$SAFE=4 is good, but if you can not modify an array... taint or untaint is unimportand. it must be created after $SAFE=4
This commit is contained in:
parent
cf2ca10d58
commit
4d4978d3ac
3 changed files with 77 additions and 86 deletions
51
bin/box.rb
51
bin/box.rb
|
@ -6,35 +6,34 @@ class Queue
|
|||
attr_reader :que, :waiting
|
||||
end
|
||||
|
||||
Thread.abort_on_exception = true
|
||||
q, o = Queue.new, Queue.new
|
||||
puts q.inspect
|
||||
class Box
|
||||
attr_reader :_
|
||||
attr_accessor :emited
|
||||
|
||||
t = Thread.new( q, o) do |q, o|
|
||||
begin
|
||||
o << 3
|
||||
o.que.taint
|
||||
q.que.taint
|
||||
o.waiting.taint
|
||||
q.waiting.taint
|
||||
$SAFE = 3
|
||||
loop do
|
||||
i = q.pop
|
||||
begin
|
||||
o.push eval(i)
|
||||
rescue Object
|
||||
o.push [$!.class, $!, $!.backtrace].inspect
|
||||
end
|
||||
end
|
||||
rescue Object
|
||||
o.push [$!.class, $!, $!.backtrace].inspect
|
||||
def initialize _
|
||||
@_, @emited = _, []
|
||||
end
|
||||
|
||||
def emit k, v
|
||||
@emited.push [k, v]
|
||||
end
|
||||
end
|
||||
|
||||
Thread.new( o) {|o| loop{$stdout.puts "=> #{o.pop.inspect}"} }
|
||||
Thread.abort_on_exception = true
|
||||
q, o, r = Queue.new, Queue.new, nil
|
||||
puts q.inspect
|
||||
$stdout.print "(0)$ "
|
||||
|
||||
STDIN.each_with_index do |l,i|
|
||||
l.untaint
|
||||
q.push l
|
||||
$stdout.print "(#{i})> "
|
||||
STDIN.each_with_index do |l, i|
|
||||
r = begin
|
||||
Thread.new do
|
||||
l.untaint
|
||||
$SAFE = 4
|
||||
b = Box.new r
|
||||
[b.instance_eval( l, 'BOX', 0), b.emited]
|
||||
end.value
|
||||
rescue Object
|
||||
[$!.class, $!, $!.backtrace].inspect
|
||||
end
|
||||
$stdout.print "#{r.inspect}\n(#{i+1})$ "
|
||||
end
|
||||
|
|
60
bin/logan
60
bin/logan
|
@ -1,60 +0,0 @@
|
|||
#!/usr/bin/ruby
|
||||
|
||||
require 'sbdb'
|
||||
|
||||
class Emit
|
||||
def initialize env
|
||||
@env = env
|
||||
end
|
||||
|
||||
def emit f, k, v
|
||||
env[ "#{f}/"][ k] = v
|
||||
end
|
||||
end
|
||||
|
||||
class Worker
|
||||
class Box
|
||||
def initialize e
|
||||
@emit = e
|
||||
end
|
||||
|
||||
def emit f, k, v
|
||||
@emit.emit f, k, v
|
||||
end
|
||||
end
|
||||
|
||||
def emit f, k, v
|
||||
@out.push [f, k, v]
|
||||
end
|
||||
|
||||
def initalize i, o
|
||||
@in, @out = i, o
|
||||
Thread.new do
|
||||
$SAFE = 3
|
||||
@in.each do |o|
|
||||
o.data
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
SBDB::Env.new 'conf' do |conf|
|
||||
SBDB::Env.new 'logs' do |logs|
|
||||
SBDB::Env.new 'cache' do |cache|
|
||||
begin
|
||||
wn = conf['worker','conf',flags: SBDB::READONLY]['worker']
|
||||
inq, outq = SizedQueue.new( 1), SizedQueue.new( 1)
|
||||
@worker = wn.times.map{ Worker.new inq, outq }
|
||||
Thread.new( oq) do |oq|
|
||||
cache[ "#{oq[0]}/#{}"][ oq[]]
|
||||
end
|
||||
emit = Emit.new cache
|
||||
box = Box.new emit
|
||||
while line = logs['newids'].get nil, "\0\0\0\0", nil, SBDB::CONSUME_WAIT
|
||||
box.map line
|
||||
end
|
||||
ensure
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
52
bin/loganinc
Executable file
52
bin/loganinc
Executable file
|
@ -0,0 +1,52 @@
|
|||
#!/usr/bin/ruby
|
||||
|
||||
require 'sbdb'
|
||||
|
||||
# Secure Worker. Unsafe code in a sandbox.
|
||||
class Worker
|
||||
class Box
|
||||
def self.start e, c
|
||||
Thread.new c, &new( e).method( :run)
|
||||
end
|
||||
|
||||
def run
|
||||
this.untaint
|
||||
e.taint
|
||||
$SAFE = 4
|
||||
end
|
||||
|
||||
def initialize e
|
||||
@emit = e
|
||||
end
|
||||
|
||||
def emit f, k, v
|
||||
@emit.emit f, k, v
|
||||
end
|
||||
end
|
||||
|
||||
def emit f, k, v
|
||||
@out.push [f, k, v]
|
||||
end
|
||||
|
||||
def initalize i, o
|
||||
@in, @out, @funcs = i, o, {}
|
||||
super method(:run)
|
||||
end
|
||||
|
||||
def run
|
||||
$SAFE = 3
|
||||
@in.each do |o|
|
||||
@funcs[:]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
SBDB::Env.new 'conf' do |conf|
|
||||
SBDB::Env.new 'logs' do |logs|
|
||||
SBDB::Env.new 'cache' do |cache|
|
||||
while line = logs[ 'newids'].get( nil, "\0\0\0\0", nil, SBDB::CONSUME_WAIT)
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue