shikashi-the-north 0.1

data/spec/sandbox/sandbox_spec.rb

@@ -0,0 +1,331 @@
+require "rubygems"
+require "shikashi"
+
+include Shikashi
+
+$top_level_binding = binding
+
+describe Sandbox, "Shikashi sandbox" do
+  it "should run empty code without privileges" do
+    Sandbox.new.run ""
+  end
+
+  it "should run empty code with privileges" do
+    Sandbox.new.run "", Privileges.new
+  end
+
+  class X
+    def foo
+    end
+  end
+  it "should raise SecurityError when call method without privileges" do
+
+    x = X.new
+
+    lambda {
+      Sandbox.new.run "x.foo", binding, :no_base_namespace => true
+    }.should raise_error(SecurityError)
+
+  end
+
+  it "should not raise anything when call method with privileges" do
+
+    x = X.new
+    privileges = Privileges.new
+    def privileges.allow?(*args)
+      true
+    end
+
+    Sandbox.new.run "x.foo", binding, :privileges => privileges, :no_base_namespace => true
+
+  end
+
+
+  module ::A4
+    module B4
+      module C4
+
+      end
+    end
+  end
+
+  it "should allow use a class declared inside" do
+    priv = Privileges.new
+    priv.allow_method :new
+    Sandbox.new.run("
+      class ::TestInsideClass
+        def foo
+        end
+      end
+
+      ::TestInsideClass.new.foo
+    ", priv)
+  end
+
+  it "should use base namespace when the code uses colon3 node (2 levels)" do
+    Sandbox.new.run( "::B4",
+        :base_namespace => A4
+    ).should be == A4::B4
+  end
+
+  it "should change base namespace when classes are declared (2 levels)" do
+    Sandbox.new.run( "
+                class ::X4
+                   def foo
+                   end
+                end
+            ",
+        :base_namespace => A4
+    )
+
+    A4::X4
+  end
+
+  it "should use base namespace when the code uses colon3 node (3 levels)" do
+    Sandbox.new.run( "::C4",
+        $top_level_binding, :base_namespace => ::A4::B4
+    ).should be == ::A4::B4::C4
+  end
+
+  it "should change base namespace when classes are declared (3 levels)" do
+    Sandbox.new.run( "
+                class ::X4
+                   def foo
+                   end
+                end
+            ",
+        $top_level_binding, :base_namespace => ::A4::B4
+    )
+
+    A4::B4::X4
+  end
+
+  it "should reach local variables when current binding is used" do
+    a = 5
+    Sandbox.new.run("a", binding, :no_base_namespace => true).should be == 5
+  end
+
+  class N
+    def foo
+      @a = 5
+      Sandbox.new.run("@a", binding, :no_base_namespace => true)
+    end
+  end
+
+
+  it "should allow reference to instance variables" do
+     N.new.foo.should be == 5
+  end
+
+  it "should create a default module for each sandbox" do
+     s = Sandbox.new
+     s.run('class X
+              def foo
+                 "foo inside sandbox"
+              end
+            end')
+
+     x = s.base_namespace::X.new
+     x.foo.should be == "foo inside sandbox"
+  end
+
+  it "should not allow xstr when no authorized" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    lambda {
+      s.run("%x[echo hello world]", priv)
+    }.should raise_error(SecurityError)
+
+  end
+
+  it "should allow xstr when authorized" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    priv.allow_xstr
+
+    lambda {
+      s.run("%x[echo hello world]", priv)
+    }.should_not raise_error
+
+  end
+
+  it "should not allow global variable read" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    lambda {
+      s.run("$a", priv)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should allow global variable read when authorized" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    priv.allow_global_read(:$a)
+
+    lambda {
+      s.run("$a", priv)
+    }.should_not raise_error
+  end
+
+  it "should not allow constant variable read" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    TESTCONSTANT9999 = 9999
+    lambda {
+      s.run("TESTCONSTANT9999", priv)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should allow constant read when authorized" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    priv.allow_const_read("TESTCONSTANT9998")
+    ::TESTCONSTANT9998 = 9998
+
+    lambda {
+      s.run("TESTCONSTANT9998", priv).should be == 9998
+    }.should_not raise_error
+  end
+
+  it "should allow read constant nested on classes when authorized" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    priv.allow_const_read("Fixnum")
+    Fixnum::TESTCONSTANT9997 = 9997
+
+    lambda {
+      s.run("Fixnum::TESTCONSTANT9997", priv).should be == 9997
+    }.should_not raise_error
+  end
+
+
+  it "should not allow global variable write" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    lambda {
+      s.run("$a = 9", priv)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should allow global variable write when authorized" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    priv.allow_global_write(:$a)
+
+    lambda {
+      s.run("$a = 9", priv)
+    }.should_not raise_error
+  end
+
+  it "should not allow constant write" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    lambda {
+      s.run("TESTCONSTANT9999 = 99991", priv)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should allow constant write when authorized" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    priv.allow_const_write("TESTCONSTANT9998")
+
+    lambda {
+      s.run("TESTCONSTANT9998 = 99981", priv)
+      TESTCONSTANT9998.should be == 99981
+    }.should_not raise_error
+  end
+
+  it "should allow write constant nested on classes when authorized" do
+    s = Sandbox.new
+    priv = Privileges.new
+
+    priv.allow_const_read("Fixnum")
+    priv.allow_const_write("Fixnum::TESTCONSTANT9997")
+
+    lambda {
+      s.run("Fixnum::TESTCONSTANT9997 = 99971", priv)
+      Fixnum::TESTCONSTANT9997.should be == 99971
+    }.should_not raise_error
+  end
+
+  it "should allow package of code" do
+    s = Sandbox.new
+
+    lambda {
+      s.packet('print "hello world\n"')
+    }.should_not raise_error
+  end
+
+  def self.package_oracle(args1, args2)
+     it "should allow and execute package of code" do
+       e1 = nil
+       e2 = nil
+       r1 = nil
+       r2 = nil
+
+       begin
+         s = Sandbox.new
+         r1 = s.run(*(args1+args2))
+       rescue Exception => e
+         e1 = e
+       end
+
+       begin
+         s = Sandbox.new
+         packet = s.packet(*args1)
+         r2 = packet.run(*args2)
+       rescue Exception => e
+         e2 = e
+       end
+
+       e1.should be == e2
+       r1.should be == r2
+     end
+  end
+
+  class ::XPackage
+    def foo
+
+    end
+  end
+
+  package_oracle ["1"], [:binding => binding]
+  package_oracle ["1+1",{ :privileges => Privileges.allow_method(:+)}], [:binding => binding]
+
+  it "should accept references to classes defined on previous run" do
+    sandbox = Sandbox.new
+
+    sandbox.run("class XinsideSandbox
+    end")
+
+    sandbox.run("XinsideSandbox").should be == sandbox.base_namespace::XinsideSandbox
+  end
+
+  class OutsideX44
+    def method_missing(name)
+      name
+    end
+  end
+  OutsideX44_ins = OutsideX44.new
+
+  it "should allow method_missing handling" do
+    sandbox = Sandbox.new
+    privileges = Privileges.new
+    privileges.allow_const_read("OutsideX44_ins")
+    privileges.instances_of(OutsideX44).allow :method_missing
+
+    sandbox.run("OutsideX44_ins.foo", privileges).should be == :foo
+  end
+end

data/spec/sandbox/sugar_syntax_spec.rb

@@ -0,0 +1,36 @@
+require "shikashi"
+
+include Shikashi
+
+describe Sandbox, "Shikashi sandbox" do
+  it "should allow single run" do
+    Sandbox.run("0").should be == 0
+  end
+
+  it "should allow single run with empty privileges" do
+    priv = Privileges.new
+    Sandbox.run("0", priv).should be == 0
+  end
+
+  it "should allow single run with privileges allowing + method (as symbol)" do
+    priv = Privileges.new
+    priv.allow_method :+
+    Sandbox.run("1+1", priv).should be == 2
+  end
+
+  it "should allow single run with privileges allowing + method (as string)" do
+    priv = Privileges.new
+    priv.allow_method "+"
+    Sandbox.run("1+1", priv).should be == 2
+  end
+
+  it "should allow single run with privileges using sugar syntax and allowing + method (as symbol)" do
+    Sandbox.run("1+1", Privileges.allow_method(:+)).should be == 2
+  end
+
+  it "should allow single run with privileges using sugar syntax and allowing + method (as string)" do
+    Sandbox.run("1+1", Privileges.allow_method("+")).should be == 2
+  end
+
+end
+

data/spec/security/system_calls_spec.rb

@@ -0,0 +1,59 @@
+=begin
+
+Authors:
+
+	Scott Ellard 	(scott.ellard@gmail.com)
+
+This file is part of the shikashi project, http://github.com/tario/shikashi
+
+Copyright (c) 2009-2010 Roberto Dario Seminara <robertodarioseminara@gmail.com>
+
+shikashi is free software: you can redistribute it and/or modify
+it under the terms of the gnu general public license as published by
+the free software foundation, either version 3 of the license, or
+(at your option) any later version.
+
+shikashi is distributed in the hope that it will be useful,
+but without any warranty; without even the implied warranty of
+merchantability or fitness for a particular purpose.  see the
+gnu general public license for more details.
+
+you should have received a copy of the gnu general public license
+along with shikashi.  if not, see <http://www.gnu.org/licenses/>.
+
+=end
+require "test/unit"
+require "rubygems"
+require "shikashi"
+
+describe Shikashi::Sandbox, "Shikashi sandbox" do
+
+  it "should raise SecurityError when try to run shell cmd with backsticks" do
+    priv = Shikashi::Privileges.new
+    lambda {
+      Shikashi::Sandbox.new.run("`ls`", priv)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should raise SecurityError when try to run shell cmd with percent" do
+    priv = Shikashi::Privileges.new
+    lambda {
+      Shikashi::Sandbox.new.run("%x[ls]", priv)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should raise SecurityError when try to run shell cmd by calling system method" do
+    priv = Shikashi::Privileges.new
+    lambda {
+      Shikashi::Sandbox.new.run("system('ls')", priv)
+    }.should raise_error(SecurityError)
+  end
+
+  it "should raise SecurityError when try to run shell cmd by calling exec method" do
+    priv = Shikashi::Privileges.new
+    lambda {
+      Shikashi::Sandbox.new.run("exec('ls')", priv)
+    }.should raise_error(SecurityError)
+  end
+
+end

metadata

@@ -0,0 +1,117 @@
+--- !ruby/object:Gem::Specification
+name: shikashi-the-north
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- Joey Perira
+- Adam Williams
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-08-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: evalhook
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+- !ruby/object:Gem::Dependency
+  name: getsource
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+description: 'Shikashi allows whitelisting specific language features, from constants,
+  to system modules, to arbitrary functions. This allows compete control over what
+  evaluated code can do, restricting use outside of specification. WARNING: changes
+  made in this package are experimental and can cause security flaws at the gain of
+  performance.'
+email:
+- joey@pereira.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- AUTHORS
+- CHANGELOG
+- Gemfile
+- LICENSE
+- README
+- Rakefile
+- TODO
+- examples/basic/example.rb
+- examples/basic/example1.rb
+- examples/basic/example2.rb
+- examples/basic/example3.rb
+- examples/basic/example4.rb
+- examples/basic/example5.rb
+- examples/basic/example6.rb
+- examples/basic/example7.rb
+- examples/basic/example8.rb
+- examples/benchmark/bm1.rb
+- examples/benchmark/bm2.rb
+- examples/timeout/example1.rb
+- lib/shikashi.rb
+- lib/shikashi/pick_argument.rb
+- lib/shikashi/privileges.rb
+- lib/shikashi/privileges/classes.rb
+- lib/shikashi/privileges/exceptions.rb
+- lib/shikashi/privileges/singleton_methods.rb
+- lib/shikashi/sandbox.rb
+- shikashi.gemspec
+- spec/functional/encoding_spec.rb
+- spec/functional/timeout_spec.rb
+- spec/sandbox/privileges_sugar_syntax_spec.rb
+- spec/sandbox/sandbox_hook_handler_spec.rb
+- spec/sandbox/sandbox_spec.rb
+- spec/sandbox/sugar_syntax_spec.rb
+- spec/security/system_calls_spec.rb
+homepage: https://github.com/xLegoz/shikashi
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Shikashi is a ruby sandbox for running arbitrary Ruby code with eval.
+test_files:
+- spec/functional/encoding_spec.rb
+- spec/functional/timeout_spec.rb
+- spec/sandbox/privileges_sugar_syntax_spec.rb
+- spec/sandbox/sandbox_hook_handler_spec.rb
+- spec/sandbox/sandbox_spec.rb
+- spec/sandbox/sugar_syntax_spec.rb
+- spec/security/system_calls_spec.rb