shikashi 0.1.0

data/lib/shikashi/privileges/singleton_methods.rb

@@ -0,0 +1,28 @@
+=begin
+
+This file is part of the shikashi project, http://github.com/tario/shikashi
+
+Copyright (c) 2009-2010 Roberto Dario Seminara <robertodarioseminara@gmail.com>
+
+shikashi is free software: you can redistribute it and/or modify
+it under the terms of the gnu general public license as published by
+the free software foundation, either version 3 of the license, or
+(at your option) any later version.
+
+shikashi is distributed in the hope that it will be useful,
+but without any warranty; without even the implied warranty of
+merchantability or fitness for a particular purpose.  see the
+gnu general public license for more details.
+
+you should have received a copy of the gnu general public license
+along with shikashi.  if not, see <http://www.gnu.org/licenses/>.
+
+=end
+module Shikashi
+  class Privileges
+    #Define the permissions needed to define singleton methods within the sandbox
+    def allow_singleton_methods
+      allow_method :singleton_method_added
+    end
+  end
+end

data/lib/shikashi/sandbox.rb

@@ -0,0 +1,381 @@
+=begin
+
+This file is part of the shikashi project, http://github.com/tario/shikashi
+
+Copyright (c) 2009-2010 Roberto Dario Seminara <robertodarioseminara@gmail.com>
+
+shikashi is free software: you can redistribute it and/or modify
+it under the terms of the gnu general public license as published by
+the free software foundation, either version 3 of the license, or
+(at your option) any later version.
+
+shikashi is distributed in the hope that it will be useful,
+but without any warranty; without even the implied warranty of
+merchantability or fitness for a particular purpose.  see the
+gnu general public license for more details.
+
+you should have received a copy of the gnu general public license
+along with shikashi.  if not, see <http://www.gnu.org/licenses/>.
+
+=end
+
+require "rallhook"
+require "shikashi/privileges"
+require "shikashi/pick_argument"
+
+module Shikashi
+
+  class << self
+    attr_accessor :global_binding
+  end
+
+
+#The sandbox class run the sandbox, because of internal behaviour only can be use one instance
+#of sandbox by thread (each different thread may have its own sandbox running in the same time)
+#
+#= Example
+#
+# require "rubygems"
+# require "shikashi"
+#
+# include Shikashi
+#
+# s = Sandbox.new
+# priv = Privileges.new
+# priv.allow_method :print
+#
+# s.run(priv, 'print "hello world\n"')
+#
+  class Sandbox
+
+#array of privileges of restricted code within sandbox
+#
+#Example
+# sandbox.privileges[source].allow_method :raise
+#
+    attr_reader :privileges
+#Binding of execution, the default is a binding in a global context allowing the definition of module of classes
+    attr_reader :chain
+
+#
+# Generate a random source file name for the sandbox, used internally
+#
+
+    def generate_id
+      "sandbox-#{rand(1000000)}"
+    end
+
+    def initialize
+      @privileges = Hash.new
+      @chain = Hash.new
+      @redirect_hash = Hash.new
+    end
+
+# add a chain of sources, used internally
+    def add_source_chain(outer, inner)
+      @chain[inner] = outer
+    end
+
+
+#Base class to define redirections of methods called in the sandbox
+#
+#= Example 1
+#Basic redirection
+#
+# require "rubygems"
+# require "shikashi"
+#
+# class TestWrapper < Shikashi::Sandbox::MethodWrapper
+#   def call(*args)
+#     print "called foo from source: #{source}, arguments: #{args.inspect} \n"
+#     original_call(*args)
+#   end
+# end
+#
+#
+# class X
+#   def foo
+#     print "original foo\n"
+#   end
+# end
+#
+#
+# s = Shikashi::Sandbox.new
+# perm = Shikashi::Privileges.new
+#
+# perm.object(X).allow :new
+# perm.instances_of(X).allow :foo
+#
+# # redirect calls to foo to TestWrapper
+# perm.instances_of(X).redirect :foo, TestWrapper
+#
+# s.run(perm,"X.new.foo")
+#
+#= Example 2
+#Proper block handling on redirection wrapper
+#
+# require "rubygems"
+# require "shikashi"
+#
+# class TestWrapper < Shikashi::Sandbox::MethodWrapper
+#   def call(*args)
+#     print "called each from source: #{source}\n"
+#     if block_given?
+#      original_call(*args) do |*x|
+#        yield(*x)
+#      end
+#     else
+#      original_call(*args)
+#     end
+#   end
+# end
+#
+# s = Shikashi::Sandbox.new
+# perm = Shikashi::Privileges.new
+# perm.instances_of(Array).allow :each
+# perm.instances_of(Enumerable::Enumerator).allow :each
+# perm.allow_method :print
+#
+# s.run perm, '
+#  array = [1,2,3]
+#
+#  array.each do |x|
+#    print x,"\n"
+#  end
+#
+#  enum = array.each
+#  enum.each do |x|
+#    print x,"\n"
+#  end
+# '
+    class MethodWrapper < RallHook::Helper::MethodWrapper
+      attr_accessor :sandbox
+      attr_accessor :privileges
+      attr_accessor :source
+
+      def self.redirect_handler(klass,recv,method_name,method_id,sandbox)
+          wrap = self.new
+          wrap.klass = klass
+          wrap.recv = recv
+          wrap.method_name = method_name
+          wrap.method_id = method_id
+          wrap.sandbox = sandbox
+
+          if block_given?
+            yield(wrap)
+          end
+
+          return wrap.redirect_with_unhook(:call_with_rehook)
+      end
+    end
+
+    # Used internally
+    class InheritedWrapper < MethodWrapper
+      def call(*args)
+        subclass = args.first
+        privileges.object(subclass).allow :new
+        privileges.instances_of(subclass).allow :initialize
+        original_call(*args)
+      end
+    end
+
+    # Used internally
+    class DummyWrapper < MethodWrapper
+      def call(*args)
+        if block_given?
+          original_call(*args) do |*x|
+            yield(*x)
+          end
+        else
+          original_call(*args)
+        end
+      end
+    end
+
+    class RallhookHandler < RallHook::HookHandler
+      attr_accessor :sandbox
+      attr_accessor :redirect
+
+      def handle_method(klass, recv, method_name, method_id)
+        source = nil
+        if method_name
+
+          source = caller.first.split(":").first
+          dest_source = klass.shadow.instance_method(method_name).body.file
+
+          privileges = nil
+          if source != dest_source then
+            privileges = sandbox.privileges[source]
+            if privileges then
+              privileges = privileges.dup
+              loop_source = source
+              loop_privileges = privileges
+
+              while loop_privileges and loop_source != dest_source
+                unless loop_privileges.allow?(klass,recv,method_name,method_id)
+                  raise SecurityError.new("Cannot invoke method #{method_name} on object of class #{klass}")
+                end
+
+                loop_privileges = nil
+                loop_source = sandbox.chain[loop_source]
+
+                if dest_source then
+                  loop_privileges = sandbox.privileges[loop_source]
+                else
+                  loop_privileges = nil
+                end
+
+              end
+            end
+          end
+
+          if method_name == :inherited and recv.instance_of? Class
+           mw = InheritedWrapper.redirect_handler(klass,recv,method_name,method_id,sandbox)
+           mw.recv.privileges = privileges
+    	     return mw
+          end
+
+          return nil if method_name == :instance_eval
+          return nil if method_name == :binding
+
+          if method_name
+            wclass = @redirect[method_name.to_sym]
+            if wclass then
+              return wclass.redirect_handler(klass,recv,method_name,method_id,sandbox)
+            end
+          end
+
+          if dest_source == ""
+            return DummyWrapper.redirect_handler(klass,recv,method_name,method_id,sandbox)
+          end
+
+        end
+
+
+        if privileges
+          privileges.handle_redirection(klass,recv,method_id,sandbox) do |mh|
+              mh.privileges = privileges
+              mh.source = source
+            end
+        end
+
+      end # if
+    end # Class
+
+    #Run the code in sandbox with the given privileges, also run privileged code in the sandbox context for
+    #execution of classes and methods defined in the sandbox from outside the sandbox if a block is passed
+    # (see examples)
+    #
+    #call-seq: run(arguments)
+    #
+    #Arguments
+    #
+    # :code       Mandatory argument of class String with the code to execute restricted in the sandbox
+    # :privileges Optional argument of class Shikashi::Sandbox::Privileges to indicate the restrictions of the
+    #             code executed in the sandbox. The default is an empty Privileges (absolutly no permission)
+    #             Must be of class Privileges or passed as hash_key (:privileges => privileges)
+    # :binding    Optional argument with the binding object of the context where the code is to be executed
+    #             The default is a binding in the global context
+    # :source     Optional argument to indicate the "source name", (visible in the backtraces). Only can
+    #             be specified as hash parameter
+    #
+    #
+    #The arguments can be passed in any order and using hash notation or not, examples:
+    #
+    # sandbox.run code, privileges
+    # sandbox.run code, :privileges => privileges
+    # sandbox.run :code => code, :privileges => privileges
+    # sandbox.run code, privileges, binding
+    # sandbox.run binding, code, privileges
+    # #etc
+    # sandbox.run binding, code, privileges, :source => source
+    # sandbox.run binding, :code => code, :privileges => privileges, :source => source
+    #
+    #Example:
+    #
+    # require "rubygems"
+    # require "shikashi"
+    #
+    # include Shikashi
+    #
+    # sandbox = Sandbox.new
+    # privileges = Privileges.new
+    # privileges.allow_method :print
+    # sandbox.run('print "hello world\n"', :privileges => privileges)
+    #
+    #Example 2:
+    # require "rubygems"
+    # require "shikashi"
+    #
+    # include Shikashi
+    #
+    # sandbox = Sandbox.new
+    # privileges = Privileges.new
+    # privileges.allow_method :print
+    # privileges.allow_method :singleton_method_added
+    #
+    # sandbox.run('
+    #   def self.foo
+    #     print "hello world\n"
+    #   end
+    #    ', :privileges => privileges)
+    #
+    # #outside of this block, the method foo defined in the sandbox are invisible
+    # sandbox.run do
+    #   self.foo
+    # end
+    #
+    #
+
+    def run(*args)
+
+      handler = RallhookHandler.new
+      handler.redirect = @redirect_hash
+      handler.sandbox = self
+
+      if block_given?
+        handler.hook do
+            yield
+        end
+      else
+
+        privileges_ = args.pick(Privileges,:privileges) do Privileges.new end
+        code = args.pick(String,:code)
+        binding_ = args.pick(Binding,:binding) do Shikashi.global_binding end
+        source = args.pick(:source) do generate_id end
+
+        self.privileges[source] = privileges_
+
+        handler.hook do
+          eval(code, binding_, source)
+        end
+      end
+    end
+
+
+    #redirects a method with given name to a wrapper of the given class
+    #example:
+    # class PrintWrapper < Shikashi::Sandbox::MethodWrapper
+    #   def call(*args)
+    #     print "invoked print\n"
+    #     original_call(*args)
+    #   end
+    # end
+    #
+    # sandbox.redirect(:print, PrintWrapper)
+    # sandbox.redirect(:print, :wrapper_class => PrintWrapper)
+    # sandbox.redirect(:method_name => :print, :wrapper_class => PrintWrapper)
+    #
+
+    def redirect(*args)
+      mname = args.pick(Symbol, :method_name)
+      wclass = args.pick(Class, :wrapper_class)
+      @redirect_hash[mname] = wclass
+    end
+
+  end
+end
+
+Shikashi.global_binding = binding()
+
+

metadata

@@ -0,0 +1,81 @@
+--- !ruby/object:Gem::Specification 
+name: shikashi
+version: !ruby/object:Gem::Version 
+  version: 0.1.0
+platform: ruby
+authors: 
+- Dario Seminara
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-06-20 00:00:00 -03:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rallhook
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.7.0
+    version: 
+description: 
+email: robertodarioseminara@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+files: 
+- examples/basic/example1.rb
+- examples/basic/example3.rb
+- examples/basic/example5.rb
+- examples/basic/example4.rb
+- examples/basic/example.rb
+- examples/basic/example2.rb
+- lib/shikashi.rb
+- lib/shikashi/pick_argument.rb
+- lib/shikashi/sandbox.rb
+- lib/shikashi/privileges/exceptions.rb
+- lib/shikashi/privileges/singleton_methods.rb
+- lib/shikashi/privileges/classes.rb
+- lib/shikashi/privileges.rb
+- AUTHORS
+- CHANGELOG
+- README
+- Rakefile
+- TODO
+has_rdoc: true
+homepage: http://github.com/tario/shikashi
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: shikashi is a ruby sandbox that permits the execution of "unprivileged" scripts by defining the permitted methods and constants the scripts can invoke (I.E., the script cannot use the File class or a RoR Model Class unless that permission is specified) "well done version" of ruby-arena-sanbox based on rallhook
+test_files: []
+