trusted-sandbox 0.1.0 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +3 -3
- data/lib/trusted_sandbox/cli.rb +6 -0
- data/lib/trusted_sandbox/config.rb +1 -1
- data/lib/trusted_sandbox/defaults.rb +2 -1
- data/lib/trusted_sandbox/request_serializer.rb +17 -3
- data/lib/trusted_sandbox/response.rb +8 -1
- data/lib/trusted_sandbox/runner.rb +1 -1
- data/lib/trusted_sandbox/server_images/ruby-2.1.2/run.rb +6 -2
- data/lib/trusted_sandbox/version.rb +1 -1
- data/spec/lib/trusted_sandbox/request_serializer_spec.rb +15 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 79c7242f41d0e034bb997f59a9a155b263887ea1
|
|
4
|
+
data.tar.gz: 7a63530de915aa77a320cf55bdec6ac0b337ef4f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b7df8a4d8294da359c80211eded78ba1bd5417ee968cc366240d8aa76d57fd58d718c65028b01a1d72d3312ca0e12d864501a931d1b3555ff45a2fcf650206f3
|
|
7
|
+
data.tar.gz: 515e0bf30b9c8ad98f1358cf5597715b338a3dbbbe22e930f55e1876c4e2a4d31f038452da172854abc9526f9e56286778835fa6a12e2b49e3465ef91ccc932a
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -107,7 +107,7 @@ $ trusted_sandbox test
|
|
|
107
107
|
Install the image. This step is optional, as Docker automatically installs images when you first run them. However,
|
|
108
108
|
since it takes a few minutes we suggest you do this in advance.
|
|
109
109
|
```
|
|
110
|
-
$ docker run --rm vaharoni/trusted_sandbox:ruby-2.1.2.
|
|
110
|
+
$ docker run --rm vaharoni/trusted_sandbox:ruby-2.1.2.v2
|
|
111
111
|
```
|
|
112
112
|
If you see the message "you must provide a uid", then you are set.
|
|
113
113
|
|
|
@@ -148,7 +148,7 @@ YAML file which will override any configuration and passed through to `Docker.op
|
|
|
148
148
|
|
|
149
149
|
In addition, these docker-related configuration parameters can be used:
|
|
150
150
|
```ruby
|
|
151
|
-
docker_image_name: vaharoni/trusted_sandbox:ruby-2.1.2.
|
|
151
|
+
docker_image_name: vaharoni/trusted_sandbox:ruby-2.1.2.v2
|
|
152
152
|
|
|
153
153
|
# Optional authentication
|
|
154
154
|
docker_login:
|
|
@@ -420,7 +420,7 @@ You should not override user quota related parameters, as they must be prepared
|
|
|
420
420
|
## Using custom docker images
|
|
421
421
|
|
|
422
422
|
Trusted Sandbox comes with one ready-to-use image that includes Ruby 2.1.2. It is hosted on Docker Hub under
|
|
423
|
-
`vaharoni/trusted_sandbox:ruby-2.1.2.
|
|
423
|
+
`vaharoni/trusted_sandbox:ruby-2.1.2.v2`.
|
|
424
424
|
|
|
425
425
|
We are actively looking for contributors who are willing to help expand the library of Docker images to support other
|
|
426
426
|
languages and environments.
|
data/lib/trusted_sandbox/cli.rb
CHANGED
|
@@ -73,5 +73,11 @@ module TrustedSandbox
|
|
|
73
73
|
TrustedSandbox.uid_pool.release_all
|
|
74
74
|
end
|
|
75
75
|
end
|
|
76
|
+
|
|
77
|
+
desc 'ssh UID', 'Shows how to run a container with the current configuration settings. If UID is provided, it includes mounting instructions.'
|
|
78
|
+
def ssh(uid=nil)
|
|
79
|
+
uid_string = uid ? "-v #{File.join(TrustedSandbox.config.host_code_root_path, uid)}:/home/sandbox/src" : nil
|
|
80
|
+
puts %{docker run -it #{uid_string} --entrypoint="/bin/bash" #{TrustedSandbox.config.docker_image_name} -s}
|
|
81
|
+
end
|
|
76
82
|
end
|
|
77
83
|
end
|
|
@@ -49,7 +49,7 @@ module TrustedSandbox
|
|
|
49
49
|
:memory_limit, :memory_swap_limit, :cpu_shares, :docker_image_name,
|
|
50
50
|
:execution_timeout, :network_access, :enable_swap_limit, :enable_quotas,
|
|
51
51
|
:container_code_path, :container_input_filename, :container_output_filename,
|
|
52
|
-
:keep_code_folders, :keep_containers, :quiet_mode
|
|
52
|
+
:keep_code_folders, :keep_containers, :quiet_mode, :container_manifest_filename
|
|
53
53
|
|
|
54
54
|
attr_reader_with_fallback :host_code_root_path, :host_uid_pool_lock_path
|
|
55
55
|
|
|
@@ -3,7 +3,7 @@ module TrustedSandbox
|
|
|
3
3
|
|
|
4
4
|
def initialize
|
|
5
5
|
self.docker_options = {}
|
|
6
|
-
self.docker_image_name = 'vaharoni/trusted_sandbox:ruby-2.1.2.
|
|
6
|
+
self.docker_image_name = 'vaharoni/trusted_sandbox:ruby-2.1.2.v2'
|
|
7
7
|
self.memory_limit = 50 * 1024 * 1024
|
|
8
8
|
self.memory_swap_limit = 50 * 1024 * 1024
|
|
9
9
|
self.cpu_shares = 1
|
|
@@ -19,6 +19,7 @@ module TrustedSandbox
|
|
|
19
19
|
|
|
20
20
|
# Note, changing these may require changing Dockerfile and run.rb and rebuilding the docker image
|
|
21
21
|
self.container_code_path = '/home/sandbox/src'
|
|
22
|
+
self.container_manifest_filename = 'manifest'
|
|
22
23
|
self.container_input_filename = 'input'
|
|
23
24
|
self.container_output_filename = 'output'
|
|
24
25
|
|
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
module TrustedSandbox
|
|
2
2
|
class RequestSerializer
|
|
3
3
|
|
|
4
|
-
attr_reader :host_code_dir_path, :input_file_name
|
|
4
|
+
attr_reader :host_code_dir_path, :manifest_file_name, :input_file_name
|
|
5
5
|
|
|
6
6
|
# @param host_code_dir_path [String] path to the folder where the argument value needs to be stored
|
|
7
|
+
# @param manifest_file_name [String] name of manifest file inside the host_code_dir_path
|
|
7
8
|
# @param input_file_name [String] name of input file inside the host_code_dir_path
|
|
8
|
-
def initialize(host_code_dir_path, input_file_name)
|
|
9
|
+
def initialize(host_code_dir_path, manifest_file_name, input_file_name)
|
|
9
10
|
@host_code_dir_path = host_code_dir_path
|
|
10
11
|
@input_file_name = input_file_name
|
|
12
|
+
@manifest_file_name = manifest_file_name
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
# @param klass [Class] class name to be serialized
|
|
@@ -16,8 +18,9 @@ module TrustedSandbox
|
|
|
16
18
|
def serialize(klass, *args)
|
|
17
19
|
self.klass = klass
|
|
18
20
|
copy_code_file
|
|
21
|
+
create_manifest_file
|
|
19
22
|
|
|
20
|
-
data = Marshal.dump([klass.name,
|
|
23
|
+
data = Marshal.dump([klass.name, args])
|
|
21
24
|
File.binwrite input_file_path, data
|
|
22
25
|
end
|
|
23
26
|
|
|
@@ -27,6 +30,10 @@ module TrustedSandbox
|
|
|
27
30
|
File.join host_code_dir_path, input_file_name
|
|
28
31
|
end
|
|
29
32
|
|
|
33
|
+
def manifest_file_path
|
|
34
|
+
File.join host_code_dir_path, manifest_file_name
|
|
35
|
+
end
|
|
36
|
+
|
|
30
37
|
# = Methods depending on @klass
|
|
31
38
|
|
|
32
39
|
attr_accessor :klass
|
|
@@ -49,5 +56,12 @@ module TrustedSandbox
|
|
|
49
56
|
FileUtils.cp source_file_path, dest_file_path
|
|
50
57
|
end
|
|
51
58
|
|
|
59
|
+
def create_manifest_file
|
|
60
|
+
File.open(manifest_file_path, 'w') do |f|
|
|
61
|
+
# In the near future this will change to a list of files, hence we use array
|
|
62
|
+
f.write [dest_file_name].to_yaml
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
52
66
|
end
|
|
53
67
|
end
|
|
@@ -42,6 +42,13 @@ module TrustedSandbox
|
|
|
42
42
|
# Parses the output file and stores the values in the appropriate ivars
|
|
43
43
|
# @return [nil]
|
|
44
44
|
def parse!
|
|
45
|
+
unless File.exists? output_file_path
|
|
46
|
+
@status = 'error'
|
|
47
|
+
@error = ContainerError.new('User code did not finish properly')
|
|
48
|
+
@error_to_raise = @error
|
|
49
|
+
return
|
|
50
|
+
end
|
|
51
|
+
|
|
45
52
|
begin
|
|
46
53
|
data = File.binread output_file_path
|
|
47
54
|
@raw_response = Marshal.load(data)
|
|
@@ -54,7 +61,7 @@ module TrustedSandbox
|
|
|
54
61
|
|
|
55
62
|
unless ['success', 'error'].include? @raw_response[:status]
|
|
56
63
|
@status = 'error'
|
|
57
|
-
@error =
|
|
64
|
+
@error = InternalError.new('Output file has invalid format')
|
|
58
65
|
@error_to_raise = @error
|
|
59
66
|
return
|
|
60
67
|
end
|
|
@@ -80,7 +80,7 @@ module TrustedSandbox
|
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
def serialize_request(klass, *args)
|
|
83
|
-
serializer = RequestSerializer.new(code_dir_path, config.container_input_filename)
|
|
83
|
+
serializer = RequestSerializer.new(code_dir_path, config.container_manifest_filename, config.container_input_filename)
|
|
84
84
|
serializer.serialize(klass, *args)
|
|
85
85
|
end
|
|
86
86
|
|
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
begin
|
|
2
2
|
require 'active_support'
|
|
3
|
+
require 'yaml'
|
|
3
4
|
|
|
5
|
+
manifest_file_path = '/home/sandbox/src/manifest'
|
|
4
6
|
input_file_path = '/home/sandbox/src/input'
|
|
5
7
|
output_file_path = '/home/sandbox/src/output'
|
|
6
8
|
|
|
9
|
+
manifest = YAML.load_file(manifest_file_path)
|
|
10
|
+
manifest.each {|f| require_relative "src/#{f}"}
|
|
11
|
+
|
|
7
12
|
data = File.binread(input_file_path)
|
|
8
|
-
klass_name,
|
|
9
|
-
require File.join('/home/sandbox/src', file_name)
|
|
13
|
+
klass_name, args = Marshal.load(data)
|
|
10
14
|
klass = ActiveSupport::Inflector.constantize klass_name
|
|
11
15
|
|
|
12
16
|
obj = klass.new(*args)
|
|
@@ -3,27 +3,31 @@ require 'spec_helper'
|
|
|
3
3
|
describe TrustedSandbox::RequestSerializer do
|
|
4
4
|
before do
|
|
5
5
|
@tmp_path = 'tmp/test/request_serializer'
|
|
6
|
-
|
|
7
|
-
@
|
|
6
|
+
|
|
7
|
+
@manifest_file_name = 'manifest'
|
|
8
|
+
@manifest_file_path = File.expand_path File.join(@tmp_path, @manifest_file_name)
|
|
9
|
+
|
|
10
|
+
@args_file_name = 'args'
|
|
11
|
+
@args_file_path = File.expand_path File.join(@tmp_path, @args_file_name)
|
|
8
12
|
FileUtils.rm_rf @tmp_path
|
|
9
13
|
FileUtils.mkdir_p @tmp_path
|
|
10
14
|
end
|
|
11
15
|
|
|
12
16
|
describe '#initialize' do
|
|
13
17
|
before do
|
|
14
|
-
@subject = TrustedSandbox::RequestSerializer.new(@tmp_path, @
|
|
18
|
+
@subject = TrustedSandbox::RequestSerializer.new(@tmp_path, @manifest_file_name, @args_file_name)
|
|
15
19
|
end
|
|
16
20
|
|
|
17
21
|
it 'initializes attributes correctly' do
|
|
18
22
|
@subject.host_code_dir_path.should == @tmp_path
|
|
19
|
-
@subject.input_file_name.should == @
|
|
23
|
+
@subject.input_file_name.should == @args_file_name
|
|
20
24
|
end
|
|
21
25
|
|
|
22
26
|
end
|
|
23
27
|
|
|
24
28
|
describe '#serialize' do
|
|
25
29
|
before do
|
|
26
|
-
@subject = TrustedSandbox::RequestSerializer.new(@tmp_path, @
|
|
30
|
+
@subject = TrustedSandbox::RequestSerializer.new(@tmp_path, @manifest_file_name, @args_file_name)
|
|
27
31
|
@arg1 = { test: 'working' }
|
|
28
32
|
@arg2 = { another_test: 'working too' }
|
|
29
33
|
@subject.serialize TrustedSandbox::RequestSerializer, @arg1, @arg2
|
|
@@ -37,10 +41,15 @@ describe TrustedSandbox::RequestSerializer do
|
|
|
37
41
|
File.read(@target_class_file).should == File.read(@source_class_file)
|
|
38
42
|
end
|
|
39
43
|
|
|
44
|
+
it 'creates a manifest file' do
|
|
45
|
+
File.exists?(@manifest_file_path).should == true
|
|
46
|
+
YAML.load_file(@manifest_file_path).should == ['request_serializer.rb']
|
|
47
|
+
end
|
|
48
|
+
|
|
40
49
|
it 'serializes arguments' do
|
|
41
50
|
File.exists?(@args_file_path).should == true
|
|
42
51
|
data = File.binread(@args_file_path)
|
|
43
|
-
Marshal.load(data).should == ['TrustedSandbox::RequestSerializer',
|
|
52
|
+
Marshal.load(data).should == ['TrustedSandbox::RequestSerializer', [@arg1, @arg2]]
|
|
44
53
|
end
|
|
45
54
|
end
|
|
46
55
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: trusted-sandbox
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amit Aharoni
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|