shikashi 0.1.2 → 0.2.0

data/CHANGELOG

@@ -1,3 +1,11 @@
+0.2.0	Added control to the access to constants and global variables (See documentation)
+
+		Remove rallhook dependency, replaced by getsource
+
+		Portability and stability improved by using  evalhook to hook the method calls in the place of rallhook
+
+		Added timeout restriction to the scripts executed in the sandbox (default unlimited)
+
 0.1.2	Fixed compatibility issues with ruby1.9
 
 0.1.1	Fixed issue 2: example2 failed when run under ruby1.9 (http://github.com/tario/shikashi/issues#issue/2)

data/README

@@ -4,19 +4,13 @@ Shikashi is an sandbox for ruby that handles all ruby method calls executed in t
 these calls depending on the receiver object, the method name, the source file from where the call was originated
 and the source file where the called method is implemented.
 
-The permissions for each sandboxed run is fully configurable and the implementation of the methods called from
-the sandbox can be replaced transparently (i.e: replace method IO#write in the sandbox context to capture the
-standard output of the script)
+The permissions for each sandboxed run is fully configurable and the implementation of the methods called from within
+the sandbox can be replaced transparently
 
-The implementation of shikashi is pure ruby and it is based on rallhook, an amending of the ruby interpreter
-(see http://tario.github.com/rallhook/doc)
+The implementation of shikashi is written in pure ruby and now implemented based in evalhook, (see http://tario.github.com/evalhook)
 
 == Installation
 
-=== Prerequisites
-
-* rallhook >= 0.7.0 (found at http://github.com/tario/rallhook)
-
 === Gem installation
 
 Run in the terminal:
@@ -203,3 +197,19 @@ Simple redirection of method, the method foo is replaced by TestWrapper::call
 
 	s.run(perm,"X.new.foo")
 
+=== Timeout example
+
+	require "rubygems"
+	require "shikashi"
+
+	s = Shikashi::Sandbox.new
+	perm = Shikashi::Privileges.new
+
+	perm.allow_method :sleep
+
+	s.run(perm,"sleep 3", :timeout => 2) # raise Shikashi::Timeout::Error after 2 seconds
+	
+	
+== Copying
+
+Copyright (c) 2010 Dario Seminara, released under the GPL License (see LICENSE)

data/Rakefile

@@ -6,13 +6,14 @@ require 'rake/gempackagetask'
 
 spec = Gem::Specification.new do |s|
   s.name = 'shikashi'
-  s.version = '0.1.2'
+  s.version = '0.2.0'
   s.author = 'Dario Seminara'
   s.email = 'robertodarioseminara@gmail.com'
   s.platform = Gem::Platform::RUBY
   s.summary = 'shikashi is a ruby sandbox that permits the execution of "unprivileged" scripts by defining the permitted methods and constants the scripts can invoke (I.E., the script cannot use the File class or a RoR Model Class unless that permission is specified) "well done version" of ruby-arena-sanbox based on rallhook'
   s.homepage = "http://github.com/tario/shikashi"
-  s.add_dependency "rallhook", ">= 0.7.0"  
+  s.add_dependency "evalhook", ">= 0.1.0"
+  s.add_dependency "getsource", ">= 0.1.0"
   s.has_rdoc = true
   s.extra_rdoc_files = [ 'README' ]
 #  s.rdoc_options << '--main' << 'README'
@@ -25,7 +26,7 @@ task :default => [ :test ]
 
 Rake::TestTask.new('test') do |t|
   t.libs << 'test'
-  t.pattern = '{test}/test_*.rb'
+  t.pattern = '{test}/**/test_*.rb'
   t.verbose = true
 end
 

data/TODO

@@ -0,0 +1,2 @@
+
+* Remove the rallhook gem dependency (is currentily used to read the source file of the called methods)

data/examples/basic/example6.rb

@@ -0,0 +1,19 @@
+# "hello world" from within the sandbox
+
+require "rubygems"
+require "shikashi"
+
+include Shikashi
+
+s = Sandbox.new
+priv = Privileges.new
+
+priv.allow_method :print
+priv.allow_global :$a
+
+s.run(priv, '
+$a = 9
+print "assigned 9 to $a\n"
+')
+
+p $a

data/examples/basic/example7.rb

@@ -0,0 +1,19 @@
+# "hello world" from within the sandbox
+
+require "rubygems"
+require "shikashi"
+
+include Shikashi
+
+s = Sandbox.new
+priv = Privileges.new
+
+priv.allow_method :print
+priv.allow_const "Object::A"
+
+s.run(priv, '
+print "assigned 8 to Object::A\n"
+A = 8
+')
+p A
+

data/examples/redir/example1.rb

@@ -0,0 +1,26 @@
+ require "rubygems"
+ require "shikashi"
+
+ class TestWrapper < Shikashi::Sandbox::MethodWrapper
+   def call(*args)
+     print "called foo from source: #{source}, arguments: #{args.inspect} \n"
+     original_call(*args)
+   end
+ end
+
+ class X
+   def foo
+     print "original foo\n"
+   end
+ end
+
+ s = Shikashi::Sandbox.new
+ perm = Shikashi::Privileges.new
+
+ perm.object(X).allow :new
+ perm.instances_of(X).allow :foo
+
+ # redirect calls to foo to TestWrapper
+ perm.instances_of(X).redirect :foo, TestWrapper
+
+ s.run(perm,"X.new.foo")

data/examples/redir/example2.rb

@@ -0,0 +1,40 @@
+ require "rubygems"
+ require "shikashi"
+
+ class TestWrapper < Shikashi::Sandbox::MethodWrapper
+   def call(*args)
+     print "called #{klass}#each block_given?:#{block_given?}, source: #{source}\n"
+     if block_given?
+      original_call(*args) do |*x|
+	print "yielded value #{x.first}\n"
+        yield(*x)
+      end
+     else
+      original_call(*args)
+     end
+   end
+ end
+
+ s = Shikashi::Sandbox.new
+ perm = Shikashi::Privileges.new
+ 
+ perm.instances_of(Array).allow :each
+ perm.instances_of(Array).redirect :each, TestWrapper
+ 
+ perm.instances_of(Enumerable::Enumerator).allow :each
+ perm.instances_of(Enumerable::Enumerator).redirect :each, TestWrapper
+ 
+ perm.allow_method :print
+
+ s.run perm, '
+  array = [1,2,3]
+
+  array.each do |x|
+    print x,"\n"
+  end
+
+  enum = array.each
+  enum.each do |x|
+    print x,"\n"
+  end
+ '

data/examples/timeout/example1.rb

@@ -0,0 +1,9 @@
+	require "rubygems"
+	require "shikashi"
+
+	s = Shikashi::Sandbox.new
+	perm = Shikashi::Privileges.new
+
+	perm.allow_method :sleep
+
+	s.run(perm,"sleep 3", :timeout => 2) # raise Shikashi::Timeout::Error after 2 seconds

data/lib/shikashi/privileges.rb

@@ -90,16 +90,16 @@ public
       @redirect_hash[method_name] = method_wrapper_class
     end
 
-    def handle_redirection(klass, recv, method_name, method_id, sandbox)
+    def handle_redirection(klass, recv, method_name, sandbox)
       rclass = @redirect_hash[method_name.to_sym]
 
       if rclass
         if block_given?
-          rclass.redirect_handler(klass, recv, method_name, method_id, sandbox) do |mh|
+          rclass.redirect_handler(klass, recv, method_name, 0, sandbox) do |mh|
             yield(mh)
           end
         else
-          rclass.redirect_handler(klass, recv, method_name, method_id, sandbox)
+          rclass.redirect_handler(klass, recv, method_name, 0, sandbox)
         end
       else
         nil
@@ -114,6 +114,8 @@ public
     @allowed_instances = Hash.new
     @allowed_methods = Array.new
     @allowed_klass_methods = Hash.new
+    @allowed_globals = Array.new
+    @allowed_consts = Array.new
   end
 
 private
@@ -189,15 +191,14 @@ public
     @allowed_methods << method_name
   end
 
-  def handle_redirection(klass, recv, method_name, method_id, sandbox)
+  def handle_redirection(klass, recv, method_name, sandbox)
     if @last_allowed
-
       if block_given?
-        @last_allowed.handle_redirection(klass, recv, method_name, method_id, sandbox) do |mh|
+        @last_allowed.handle_redirection(klass, recv, method_name, sandbox) do |mh|
           yield(mh)
         end
       else
-        @last_allowed.handle_redirection(klass, recv, method_name, method_id, sandbox)
+        @last_allowed.handle_redirection(klass, recv, method_name, sandbox)
       end
     else
       nil
@@ -208,7 +209,7 @@ public
   def allow?(klass, recv, method_name, method_id)
 
     m = nil
-    m = klass.shadow.instance_method(method_name) if method_name
+    m = klass.instance_method(method_name) if method_name
 
     begin
       return true if @allowed_methods.include?(method_name)
@@ -284,6 +285,56 @@ public
     end
   end
 
+
+  def global_allowed?(varname)
+    @allowed_globals.include? varname
+  end
+
+  def const_allowed?(varname)
+    @allowed_consts.include? varname
+  end
+
+  # defines the permissions needed to create or change a global variable
+  #
+  # Example:
+  #
+  #   s = Sandbox.new
+  #   priv = Privileges.new
+  #
+  #   priv.allow_method :print
+  #   priv.allow_global :$a
+  #
+  #   s.run(priv, '
+  #   $a = 9
+  #   print "assigned 9 to $a\n"
+  #   ')
+  #
+  #   p $a
+  #
+  def allow_global( varname )
+    @allowed_globals << varname
+  end
+
+  # defines the permissions needed to create or change a const
+  #
+  # Example:
+  #   s = Sandbox.new
+  #   priv = Privileges.new
+  #
+  #   priv.allow_method :print
+  #   priv.allow_const "Object::A"
+  #
+  #   s.run(priv, '
+  #   print "assigned 8 to Object::A\n"
+  #   A = 8
+  #   ')
+  #
+  #   p A
+
+  def allow_const( varname )
+    @allowed_consts << varname
+  end
+
 end
 
 end

data/lib/shikashi/sandbox.rb

@@ -18,10 +18,12 @@ you should have received a copy of the gnu general public license
 along with shikashi.  if not, see <http://www.gnu.org/licenses/>.
 
 =end
-
-require "rallhook"
+require "rubygems"
+require "evalhook"
 require "shikashi/privileges"
 require "shikashi/pick_argument"
+require "getsource"
+require "timeout"
 
 module Shikashi
 
@@ -29,6 +31,14 @@ module Shikashi
     attr_accessor :global_binding
   end
 
+  module Timeout
+
+
+    #raised when reach the timeout in a script execution restricted by timeout (see Sandbox#run)
+    class Error < Exception
+
+    end
+  end
 
 #The sandbox class run the sandbox, because of internal behaviour only can be use one instance
 #of sandbox by thread (each different thread may have its own sandbox running in the same time)
@@ -119,9 +129,10 @@ module Shikashi
 #
 # class TestWrapper < Shikashi::Sandbox::MethodWrapper
 #   def call(*args)
-#     print "called each from source: #{source}\n"
+#     print "called #{klass}#each block_given?:#{block_given?}, source: #{source}\n"
 #     if block_given?
 #      original_call(*args) do |*x|
+#        print "yielded value #{x.first}\n"
 #        yield(*x)
 #      end
 #     else
@@ -132,8 +143,13 @@ module Shikashi
 #
 # s = Shikashi::Sandbox.new
 # perm = Shikashi::Privileges.new
+#
 # perm.instances_of(Array).allow :each
+# perm.instances_of(Array).redirect :each, TestWrapper
+#
 # perm.instances_of(Enumerable::Enumerator).allow :each
+# perm.instances_of(Enumerable::Enumerator).redirect :each, TestWrapper
+#
 # perm.allow_method :print
 #
 # s.run perm, '
@@ -148,64 +164,100 @@ module Shikashi
 #    print x,"\n"
 #  end
 # '
-    class MethodWrapper < RallHook::Helper::MethodWrapper
+    class MethodWrapper
+
+      class MethodRedirect
+        include RedirectHelper::MethodRedirect
+
+        attr_accessor :klass
+        attr_accessor :method_name
+        attr_accessor :recv
+      end
+
+      attr_accessor :recv
+      attr_accessor :method_name
+      attr_accessor :klass
       attr_accessor :sandbox
       attr_accessor :privileges
       attr_accessor :source
 
       def self.redirect_handler(klass,recv,method_name,method_id,sandbox)
-          wrap = self.new
-          wrap.klass = klass
-          wrap.recv = recv
-          wrap.method_name = method_name
-          wrap.method_id = method_id
-          wrap.sandbox = sandbox
-
-          if block_given?
-            yield(wrap)
-          end
+        mw = self.new
+        mw.klass = klass
+        mw.recv = recv
+        mw.method_name = method_name
+        mw.sandbox = sandbox
 
-          return wrap.redirect_with_unhook(:call_with_rehook)
-      end
-    end
+        if block_given?
+          yield(mw)
+        end
+
+        mr = MethodRedirect.new
+
+        mr.recv = mw
+        mr.klass = mw.class
+        mr.method_name = :call
 
-    # Used internally
-    class InheritedWrapper < MethodWrapper
-      def call(*args)
-        subclass = args.first
-        privileges.object(subclass).allow :new
-        privileges.instances_of(subclass).allow :initialize
-        original_call(*args)
+        mr
       end
-    end
 
-    # Used internally
-    class DummyWrapper < MethodWrapper
-      def call(*args)
+      def original_call(*args)
         if block_given?
-          original_call(*args) do |*x|
+          klass.instance_method(method_name).bind(recv).call(*args) do |*x|
             yield(*x)
           end
         else
-          original_call(*args)
+          klass.instance_method(method_name).bind(recv).call(*args)
         end
       end
     end
 
-    class RallhookHandler < RallHook::HookHandler
+    class EvalhookHandler < EvalHook::HookHandler
       attr_accessor :sandbox
       attr_accessor :redirect
 
-      def handle_method(klass, recv, method_name, method_id)
+      def handle_gasgn( global_id, value )
+        source = caller[1].split(":").first
+
+        privileges = sandbox.privileges[source]
+        if privileges
+          unless privileges.global_allowed? global_id
+            raise SecurityError.new("Cannot assign global variable #{global_id}")
+          end
+        end
+
+        nil
+      end
+
+      def handle_cdecl(klass, const_id, value)
+        source = caller[1].split(":").first
+
+        privileges = sandbox.privileges[source]
+        if privileges
+          unless privileges.const_allowed? "#{klass}::#{const_id}"
+            raise SecurityError.new("Cannot assign const #{klass}::#{const_id}")
+          end
+        end
+
+        nil
+
+
+      end
+
+      def handle_method(klass, recv, method_name)
         source = nil
+
+        method_id = 0
+
         if method_name
 
-          source = caller.first.split(":").first
-          dest_source = klass.shadow.instance_method(method_name).body.file
+          source = caller[1].split(":").first
+          dest_source = klass.instance_method(method_name).body.file
 
           privileges = nil
           if source != dest_source then
             privileges = sandbox.privileges[source]
+
             if privileges then
               privileges = privileges.dup
               loop_source = source
@@ -229,12 +281,6 @@ module Shikashi
             end
           end
 
-          if method_name == :inherited and recv.instance_of? Class
-           mw = InheritedWrapper.redirect_handler(klass,recv,method_name,method_id,sandbox)
-           mw.recv.privileges = privileges
-    	     return mw
-          end
-
           return nil if method_name == :instance_eval
           return nil if method_name == :binding
 
@@ -245,20 +291,13 @@ module Shikashi
             end
           end
 
-          if dest_source == ""
-            return nil if (method_name.to_s == "core#define_method")
-            return nil if (method_name.to_s == "core#define_singleton_method")
-            return DummyWrapper.redirect_handler(klass,recv,method_name,method_id,sandbox)
-          end
-
         end
 
-
         if privileges
-          privileges.handle_redirection(klass,recv,method_name,method_id,sandbox) do |mh|
-              mh.privileges = privileges
-              mh.source = source
-            end
+          privileges.handle_redirection(klass,recv,method_name,sandbox) do |mh|
+            mh.privileges = privileges
+            mh.source = source
+          end
         end
 
       end # if
@@ -280,6 +319,8 @@ module Shikashi
     #             The default is a binding in the global context
     # :source     Optional argument to indicate the "source name", (visible in the backtraces). Only can
     #             be specified as hash parameter
+    # :timeout    Optional argument to restrict the execution time of the script to a given value in seconds
+    #             (accepts integer and decimal values), when timeout hits Shikashi::Timeout::Error is raised
     #
     #
     #The arguments can be passed in any order and using hash notation or not, examples:
@@ -331,25 +372,30 @@ module Shikashi
 
     def run(*args)
 
-      handler = RallhookHandler.new
+      handler = EvalhookHandler.new
       handler.redirect = @redirect_hash
       handler.sandbox = self
 
+      t = args.pick(:timeout) do nil end
+      raise Shikashi::Timeout::Error if t == 0
+      t = t || 0
+
       if block_given?
-        handler.hook do
-            yield
-        end
+        yield
       else
+        begin
+          timeout t do
+            privileges_ = args.pick(Privileges,:privileges) do Privileges.new end
+            code = args.pick(String,:code)
+            binding_ = args.pick(Binding,:binding) do Shikashi.global_binding end
+            source = args.pick(:source) do generate_id end
 
-        privileges_ = args.pick(Privileges,:privileges) do Privileges.new end
-        code = args.pick(String,:code)
-        binding_ = args.pick(Binding,:binding) do Shikashi.global_binding end
-        source = args.pick(:source) do generate_id end
-
-        self.privileges[source] = privileges_
+            self.privileges[source] = privileges_
 
-        handler.hook do
-          eval(code, binding_, source)
+            handler.evalhook(code, binding_, source)
+          end
+        rescue ::Timeout::Error
+          raise Shikashi::Timeout::Error
         end
       end
     end

data/test/functional/test_timeout.rb

@@ -0,0 +1,36 @@
+require "test/unit"
+require "shikashi"
+
+class TimeoutTest <  Test::Unit::TestCase
+
+  def _test_timeout(execution_delay, timeout)
+    priv = Shikashi::Privileges.new
+    # allow the execution of the method sleep to emulate an execution delay
+    priv.allow_method :sleep
+
+    if execution_delay > timeout
+      assert_raise Shikashi::Timeout::Error do
+        # specify the timeout and the current binding to use the execution_delay parameter
+        Shikashi::Sandbox.new.run("sleep execution_delay", priv, binding, :timeout => timeout)
+      end
+    else
+      assert_nothing_raised do
+        Shikashi::Sandbox.new.run("sleep execution_delay", priv, binding, :timeout => timeout)
+      end
+    end
+  end
+
+  def self.add_test(name, execution_delay, timeout)
+    define_method("test_"+name)  do
+      _test_timeout(execution_delay, timeout)
+    end
+  end
+
+  add_test "basic",2,1
+  add_test "float",0.2,0.1
+  add_test "float_no_hit",0.1,0.2
+  add_test "zero", 1,0
+  add_test "zero_no_hit", 0,1
+
+end
+

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: shikashi
 version: !ruby/object:Gem::Version 
-  hash: 31
+  hash: 23
   prerelease: false
   segments: 
   - 0
-  - 1
   - 2
-  version: 0.1.2
+  - 0
+  version: 0.2.0
 platform: ruby
 authors: 
 - Dario Seminara
@@ -15,25 +15,41 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-07 00:00:00 -03:00
+date: 2010-10-30 00:00:00 -03:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: rallhook
+  name: evalhook
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
+        hash: 27
         segments: 
         - 0
-        - 7
+        - 1
         - 0
-        version: 0.7.0
+        version: 0.1.0
   type: :runtime
   version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: getsource
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 0
+        - 1
+        - 0
+        version: 0.1.0
+  type: :runtime
+  version_requirements: *id002
 description: 
 email: robertodarioseminara@gmail.com
 executables: []
@@ -47,8 +63,13 @@ files:
 - examples/basic/example3.rb
 - examples/basic/example5.rb
 - examples/basic/example4.rb
+- examples/basic/example6.rb
 - examples/basic/example.rb
+- examples/basic/example7.rb
 - examples/basic/example2.rb
+- examples/timeout/example1.rb
+- examples/redir/example1.rb
+- examples/redir/example2.rb
 - lib/shikashi.rb
 - lib/shikashi/pick_argument.rb
 - lib/shikashi/sandbox.rb
@@ -56,6 +77,7 @@ files:
 - lib/shikashi/privileges/singleton_methods.rb
 - lib/shikashi/privileges/classes.rb
 - lib/shikashi/privileges.rb
+- test/functional/test_timeout.rb
 - AUTHORS
 - CHANGELOG
 - README