
+
+  it "Should accept UTF-8 encoding via ruby header comments" do
+    Sandbox.new.packet("# encoding: utf-8\n'кириллица'").run.should be == 'кириллица'
+  end
+
+  it "Should accept UTF-8 encoding via sandbox run options" do
+    Sandbox.new.packet("'кириллица'", :encoding => "utf-8").run.should be == 'кириллица'
+  end
+
+  it "Should accept UTF-8 encoding via ruby header comments" do
+    Sandbox.new.packet("# encoding:        utf-8\n'кириллица'").run.should be == 'кириллица'
+  end
+
+  it "Should accept UTF-8 encoding via ruby header comments" do
+    Sandbox.new.packet("#        encoding: utf-8\n'кириллица'").run.should be == 'кириллица'
+  end
+end

data/spec/functional/timeout_spec.rb

@@ -0,0 +1,57 @@
+=begin
+
+This file is part of the shikashi project, http://github.com/tario/shikashi
+
+Copyright (c) 2009-2010 Roberto Dario Seminara <robertodarioseminara@gmail.com>
+
+shikashi is free software: you can redistribute it and/or modify
+it under the terms of the gnu general public license as published by
+the free software foundation, either version 3 of the license, or
+(at your option) any later version.
+
+shikashi is distributed in the hope that it will be useful,
+but without any warranty; without even the implied warranty of
+merchantability or fitness for a particular purpose.  see the
+gnu general public license for more details.
+
+you should have received a copy of the gnu general public license
+along with shikashi.  if not, see <http://www.gnu.org/licenses/>.
+
+=end
+require "test/unit"
+require "shikashi"
+
+include Shikashi
+
+describe Sandbox, "Shikashi sandbox" do
+
+  def self.add_test(name, execution_delay, timeout)
+    if execution_delay > timeout
+      it "Should allow timeout of type #{name}" do
+        priv = Shikashi::Privileges.new
+        priv.allow_method :sleep
+
+        lambda {
+        Sandbox.new.run "sleep #{execution_delay}", priv, :timeout => timeout
+        }.should raise_error(Shikashi::Timeout::Error)
+      end
+    else
+      it "Should allow timeout of type #{name}" do
+        priv = Shikashi::Privileges.new
+        priv.allow_method :sleep
+
+        Sandbox.new.run "sleep #{execution_delay}", priv, :timeout => timeout
+
+      end
+
+    end
+  end
+
+  add_test "basic",2,1
+  add_test "float",0.2,0.1
+  add_test "float_no_hit",0.1,0.2
+  add_test "zero", 1,0
+  add_test "zero_no_hit", 0,1
+
+end
+

data/spec/sandbox/privileges_sugar_syntax_spec.rb

@@ -0,0 +1,160 @@
+require "shikashi"
+
+include Shikashi
+
+describe Privileges, "Shikashi::Privileges" do
+
+  # method chaining
+  it "allow_method should return object of Privileges class" do
+    Privileges.allow_method(:foo).should be_kind_of(Privileges)
+  end
+
+  it "allow_global_read should return object of Privileges class" do
+    Privileges.allow_global_read(:$a).should be_kind_of(Privileges)
+  end
+
+  it "allow_global_write should return object of Privileges class" do
+    Privileges.allow_global_write(:$a).should be_kind_of(Privileges)
+  end
+
+  it "allow_const_read should return object of Privileges class" do
+    Privileges.allow_const_read(:$a).should be_kind_of(Privileges)
+  end
+
+  it "allow_const_write should return object of Privileges class" do
+    Privileges.allow_const_write(:$a).should be_kind_of(Privileges)
+  end
+
+  it "allow_xstr should return object of Privileges class" do
+    Privileges.allow_xstr.should be_kind_of(Privileges)
+  end
+
+  it "instances_of(...).allow() should return object of Privileges class" do
+    Privileges.instances_of(Fixnum).allow("foo").should be_kind_of(Privileges)
+  end
+
+  it "object(...).allow() should return object of Privileges class" do
+    Privileges.object(Fixnum).allow("foo").should be_kind_of(Privileges)
+  end
+
+  it "methods_of(...).allow() should return object of Privileges class" do
+    Privileges.methods_of(Fixnum).allow("foo").should be_kind_of(Privileges)
+  end
+
+  it "instances_of(...).allow() should return object of Privileges class" do
+    Privileges.instances_of(Fixnum).allow_all.should be_kind_of(Privileges)
+  end
+
+  it "object(...).allow() should return object of Privileges class" do
+    Privileges.object(Fixnum).allow_all.should be_kind_of(Privileges)
+  end
+
+  it "methods_of(...).allow() should return object of Privileges class" do
+    Privileges.methods_of(Fixnum).allow_all.should be_kind_of(Privileges)
+  end
+
+  it "should chain one allow_method" do
+    priv = Privileges.allow_method(:to_s)
+    priv.allow?(Fixnum,4,:to_s,0).should be == true
+  end
+
+  it "should chain one allow_method and one allow_global" do
+    priv = Privileges.
+        allow_method(:to_s).
+        allow_global_read(:$a)
+
+    priv.allow?(Fixnum,4,:to_s,0).should be == true
+    priv.global_read_allowed?(:$a).should be == true
+  end
+
+  # argument conversion
+  it "should allow + method (as string)" do
+    priv = Privileges.new
+    priv.allow_method("+")
+    priv.allow?(Fixnum,4,:+,0).should be == true
+  end
+
+  it "should allow + method (as symbol)" do
+    priv = Privileges.new
+    priv.allow_method(:+)
+    priv.allow?(Fixnum,4,:+,0).should be == true
+  end
+
+  it "should allow $a global read (as string)" do
+    priv = Privileges.new
+    priv.allow_global_read("$a")
+    priv.global_read_allowed?(:$a).should be == true
+  end
+
+  it "should allow $a global read (as symbol)" do
+    priv = Privileges.new
+    priv.allow_global_read(:$a)
+    priv.global_read_allowed?(:$a).should be == true
+  end
+
+  it "should allow multiple global read (as symbol) in only one allow_global_read call" do
+    priv = Privileges.new
+    priv.allow_global_read(:$a, :$b)
+    priv.global_read_allowed?(:$a).should be == true
+    priv.global_read_allowed?(:$b).should be == true
+  end
+
+  it "should allow $a global write (as string)" do
+    priv = Privileges.new
+    priv.allow_global_write("$a")
+    priv.global_write_allowed?(:$a).should be == true
+  end
+
+  it "should allow $a global write (as symbol)" do
+    priv = Privileges.new
+    priv.allow_global_write(:$a)
+    priv.global_write_allowed?(:$a).should be == true
+  end
+
+  it "should allow multiple global write (as symbol) in only one allow_global_write call" do
+    priv = Privileges.new
+    priv.allow_global_write(:$a, :$b)
+    priv.global_write_allowed?(:$a).should be == true
+    priv.global_write_allowed?(:$b).should be == true
+  end
+
+  # constants
+
+  it "should allow constant read (as string)" do
+    priv = Privileges.new
+    priv.allow_const_read("TESTCONSTANT")
+    priv.const_read_allowed?("TESTCONSTANT").should be == true
+  end
+
+  it "should allow constant read (as symbol)" do
+    priv = Privileges.new
+    priv.allow_const_read(:TESTCONSTANT)
+    priv.const_read_allowed?("TESTCONSTANT").should be == true
+  end
+
+  it "should allow multiple constant read (as string) in only one allow_const_read call" do
+    priv = Privileges.new
+    priv.allow_const_read("TESTCONSTANT1", "TESTCONSTANT2")
+    priv.const_read_allowed?("TESTCONSTANT1").should be == true
+    priv.const_read_allowed?("TESTCONSTANT2").should be == true
+  end
+
+  it "should allow constant write (as string)" do
+    priv = Privileges.new
+    priv.allow_const_write("TESTCONSTANT")
+    priv.const_write_allowed?("TESTCONSTANT").should be == true
+  end
+
+  it "should allow constant write (as symbol)" do
+    priv = Privileges.new
+    priv.allow_const_write(:TESTCONSTANT)
+    priv.const_write_allowed?("TESTCONSTANT").should be == true
+  end
+
+  it "should allow multiple constant write (as symbol) in only one allow_const_write call" do
+    priv = Privileges.new
+    priv.allow_const_write("TESTCONSTANT1", "TESTCONSTANT2")
+    priv.const_write_allowed?("TESTCONSTANT1").should be == true
+    priv.const_write_allowed?("TESTCONSTANT2").should be == true
+  end
+end

data/spec/sandbox/sandbox_hook_handler_spec.rb

@@ -0,0 +1,181 @@
+require "rubygems"
+require "shikashi"
+require "evalhook"
+
+include Shikashi
+
+describe Sandbox, "Shikashi sandbox hook handler" do
+
+  it "should be obtainable from sandbox" do
+    Sandbox.new.hook_handler
+  end
+
+  it "should be obtainable from sandbox through create_hook_handler" do
+    sandbox = Sandbox.new
+    hook_handler = sandbox.create_hook_handler()
+    hook_handler.should be_kind_of(EvalHook::HookHandler)
+  end
+
+  class X
+    def foo
+
+    end
+  end
+  it "should raise SecurityError when handle calls without privileges" do
+    sandbox = Sandbox.new
+    hook_handler = sandbox.create_hook_handler()
+
+    x = X.new
+    lambda {
+      hook_handler.handle_method(X,x,:foo)
+    }.should raise_error(SecurityError)
+
+  end
+
+  it "should not raise SecurityError with method privileges" do
+    sandbox = Sandbox.new
+    priv = Privileges.new
+    priv.allow_method(:foo)
+
+    hook_handler = sandbox.create_hook_handler(:privileges => priv, :source => "test-source")
+
+    def hook_handler.get_caller
+      "test-source"
+    end
+
+    x = X.new
+    lambda {
+      hook_handler.handle_method(X,x,:foo)
+
+    }.should_not raise_error
+
+  end
+
+  it "should raise SecurityError with handle_gasgn without privileges" do
+    sandbox = Sandbox.new
+
+    hook_handler = sandbox.create_hook_handler(:source => "test-source")
+
+    def hook_handler.get_caller
+      "test-source"
+    end
+
+    lambda {
+      hook_handler.handle_gasgn(:$a,nil)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should not raise SecurityError with handle_gasgn with privileges" do
+    sandbox = Sandbox.new
+    privileges = Privileges.new
+
+    privileges.allow_global_write(:$a)
+
+    hook_handler = sandbox.create_hook_handler(:privileges => privileges, :source => "test-source")
+
+    def hook_handler.get_caller
+      "test-source"
+    end
+
+    lambda {
+      hook_handler.handle_gasgn(:$a,nil)
+    }.should_not raise_error
+  end
+
+  it "should raise SecurityError with handle_cdecl without privileges" do
+    sandbox = Sandbox.new
+
+    hook_handler = sandbox.create_hook_handler(:source => "test-source")
+
+    def hook_handler.get_caller
+      "test-source"
+    end
+
+    lambda {
+      hook_handler.handle_cdecl(Object,:A,nil)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should not raise SecurityError with handle_cdecl with privileges" do
+    sandbox = Sandbox.new
+    privileges = Privileges.new
+
+    privileges.allow_const_write("Object::A")
+
+    hook_handler = sandbox.create_hook_handler(:privileges => privileges, :source => "test-source")
+
+    def hook_handler.get_caller
+      "test-source"
+    end
+
+    lambda {
+      hook_handler.handle_cdecl(Object,:A,nil)
+    }.should_not raise_error
+  end
+
+
+
+  it "should raise SecurityError with handle_gvar without privileges" do
+    sandbox = Sandbox.new
+
+    hook_handler = sandbox.create_hook_handler(:source => "test-source")
+
+    def hook_handler.get_caller
+      "test-source"
+    end
+
+    lambda {
+      hook_handler.handle_gvar(:$a)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should not raise SecurityError with handle_gasgn with privileges" do
+    sandbox = Sandbox.new
+    privileges = Privileges.new
+
+    privileges.allow_global_read(:$a)
+
+    hook_handler = sandbox.create_hook_handler(:privileges => privileges, :source => "test-source")
+
+    def hook_handler.get_caller
+      "test-source"
+    end
+
+    lambda {
+      hook_handler.handle_gvar(:$a)
+    }.should_not raise_error
+  end
+
+  it "should raise SecurityError with handle_const without privileges" do
+    sandbox = Sandbox.new
+
+    hook_handler = sandbox.create_hook_handler(:source => "test-source")
+
+    def hook_handler.get_caller
+      "test-source"
+    end
+
+    lambda {
+      hook_handler.handle_const(:A)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should not raise SecurityError with handle_cdecl with privileges" do
+    sandbox = Sandbox.new
+    privileges = Privileges.new
+
+    ::A = nil
+    privileges.allow_const_read("A")
+
+    hook_handler = sandbox.create_hook_handler(:privileges => privileges, :source => "test-source")
+
+    def hook_handler.get_caller
+      "test-source"
+    end
+
+    lambda {
+      hook_handler.handle_const(:A)
+    }.should_not raise_error
+  end
+
+end