trusted-sandbox 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 79c7242f41d0e034bb997f59a9a155b263887ea1
-  data.tar.gz: 7a63530de915aa77a320cf55bdec6ac0b337ef4f
+  metadata.gz: 2d4e0bcecde1af0fb5f4c06a716777e1504e319b
+  data.tar.gz: f89202701ed4195b50d54d16e33fcfba824c006e
 SHA512:
-  metadata.gz: b7df8a4d8294da359c80211eded78ba1bd5417ee968cc366240d8aa76d57fd58d718c65028b01a1d72d3312ca0e12d864501a931d1b3555ff45a2fcf650206f3
-  data.tar.gz: 515e0bf30b9c8ad98f1358cf5597715b338a3dbbbe22e930f55e1876c4e2a4d31f038452da172854abc9526f9e56286778835fa6a12e2b49e3465ef91ccc932a
+  metadata.gz: 7aef11d8b4ff742e7413d1aba15cf09d81df302e1cfd537557f98051b0b7d0282fb48667d00d14eddd171561a0c01766156f4135956ddd98f8de3d73613aa2f5
+  data.tar.gz: 1d3d9de1be89cd85e08c281272d5af13b500896d9daa2bbd0ebcc410925c5263a916c355833dbe3d003fb536b0d5a945c4b8f4c46f63fbd4cf87279b25aed051

data/README.md

@@ -207,6 +207,11 @@ keep_containers: false
 
 # A folder used by the UID-pool to handle locks.
 host_uid_pool_lock_path: tmp/uid_pool_lock
+
+# When set to true the code is executed within the current process, without launching a
+# Docker container. This is useful for testing and on dev machines that do not have Docker
+# installed.
+shortcut: false
 ```
 
 ### Limiting swap memory
@@ -348,7 +353,9 @@ possible. You can prepare a docker image with additional gems and custom Ruby cl
 
 ### Running containers
 
-There are two ways to run a container. Use `run!` to retrieve output from the container. If the user code raised
+There are two main methods to run a container.
+
+Use `run!` to retrieve output from the container. If the user code raised
 an exception, it will be raised by `run!`.
 
 ```ruby
@@ -358,6 +365,25 @@ output = TrustedSandbox.run! MyFunction, "input ** 2", 10
 Use `run` to retrieve a response object. The response object provides additional useful information about the
 container execution.
 
+Here is a success scenario:
+```ruby
+response = TrustedSandbox.run MyFunction, "input ** 2", 10
+
+response.status
+# => "success"
+
+response.valid?
+# => true
+
+response.output
+# => 100
+
+response.output!
+# => 100
+
+response.error
+# => nil
+```
 Here is an error scenario:
 ```ruby
 response = TrustedSandbox.run MyFunction, "raise 'error!'", 10
@@ -388,25 +414,20 @@ puts response.stdout
 # Can be useful for environment related errors
 puts response.stderr
 ```
-Here is a success scenario:
-```ruby
-response = TrustedSandbox.run MyFunction, "input ** 2", 10
-
-response.status
-# => "success"
 
-response.valid?
-# => true
-
-response.output
-# => 100
-
-response.output!
-# => 100
-
-response.error
-# => nil
+The helper methods `run_code` and `run_code!` behave similarly to `run` and `run!`. They invoke TrustedSandbox
+on a `GeneralPurpose` class that performs a simple `eval`, with an ability to provide a context for the code to run in.
+The following:
+```ruby
+TrustedSandbox.run_code! "input[:a] + input[:b]", input: {a: 1, b: 2}
+# => 3
 ```
+Is equivalent to running:
+```ruby
+TrustedSandbox.run! TrustedSandbox::GeneralPurpose, "input[:a] + input[:b]", input: {a: 1, b: 2}
+# => 3
+```
+
 ### Overriding specific invocations
 
 To override a configuration parameter for a specific invocation, use `with_options`:

data/lib/trusted_sandbox/config/trusted_sandbox.yml

@@ -28,6 +28,11 @@ development:
   keep_code_folders:            false
   keep_containers:              false
 
+  # When set to true, code will run in the current process instead of
+  # a docker container. This is useful for testing and dev machines
+  # that do not have docker installed
+  shortcut:                     false
+
   # When this is set to false and keep_code_folders is true, you'll
   # receive helpful messages about how to connect to your containers
   quiet_mode:                   false

data/lib/trusted_sandbox/config.rb

@@ -49,7 +49,8 @@ module TrustedSandbox
                                 :memory_limit, :memory_swap_limit, :cpu_shares, :docker_image_name,
                                 :execution_timeout, :network_access, :enable_swap_limit, :enable_quotas,
                                 :container_code_path, :container_input_filename, :container_output_filename,
-                                :keep_code_folders, :keep_containers, :quiet_mode, :container_manifest_filename
+                                :keep_code_folders, :keep_containers, :quiet_mode, :container_manifest_filename,
+                                :shortcut
 
     attr_reader_with_fallback :host_code_root_path, :host_uid_pool_lock_path
 

data/lib/trusted_sandbox/defaults.rb

@@ -31,6 +31,7 @@ module TrustedSandbox
       self.keep_containers = false
 
       self.quiet_mode = false
+      self.shortcut = false
     end
 
   end

data/lib/trusted_sandbox/{runner.rb → host_runner.rb}

@@ -1,5 +1,5 @@
 module TrustedSandbox
-  class Runner
+  class HostRunner
 
     attr_reader :uid_pool, :config
 
@@ -15,14 +15,11 @@ module TrustedSandbox
     # @param *args [Array] arguments to send to klass#initialize
     # @return [Response]
     def run(klass, *args)
-      create_code_dir
-      serialize_request(klass, *args)
-      create_container
-      start_container
-    ensure
-      release_uid
-      remove_code_dir
-      remove_container
+      if config.shortcut
+        shortcut(klass, *args)
+      else
+        run_in_container(klass, *args)
+      end
     end
 
     # @param klass [Class] the class object that should be run
@@ -50,6 +47,17 @@ module TrustedSandbox
 
     private
 
+    def run_in_container(klass, *args)
+      create_code_dir
+      serialize_request(klass, *args)
+      create_container
+      start_container
+    ensure
+      release_uid
+      remove_code_dir
+      remove_container
+    end
+
     def obtain_uid
       @uid ||= uid_pool.lock
     end
@@ -99,7 +107,26 @@ module TrustedSandbox
       response
     rescue Timeout::Error => e
       logs = @container.logs(stdout: true, stderr: true)
-      TrustedSandbox::Response.timeout_error(e, logs)
+      TrustedSandbox::Response.error(e, TrustedSandbox::ExecutionTimeoutError, logs)
+    end
+
+    # @return [TrustedSandbox::Response]
+    def shortcut(klass, *args)
+      output, stdout, stderr = Timeout.timeout(config.execution_timeout) do
+        begin
+          $stdout = StringIO.new
+          $stderr = StringIO.new
+          [klass.new(*args).run, $stdout.string, $stderr.string]
+        ensure
+          $stdout = STDOUT
+          $stderr = STDERR
+        end
+      end
+      TrustedSandbox::Response.shortcut output, stdout, stderr
+    rescue Timeout::Error => e
+      TrustedSandbox::Response.error(e, TrustedSandbox::ExecutionTimeoutError, stdout, stderr)
+    rescue => e
+      TrustedSandbox::Response.error(e, TrustedSandbox::UserCodeError, stdout, stderr)
     end
 
     def remove_container

data/lib/trusted_sandbox/response.rb

@@ -9,19 +9,39 @@ module TrustedSandbox
     # @param host_code_dir_path [String] path to the folder where the argument value needs to be stored
     # @param output_file_name [String] name of output file inside the host_code_dir_path
     def initialize(stdout = nil, stderr = nil, host_code_dir_path = nil, output_file_name = nil)
-      @stdout = stdout
-      @stderr = stderr
+      @stdout = [stdout].flatten.compact
+      @stderr = [stderr].flatten.compact
       @host_code_dir_path = host_code_dir_path
       @output_file_name = output_file_name
     end
 
-    # @return [Response] object initialized with timeout error details
-    def self.timeout_error(err, logs)
-      obj = new(logs)
+    # = Alternative initializers
+
+    # @param error [StandardError] error object that was raised during execution of the code
+    # @param error_to_raise [Class] an error class in the TrustedSandbox module.
+    # @param stdout [String]
+    # @param stderr [String]
+    # @return [Response] object initialized with error details
+    def self.error(error, error_to_raise, stdout = nil, stderr = nil)
+      obj = new(stdout, stderr)
       obj.instance_eval do
         @status = 'error'
-        @error = err
-        @error_to_raise = TrustedSandbox::ExecutionTimeoutError.new(err)
+        @error = error
+        @error_to_raise = error_to_raise.new(error)
+      end
+      obj
+    end
+
+    # This is used when user decides not to go through docker
+    # @param output [Object] the result of the code execution
+    # @param stdout [String]
+    # @param stderr [String]
+    # @return [Response] object initialized with output
+    def self.shortcut(output, stdout = nil, stderr = nil)
+      obj = new(stdout, stderr)
+      obj.instance_eval do
+        @status = 'success'
+        @output = output
       end
       obj
     end

data/lib/trusted_sandbox/version.rb

@@ -1,3 +1,3 @@
 module TrustedSandbox
-  VERSION = '0.1.2'
+  VERSION = '0.1.3'
 end

data/lib/trusted_sandbox.rb

@@ -8,7 +8,7 @@ module TrustedSandbox
   require 'trusted_sandbox/general_purpose'
   require 'trusted_sandbox/request_serializer'
   require 'trusted_sandbox/response'
-  require 'trusted_sandbox/runner'
+  require 'trusted_sandbox/host_runner'
   require 'trusted_sandbox/uid_pool'
   require 'trusted_sandbox/version'
 
@@ -65,7 +65,7 @@ module TrustedSandbox
   end
 
   def self.new_runner(config_override = {})
-    Runner.new(config, uid_pool, config_override)
+    HostRunner.new(config, uid_pool, config_override)
   end
 end
 

data/spec/integration/integration_spec.rb

@@ -82,4 +82,48 @@ describe 'integration testing' do
       response.error_to_raise.is_a?(TrustedSandbox::ExecutionTimeoutError).should == true
     end
   end
+
+  describe 'shortcut used' do
+    before do
+      dont_allow(Docker::Container).create
+    end
+    context 'no issue' do
+      it 'works' do
+        TrustedSandbox.with_options(shortcut: true) do |s|
+          s.run_code!('input[:x] ** 2', input: {x: 10}).should == 100
+        end
+
+        response = TrustedSandbox.with_options(shortcut: true) do |s|
+          s.run_code('puts "hi"; input[:x] ** 2', input: {x: 10})
+        end
+        response.valid?.should == true
+        response.output.should == 100
+        response.stdout.should == ["hi\n"]
+      end
+    end
+
+    context 'timeout' do
+      it 'raises error' do
+        response = TrustedSandbox.with_options(shortcut: true, execution_timeout: 1) do |s|
+          s.run_code('puts "hi"; while true; end')
+        end
+        response.valid?.should == false
+        response.error.is_a?(Timeout::Error).should == true
+        response.error_to_raise.is_a?(TrustedSandbox::ExecutionTimeoutError).should == true
+      end
+    end
+
+    context 'user error' do
+      it 'raises error' do
+        expect {TrustedSandbox.with_options(shortcut: true) {|s| s.run_code!('asfsadf')}}.to raise_error(TrustedSandbox::UserCodeError)
+
+        response = TrustedSandbox.with_options(shortcut: true) {|s| s.run_code('asfsadf') }
+        response.valid?.should == false
+        response.output.should == nil
+        response.status.should == 'error'
+        response.error.is_a?(NameError).should == true
+        response.error_to_raise.is_a?(TrustedSandbox::UserCodeError).should == true
+      end
+    end
+  end
 end

data/spec/lib/trusted_sandbox/{runner_spec.rb → host_runner_spec.rb}

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe TrustedSandbox::Runner do
+describe TrustedSandbox::HostRunner do
 
   before do
     @defaults = TrustedSandbox::Defaults.send(:new).override(quiet_mode: true)
@@ -12,17 +12,17 @@ describe TrustedSandbox::Runner do
       before do
         mock(@uid_pool).lock { 100 }
         mock(@uid_pool).release(100) {}
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, keep_code_folders: false
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, keep_code_folders: false
         stub(@subject).create_container
         stub(@subject).start_container
       end
 
       it 'locks and releases from UID pool' do
-        @subject.run TrustedSandbox::Runner
+        @subject.run TrustedSandbox::HostRunner
       end
 
       it 'deletes the code folder' do
-        @subject.run TrustedSandbox::Runner
+        @subject.run TrustedSandbox::HostRunner
         Dir.exists?(@subject.send(:code_dir_path)).should == false
       end
     end
@@ -31,17 +31,17 @@ describe TrustedSandbox::Runner do
       before do
         mock(@uid_pool).lock { 100 }
         dont_allow(@uid_pool).release
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, keep_code_folders: true
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, keep_code_folders: true
         stub(@subject).create_container
         stub(@subject).start_container
       end
 
       it 'locks but does not release from UID pool' do
-        @subject.run TrustedSandbox::Runner
+        @subject.run TrustedSandbox::HostRunner
       end
 
       it 'does not delete the code folder' do
-        @subject.run TrustedSandbox::Runner
+        @subject.run TrustedSandbox::HostRunner
         Dir.exists?(@subject.send(:code_dir_path)).should == true
       end
     end
@@ -68,32 +68,32 @@ describe TrustedSandbox::Runner do
 
     context 'keep_containers=true' do
       before do
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, keep_containers: true
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, keep_containers: true
         dont_allow(@container).delete
       end
 
       it 'does not delete the container' do
-        @subject.run TrustedSandbox::Runner
+        @subject.run TrustedSandbox::HostRunner
       end
     end
 
     context 'keep_containers=false' do
       before do
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, keep_containers: false
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, keep_containers: false
         mock(@container).delete(force: true) {}
       end
 
       it 'does not delete the container' do
-        @subject.run TrustedSandbox::Runner
+        @subject.run TrustedSandbox::HostRunner
       end
     end
 
     context 'basic request parameters' do
       before do
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, cpu_shares: 5, memory_limit: 100,
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, cpu_shares: 5, memory_limit: 100,
                                               docker_image_name: 'image', container_code_path: '/code',
                                               network_access: false, keep_containers: true
-        @subject.run TrustedSandbox::Runner
+        @subject.run TrustedSandbox::HostRunner
       end
 
       it 'sends the right requests' do
@@ -104,8 +104,8 @@ describe TrustedSandbox::Runner do
 
     context 'enable_quotas=true' do
       before do
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, enable_quotas: true, keep_containers: true
-        @subject.run TrustedSandbox::Runner
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, enable_quotas: true, keep_containers: true
+        @subject.run TrustedSandbox::HostRunner
       end
 
       it 'sends the right request' do
@@ -115,8 +115,8 @@ describe TrustedSandbox::Runner do
 
     context 'enable_quotas=false' do
       before do
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, enable_quotas: false, keep_containers: true
-        @subject.run TrustedSandbox::Runner
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, enable_quotas: false, keep_containers: true
+        @subject.run TrustedSandbox::HostRunner
       end
 
       it 'sends the right request' do
@@ -126,8 +126,8 @@ describe TrustedSandbox::Runner do
 
     context 'enable_swap_limit=true' do
       before do
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, enable_swap_limit: true, memory_swap_limit: 200, keep_containers: true
-        @subject.run TrustedSandbox::Runner
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, enable_swap_limit: true, memory_swap_limit: 200, keep_containers: true
+        @subject.run TrustedSandbox::HostRunner
       end
 
       it 'sends the right request' do
@@ -137,8 +137,8 @@ describe TrustedSandbox::Runner do
 
     context 'enable_swap_limit=false' do
       before do
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, enable_swap_limit: false, memory_swap_limit: 200, keep_containers: true
-        @subject.run TrustedSandbox::Runner
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, enable_swap_limit: false, memory_swap_limit: 200, keep_containers: true
+        @subject.run TrustedSandbox::HostRunner
       end
 
       it 'sends the right request' do
@@ -148,8 +148,8 @@ describe TrustedSandbox::Runner do
 
     context 'network_access=true' do
       before do
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, network_access: true, keep_containers: true
-        @subject.run TrustedSandbox::Runner
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, network_access: true, keep_containers: true
+        @subject.run TrustedSandbox::HostRunner
       end
 
       it 'sends the right request' do
@@ -159,8 +159,8 @@ describe TrustedSandbox::Runner do
 
     context 'network_access=false' do
       before do
-        @subject = TrustedSandbox::Runner.new @defaults, @uid_pool, network_access: false, keep_containers: true
-        @subject.run TrustedSandbox::Runner
+        @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, network_access: false, keep_containers: true
+        @subject.run TrustedSandbox::HostRunner
       end
 
       it 'sends the right request' do
@@ -168,4 +168,18 @@ describe TrustedSandbox::Runner do
       end
     end
   end
+
+  # See more in integration testing
+  describe 'shortcut used' do
+    before do
+      dont_allow(TrustedSandbox::RequestSerializer).new
+      dont_allow(@uid_pool).lock
+      dont_allow(Docker::Container).create
+      @subject = TrustedSandbox::HostRunner.new @defaults, @uid_pool, shortcut: true
+    end
+
+    it 'works' do
+      @subject.run_code!('true').should == true
+    end
+  end
 end

data/spec/lib/trusted_sandbox/response_spec.rb

@@ -19,8 +19,8 @@ describe TrustedSandbox::Response do
     it 'instantiates correctly' do
       @subject.host_code_dir_path.should == @tmp_path
       @subject.output_file_name.should == @file_name
-      @subject.stdout.should == 'stdout'
-      @subject.stderr.should == 'stderr'
+      @subject.stdout.should == ['stdout']
+      @subject.stderr.should == ['stderr']
     end
 
     it 'parses the file correctly' do
@@ -64,9 +64,9 @@ describe TrustedSandbox::Response do
       @subject.raw_response.should == {status: 'unexpected', output: 'hi', error: @err}
       @subject.status.should == 'error'
       @subject.output.should == nil
-      @subject.error.is_a?(TrustedSandbox::ContainerError).should == true
-      @subject.error_to_raise.is_a?(TrustedSandbox::ContainerError).should == true
-      expect {@subject.output!}.to raise_error(TrustedSandbox::ContainerError)
+      @subject.error.is_a?(TrustedSandbox::InternalError).should == true
+      @subject.error_to_raise.is_a?(TrustedSandbox::InternalError).should == true
+      expect {@subject.output!}.to raise_error(TrustedSandbox::InternalError)
       @subject.valid?.should == false
     end
   end
@@ -81,7 +81,7 @@ describe TrustedSandbox::Response do
       @subject.raw_response.should == nil
       @subject.status.should == 'error'
       @subject.output.should == nil
-      @subject.error.is_a?(Errno::ENOENT).should == true
+      @subject.error.is_a?(TrustedSandbox::ContainerError).should == true
       @subject.error_to_raise.is_a?(TrustedSandbox::ContainerError).should == true
       expect {@subject.output!}.to raise_error(TrustedSandbox::ContainerError)
       @subject.valid?.should == false

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: trusted-sandbox
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Amit Aharoni
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-05 00:00:00.000000000 Z
+date: 2014-11-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -120,9 +120,9 @@ files:
 - lib/trusted_sandbox/defaults.rb
 - lib/trusted_sandbox/errors.rb
 - lib/trusted_sandbox/general_purpose.rb
+- lib/trusted_sandbox/host_runner.rb
 - lib/trusted_sandbox/request_serializer.rb
 - lib/trusted_sandbox/response.rb
-- lib/trusted_sandbox/runner.rb
 - lib/trusted_sandbox/server_images/ruby-2.1.2/Dockerfile
 - lib/trusted_sandbox/server_images/ruby-2.1.2/Gemfile
 - lib/trusted_sandbox/server_images/ruby-2.1.2/bundle_config
@@ -133,9 +133,9 @@ files:
 - spec/integration/integration_spec.rb
 - spec/integration/quota_spec.rb
 - spec/lib/trusted_sandbox/config_spec.rb
+- spec/lib/trusted_sandbox/host_runner_spec.rb
 - spec/lib/trusted_sandbox/request_serializer_spec.rb
 - spec/lib/trusted_sandbox/response_spec.rb
-- spec/lib/trusted_sandbox/runner_spec.rb
 - spec/lib/trusted_sandbox/uid_pool_spec.rb
 - spec/lib/trusted_sandbox_spec.rb
 - spec/spec_helper.rb
@@ -168,9 +168,9 @@ test_files:
 - spec/integration/integration_spec.rb
 - spec/integration/quota_spec.rb
 - spec/lib/trusted_sandbox/config_spec.rb
+- spec/lib/trusted_sandbox/host_runner_spec.rb
 - spec/lib/trusted_sandbox/request_serializer_spec.rb
 - spec/lib/trusted_sandbox/response_spec.rb
-- spec/lib/trusted_sandbox/runner_spec.rb
 - spec/lib/trusted_sandbox/uid_pool_spec.rb
 - spec/lib/trusted_sandbox_spec.rb
 - spec/spec_helper.rb