trusted-sandbox 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +3 -3
- data/lib/trusted_sandbox/cli.rb +6 -0
- data/lib/trusted_sandbox/config.rb +1 -1
- data/lib/trusted_sandbox/defaults.rb +2 -1
- data/lib/trusted_sandbox/request_serializer.rb +17 -3
- data/lib/trusted_sandbox/response.rb +8 -1
- data/lib/trusted_sandbox/runner.rb +1 -1
- data/lib/trusted_sandbox/server_images/ruby-2.1.2/run.rb +6 -2
- data/lib/trusted_sandbox/version.rb +1 -1
- data/spec/lib/trusted_sandbox/request_serializer_spec.rb +15 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 79c7242f41d0e034bb997f59a9a155b263887ea1
|
|
4
|
+
data.tar.gz: 7a63530de915aa77a320cf55bdec6ac0b337ef4f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b7df8a4d8294da359c80211eded78ba1bd5417ee968cc366240d8aa76d57fd58d718c65028b01a1d72d3312ca0e12d864501a931d1b3555ff45a2fcf650206f3
|
|
7
|
+
data.tar.gz: 515e0bf30b9c8ad98f1358cf5597715b338a3dbbbe22e930f55e1876c4e2a4d31f038452da172854abc9526f9e56286778835fa6a12e2b49e3465ef91ccc932a
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -107,7 +107,7 @@ $ trusted_sandbox test
|
|
|
107
107
|
Install the image. This step is optional, as Docker automatically installs images when you first run them. However,
|
|
108
108
|
since it takes a few minutes we suggest you do this in advance.
|
|
109
109
|
```
|
|
110
|
-
$ docker run --rm vaharoni/trusted_sandbox:ruby-2.1.2.
|
|
110
|
+
$ docker run --rm vaharoni/trusted_sandbox:ruby-2.1.2.v2
|
|
111
111
|
```
|
|
112
112
|
If you see the message "you must provide a uid", then you are set.
|
|
113
113
|
|
|
@@ -148,7 +148,7 @@ YAML file which will override any configuration and passed through to `Docker.op
|
|
|
148
148
|
|
|
149
149
|
In addition, these docker-related configuration parameters can be used:
|
|
150
150
|
```ruby
|
|
151
|
-
docker_image_name: vaharoni/trusted_sandbox:ruby-2.1.2.
|
|
151
|
+
docker_image_name: vaharoni/trusted_sandbox:ruby-2.1.2.v2
|
|
152
152
|
|
|
153
153
|
# Optional authentication
|
|
154
154
|
docker_login:
|
|
@@ -420,7 +420,7 @@ You should not override user quota related parameters, as they must be prepared
|
|
|
420
420
|
## Using custom docker images
|
|
421
421
|
|
|
422
422
|
Trusted Sandbox comes with one ready-to-use image that includes Ruby 2.1.2. It is hosted on Docker Hub under
|
|
423
|
-
`vaharoni/trusted_sandbox:ruby-2.1.2.
|
|
423
|
+
`vaharoni/trusted_sandbox:ruby-2.1.2.v2`.
|
|
424
424
|
|
|
425
425
|
We are actively looking for contributors who are willing to help expand the library of Docker images to support other
|
|
426
426
|
languages and environments.
|
data/lib/trusted_sandbox/cli.rb
CHANGED
|
@@ -73,5 +73,11 @@ module TrustedSandbox
|
|
|
73
73
|
TrustedSandbox.uid_pool.release_all
|
|
74
74
|
end
|
|
75
75
|
end
|
|
76
|
+
|
|
77
|
+
desc 'ssh UID', 'Shows how to run a container with the current configuration settings. If UID is provided, it includes mounting instructions.'
|
|
78
|
+
def ssh(uid=nil)
|
|
79
|
+
uid_string = uid ? "-v #{File.join(TrustedSandbox.config.host_code_root_path, uid)}:/home/sandbox/src" : nil
|
|
80
|
+
puts %{docker run -it #{uid_string} --entrypoint="/bin/bash" #{TrustedSandbox.config.docker_image_name} -s}
|
|
81
|
+
end
|
|
76
82
|
end
|
|
77
83
|
end
|
|
@@ -49,7 +49,7 @@ module TrustedSandbox
|
|
|
49
49
|
:memory_limit, :memory_swap_limit, :cpu_shares, :docker_image_name,
|
|
50
50
|
:execution_timeout, :network_access, :enable_swap_limit, :enable_quotas,
|
|
51
51
|
:container_code_path, :container_input_filename, :container_output_filename,
|
|
52
|
-
:keep_code_folders, :keep_containers, :quiet_mode
|
|
52
|
+
:keep_code_folders, :keep_containers, :quiet_mode, :container_manifest_filename
|
|
53
53
|
|
|
54
54
|
attr_reader_with_fallback :host_code_root_path, :host_uid_pool_lock_path
|
|
55
55
|
|
|
@@ -3,7 +3,7 @@ module TrustedSandbox
|
|
|
3
3
|
|
|
4
4
|
def initialize
|
|
5
5
|
self.docker_options = {}
|
|
6
|
-
self.docker_image_name = 'vaharoni/trusted_sandbox:ruby-2.1.2.
|
|
6
|
+
self.docker_image_name = 'vaharoni/trusted_sandbox:ruby-2.1.2.v2'
|
|
7
7
|
self.memory_limit = 50 * 1024 * 1024
|
|
8
8
|
self.memory_swap_limit = 50 * 1024 * 1024
|
|
9
9
|
self.cpu_shares = 1
|
|
@@ -19,6 +19,7 @@ module TrustedSandbox
|
|
|
19
19
|
|
|
20
20
|
# Note, changing these may require changing Dockerfile and run.rb and rebuilding the docker image
|
|
21
21
|
self.container_code_path = '/home/sandbox/src'
|
|
22
|
+
self.container_manifest_filename = 'manifest'
|
|
22
23
|
self.container_input_filename = 'input'
|
|
23
24
|
self.container_output_filename = 'output'
|
|
24
25
|
|
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
module TrustedSandbox
|
|
2
2
|
class RequestSerializer
|
|
3
3
|
|
|
4
|
-
attr_reader :host_code_dir_path, :input_file_name
|
|
4
|
+
attr_reader :host_code_dir_path, :manifest_file_name, :input_file_name
|
|
5
5
|
|
|
6
6
|
# @param host_code_dir_path [String] path to the folder where the argument value needs to be stored
|
|
7
|
+
# @param manifest_file_name [String] name of manifest file inside the host_code_dir_path
|
|
7
8
|
# @param input_file_name [String] name of input file inside the host_code_dir_path
|
|
8
|
-
def initialize(host_code_dir_path, input_file_name)
|
|
9
|
+
def initialize(host_code_dir_path, manifest_file_name, input_file_name)
|
|
9
10
|
@host_code_dir_path = host_code_dir_path
|
|
10
11
|
@input_file_name = input_file_name
|
|
12
|
+
@manifest_file_name = manifest_file_name
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
# @param klass [Class] class name to be serialized
|
|
@@ -16,8 +18,9 @@ module TrustedSandbox
|
|
|
16
18
|
def serialize(klass, *args)
|
|
17
19
|
self.klass = klass
|
|
18
20
|
copy_code_file
|
|
21
|
+
create_manifest_file
|
|
19
22
|
|
|
20
|
-
data = Marshal.dump([klass.name,
|
|
23
|
+
data = Marshal.dump([klass.name, args])
|
|
21
24
|
File.binwrite input_file_path, data
|
|
22
25
|
end
|
|
23
26
|
|
|
@@ -27,6 +30,10 @@ module TrustedSandbox
|
|
|
27
30
|
File.join host_code_dir_path, input_file_name
|
|
28
31
|
end
|
|
29
32
|
|
|
33
|
+
def manifest_file_path
|
|
34
|
+
File.join host_code_dir_path, manifest_file_name
|
|
35
|
+
end
|
|
36
|
+
|
|
30
37
|
# = Methods depending on @klass
|
|
31
38
|
|
|
32
39
|
attr_accessor :klass
|
|
@@ -49,5 +56,12 @@ module TrustedSandbox
|
|
|
49
56
|
FileUtils.cp source_file_path, dest_file_path
|
|
50
57
|
end
|
|
51
58
|
|
|
59
|
+
def create_manifest_file
|
|
60
|
+
File.open(manifest_file_path, 'w') do |f|
|
|
61
|
+
# In the near future this will change to a list of files, hence we use array
|
|
62
|
+
f.write [dest_file_name].to_yaml
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
52
66
|
end
|
|
53
67
|
end
|
|
@@ -42,6 +42,13 @@ module TrustedSandbox
|
|
|
42
42
|
# Parses the output file and stores the values in the appropriate ivars
|
|
43
43
|
# @return [nil]
|
|
44
44
|
def parse!
|
|
45
|
+
unless File.exists? output_file_path
|
|
46
|
+
@status = 'error'
|
|
47
|
+
@error = ContainerError.new('User code did not finish properly')
|
|
48
|
+
@error_to_raise = @error
|
|
49
|
+
return
|
|
50
|
+
end
|
|
51
|
+
|
|
45
52
|
begin
|
|
46
53
|
data = File.binread output_file_path
|
|
47
54
|
@raw_response = Marshal.load(data)
|
|
@@ -54,7 +61,7 @@ module TrustedSandbox
|
|
|
54
61
|
|
|
55
62
|
unless ['success', 'error'].include? @raw_response[:status]
|
|
56
63
|
@status = 'error'
|
|
57
|
-
@error =
|
|
64
|
+
@error = InternalError.new('Output file has invalid format')
|
|
58
65
|
@error_to_raise = @error
|
|
59
66
|
return
|
|
60
67
|
end
|
|
@@ -80,7 +80,7 @@ module TrustedSandbox
|
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
def serialize_request(klass, *args)
|
|
83
|
-
serializer = RequestSerializer.new(code_dir_path, config.container_input_filename)
|
|
83
|
+
serializer = RequestSerializer.new(code_dir_path, config.container_manifest_filename, config.container_input_filename)
|
|
84
84
|
serializer.serialize(klass, *args)
|
|
85
85
|
end
|
|
86
86
|
|
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
begin
|
|
2
2
|
require 'active_support'
|
|
3
|
+
require 'yaml'
|
|
3
4
|
|
|
5
|
+
manifest_file_path = '/home/sandbox/src/manifest'
|
|
4
6
|
input_file_path = '/home/sandbox/src/input'
|
|
5
7
|
output_file_path = '/home/sandbox/src/output'
|
|
6
8
|
|
|
9
|
+
manifest = YAML.load_file(manifest_file_path)
|
|
10
|
+
manifest.each {|f| require_relative "src/#{f}"}
|
|
11
|
+
|
|
7
12
|
data = File.binread(input_file_path)
|
|
8
|
-
klass_name,
|
|
9
|
-
require File.join('/home/sandbox/src', file_name)
|
|
13
|
+
klass_name, args = Marshal.load(data)
|
|
10
14
|
klass = ActiveSupport::Inflector.constantize klass_name
|
|
11
15
|
|
|
12
16
|
obj = klass.new(*args)
|
|
@@ -3,27 +3,31 @@ require 'spec_helper'
|
|
|
3
3
|
describe TrustedSandbox::RequestSerializer do
|
|
4
4
|
before do
|
|
5
5
|
@tmp_path = 'tmp/test/request_serializer'
|
|
6
|
-
|
|
7
|
-
@
|
|
6
|
+
|
|
7
|
+
@manifest_file_name = 'manifest'
|
|
8
|
+
@manifest_file_path = File.expand_path File.join(@tmp_path, @manifest_file_name)
|
|
9
|
+
|
|
10
|
+
@args_file_name = 'args'
|
|
11
|
+
@args_file_path = File.expand_path File.join(@tmp_path, @args_file_name)
|
|
8
12
|
FileUtils.rm_rf @tmp_path
|
|
9
13
|
FileUtils.mkdir_p @tmp_path
|
|
10
14
|
end
|
|
11
15
|
|
|
12
16
|
describe '#initialize' do
|
|
13
17
|
before do
|
|
14
|
-
@subject = TrustedSandbox::RequestSerializer.new(@tmp_path, @
|
|
18
|
+
@subject = TrustedSandbox::RequestSerializer.new(@tmp_path, @manifest_file_name, @args_file_name)
|
|
15
19
|
end
|
|
16
20
|
|
|
17
21
|
it 'initializes attributes correctly' do
|
|
18
22
|
@subject.host_code_dir_path.should == @tmp_path
|
|
19
|
-
@subject.input_file_name.should == @
|
|
23
|
+
@subject.input_file_name.should == @args_file_name
|
|
20
24
|
end
|
|
21
25
|
|
|
22
26
|
end
|
|
23
27
|
|
|
24
28
|
describe '#serialize' do
|
|
25
29
|
before do
|
|
26
|
-
@subject = TrustedSandbox::RequestSerializer.new(@tmp_path, @
|
|
30
|
+
@subject = TrustedSandbox::RequestSerializer.new(@tmp_path, @manifest_file_name, @args_file_name)
|
|
27
31
|
@arg1 = { test: 'working' }
|
|
28
32
|
@arg2 = { another_test: 'working too' }
|
|
29
33
|
@subject.serialize TrustedSandbox::RequestSerializer, @arg1, @arg2
|
|
@@ -37,10 +41,15 @@ describe TrustedSandbox::RequestSerializer do
|
|
|
37
41
|
File.read(@target_class_file).should == File.read(@source_class_file)
|
|
38
42
|
end
|
|
39
43
|
|
|
44
|
+
it 'creates a manifest file' do
|
|
45
|
+
File.exists?(@manifest_file_path).should == true
|
|
46
|
+
YAML.load_file(@manifest_file_path).should == ['request_serializer.rb']
|
|
47
|
+
end
|
|
48
|
+
|
|
40
49
|
it 'serializes arguments' do
|
|
41
50
|
File.exists?(@args_file_path).should == true
|
|
42
51
|
data = File.binread(@args_file_path)
|
|
43
|
-
Marshal.load(data).should == ['TrustedSandbox::RequestSerializer',
|
|
52
|
+
Marshal.load(data).should == ['TrustedSandbox::RequestSerializer', [@arg1, @arg2]]
|
|
44
53
|
end
|
|
45
54
|
end
|
|
46
55
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: trusted-sandbox
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amit Aharoni
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|