toq 0.0.4.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80a65277f3a40c87e1cd57cb2351e74edf361ce895b2d88192591202220eb9c5
-  data.tar.gz: fb84844e12da4f51d26c561f6365f44ff9eb432c02630fbe094fbaf42d6f5550
+  metadata.gz: 272f1b4331d14f8c5d4b9dcb5969e83a6c6f189de4cfe38a533c4d0660d44d23
+  data.tar.gz: 43752df680609784b637d8e5398403b96190899b1492ce870cac212dd72d9ee5
 SHA512:
-  metadata.gz: e223eaa8fecfada1dc77fe0ba5deda4a1b1dea6b9db84875cab346d4f0ce07cf67eac924c03852ed32472d3455635a6c02af9a1adccd3c122a18f3e010917ce5
-  data.tar.gz: 3988a8f821f6a0884d10eaa66e32a2853a756888e4ce478a402d12c09111daa742142e2d1ef36a68af0a5053ee13bdea18b17b89b609e13a0b9008db4b9a0313
+  metadata.gz: 9c9de3857a967e239b15a6160d6aed561fbb0e3a3bd31a0e9040f7b84b4ef33a5f12205f1fc17e042d466355d318a1073ee4b5955ef246fdbbf6cd1039c5d159
+  data.tar.gz: ea66f7e0a9ae201bbdcffe8c6220bf989f680f5a8aa54fff297ac6c6fc89e8cf95fc7c2bcc113dc6a8d4c19da5ad53eab2c0faba5d59a326e24f14802852ed12

data/lib/toq/exceptions.rb

@@ -116,6 +116,15 @@ module Exceptions
 
     end
 
+    class UnsafeMethod < Base
+
+        # @return   [Bool]  true
+        def rpc_unsafe_method_error?
+            true
+        end
+
+    end
+
     # An invalid method has been called.
     #
     # Occurs when a remote method doesn't exist or isn't public.

data/lib/toq/server.rb

@@ -188,6 +188,12 @@ class Server
             raise Exceptions::InvalidObject.new( msg )
         end
 
+        if !method_safe?( obj_name, meth_name )
+            msg = "Trying to access unsafe method '#{meth_name}'."
+            @logger.error( 'Call' ){ msg + " [on behalf of #{peer_ip_addr}]" }
+            raise Exceptions::UnsafeMethod.new( msg )
+        end
+
         # The handler needs to know if this is an async call because if it is
         # we'll have already send the response and it doesn't need to do
         # transmit anything.
@@ -259,6 +265,28 @@ class Server
         !!@objects[obj_name]
     end
 
+    def method_safe?( obj_name, meth_name )
+        ancestors = @objects[obj_name].class.ancestors - [Object, Kernel, BasicObject]
+
+        ancestors.each do |ancestor|
+            case ancestor
+                when Class
+                    if ancestor.allocate.public_methods( false ).include? meth_name.to_sym
+                        return true
+                    end
+
+                when Module
+                    object = Object.new
+                    object.extend( ancestor )
+                    if object.public_methods( false ).include? meth_name.to_sym
+                        return true
+                    end
+            end
+        end
+
+        false
+    end
+
 end
 
 end

data/lib/toq/version.rb

@@ -8,6 +8,6 @@
 
 module Toq
 
-    VERSION = '0.0.4.1'
+    VERSION = '0.1.0'
 
 end

data/spec/servers/server.rb

@@ -45,14 +45,30 @@ def rpc_opts_with_mixed_ssl_primitives
     )
 end
 
+module MyModule
+    def in_module
+        true
+    end
+end
+
 class Parent
+    include MyModule
+
     def foo( arg )
         arg
     end
+
+    def in_parent
+        true
+    end
 end
 
 class Test < Parent
 
+    def in_child
+        true
+    end
+
     def delay( arg, &block )
         Raktr.global.run_in_thread if !Raktr.global.running?
         Raktr.global.delay( 1 ) { block.call( arg ) }
@@ -68,6 +84,11 @@ class Test < Parent
         end
     end
 
+    private
+
+    def private_method
+        true
+    end
 end
 
 def start_server( opts, do_not_start = false )

data/spec/toq/server_spec.rb

@@ -8,6 +8,13 @@ end
 describe Toq::Server do
     let(:options) { rpc_opts.merge( port: 7333 ) }
     subject { start_server( options, true ) }
+    let(:server) { start_server( options ) }
+    let(:client) { start_client( options ) }
+
+    before :all do
+        Thread.new { server }
+        client
+    end
 
     describe '#initialize' do
         it 'should be able to properly setup class options' do
@@ -63,6 +70,37 @@ describe Toq::Server do
         subject.logger.class.should == ::Logger
     end
 
+    context 'when a method is public' do
+        it 'can be called' do
+            expect( client.call('test.in_child') ).to be_truthy
+        end
+    end
+
+    context 'when a method is private' do
+        it 'cannot be called' do
+            expect { client.call('test.private_method') }.to raise_error Toq::Exceptions::UnsafeMethod
+        end
+    end
+
+    context 'when a method is inherited' do
+        it 'can be called' do
+            expect( client.call('test.in_parent') ).to be_truthy
+            expect( client.call('test.in_module') ).to be_truthy
+        end
+    end
+
+    context 'when a method is inherited from Kernel' do
+        it 'cannot be called' do
+            expect { client.call('test.exec', 'ls') }.to raise_error Toq::Exceptions::UnsafeMethod
+        end
+    end
+
+    context 'when a method is inherited from Object' do
+        it 'cannot be called' do
+            expect { client.call('test.included_modules') }.to raise_error Toq::Exceptions::UnsafeMethod
+        end
+    end
+
     describe '#alive?' do
         it 'returns true' do
             subject.should be_alive

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: toq
 version: !ruby/object:Gem::Version
-  version: 0.0.4.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Tasos Laskos
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-18 00:00:00.000000000 Z
+date: 2024-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: raktr
@@ -74,7 +74,7 @@ homepage: https://github.com/qadron/toq
 licenses:
 - BSD 3-Clause
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--charset=UTF-8"
 require_paths:
@@ -90,27 +90,27 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.12
-signing_key: 
+rubygems_version: 3.4.22
+signing_key:
 specification_version: 4
 summary: Simple RPC protocol.
 test_files:
-- spec/spec_helper.rb
-- spec/toq/request_spec.rb
-- spec/toq/response_spec.rb
-- spec/toq/client_spec.rb
-- spec/toq/exceptions_spec.rb
-- spec/toq/server_spec.rb
-- spec/toq/proxy_spec.rb
-- spec/toq/message_spec.rb
-- spec/servers/server.rb
-- spec/servers/unix_socket.rb
 - spec/servers/with_ssl_primitives.rb
 - spec/servers/basic.rb
-- spec/pems/cacert.pem
-- spec/pems/server/cert.pem
-- spec/pems/server/key.pem
-- spec/pems/client/foo-key.pem
-- spec/pems/client/foo-cert.pem
+- spec/servers/server.rb
+- spec/servers/unix_socket.rb
 - spec/pems/client/cert.pem
 - spec/pems/client/key.pem
+- spec/pems/client/foo-cert.pem
+- spec/pems/client/foo-key.pem
+- spec/pems/server/cert.pem
+- spec/pems/server/key.pem
+- spec/pems/cacert.pem
+- spec/spec_helper.rb
+- spec/toq/proxy_spec.rb
+- spec/toq/client_spec.rb
+- spec/toq/response_spec.rb
+- spec/toq/server_spec.rb
+- spec/toq/message_spec.rb
+- spec/toq/request_spec.rb
+- spec/toq/exceptions_spec.rb