From 5c52ea2ab1df7a0adc2248d977695427c5e6598c Mon Sep 17 00:00:00 2001
From: Denis Knauf <Denis.Knauf@gmail.com>
Date: Sun, 25 Jul 2010 15:33:39 +0200
Subject: [PATCH] test-units added - does not work, but only in unit-tests it
 does not work. exception if somebody tries to use it in rubinius

---
 bin/box2.rb            | 20 ++++++++++---------
 bin/box3.rb            | 18 +++++++++++++++++
 lib/safebox.rb         |  3 +++
 lib/safebox/safebox.rb |  2 +-
 test/safebox.rb        | 45 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 78 insertions(+), 10 deletions(-)
 create mode 100755 bin/box3.rb
 create mode 100644 test/safebox.rb

diff --git a/bin/box2.rb b/bin/box2.rb
index d58b555..e96a2e3 100755
--- a/bin/box2.rb
+++ b/bin/box2.rb
@@ -4,16 +4,18 @@ require 'safebox'
 
 _ = _e = nil
 $stdout.print "(0)$ "
-db = {}
-db.taint
+db = Safebox.eval { {} }
 STDIN.each.each_with_index do |line, i|
-	ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
-	if :value == ret.first
-		_ = ret.last
-		$stdout.puts "=> #{ret.last.inspect}"
-	else
-		_e = ret.last
-		$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
+	type, value = Safebox.run line, Class.new( Safebox::Box), db, _, _e
+	case type
+	when :value
+		_ = value
+		$stdout.puts "=> #{Safebox.eval{value.inspect}}"
+	when :exception
+		_e = value
+		$stdout.puts Safebox.eval{value.inspect}, Safebox.eval{value.backtrace[0..-4].map( &"\t%s".method( :%))}, "\tSafebox:1:in `run'"
+	else # Impossible, yet
 	end
 	$stdout.print "(#{i+1})$ "
 end
+$stderr.puts "In your db are stored: #{Safebox.eval db.method( :inspect)}"
diff --git a/bin/box3.rb b/bin/box3.rb
new file mode 100755
index 0000000..9f08c8b
--- /dev/null
+++ b/bin/box3.rb
@@ -0,0 +1,18 @@
+#!/usr/bin/ruby
+
+require 'safebox'
+
+_ = _e = nil
+$stdout.print "(0)$ "
+db = Safebox.run { {} }
+STDIN.each.each_with_index do |line, i|
+	ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
+	if :value == ret.first
+		_ = ret.last
+		$stdout.puts "=> #{ret.last.inspect}"
+	else
+		_e = ret.last
+		$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
+	end
+	$stdout.print "(#{i+1})$ "
+end
diff --git a/lib/safebox.rb b/lib/safebox.rb
index 25032f2..d29f557 100644
--- a/lib/safebox.rb
+++ b/lib/safebox.rb
@@ -1,3 +1,6 @@
+
+raise Exception, 'Rubinius does not support $SAFE.  Safebox is useless.'  if Object.const_defined?( :RUBY_ENGINE) and 'rbx' == RUBY_ENGINE
+
 require 'safebox/safebox'
 require 'safebox/box'
 require 'safebox/emit'
diff --git a/lib/safebox/safebox.rb b/lib/safebox/safebox.rb
index bf36c83..37be02e 100644
--- a/lib/safebox/safebox.rb
+++ b/lib/safebox/safebox.rb
@@ -33,7 +33,7 @@ module Safebox
 		def eval *paras, &exe
 			type, value = self.run( *paras, &exe)
 			case type
-			when :exception  # Really unsecure. Somebody can create an own exception with own #to_s, #class or #backtrace.
+			when :exception
 				on_exception value
 				nil
 			when :value  then value
diff --git a/test/safebox.rb b/test/safebox.rb
new file mode 100644
index 0000000..b1fcc40
--- /dev/null
+++ b/test/safebox.rb
@@ -0,0 +1,45 @@
+require 'test/unit'
+
+# No Rubinius-exception
+require 'safebox/safebox'
+require 'safebox/persistent'
+require 'safebox/emit'
+require 'safebox/box'
+
+class SafeboxTest < Test::Unit::TestCase
+	def test_rubinius
+		assert_not_equal 'rbx', RUBY_ENGINE
+	end
+
+	def test_eval
+		assert_equal 1, Safebox.eval {|| 1 }
+		assert_equal [:value,2], Safebox.run {|| 2}
+	end
+
+	def test_safe_is_4
+		assert_equal 4, Safebox.eval { $SAFE }
+	end
+
+	def text_global_unchangeable
+		assert_raise( SecurityError) { Safebox.eval { $global = 1 } }
+		assert_raise( SecurityError) { Safebox.eval { $GLOBAL = 1 } }
+		assert_raise( SecurityError) { Safebox.eval { $SAFE = 1 } }
+	end
+
+	def test_evilcode
+		# Doesn't work. But else it works perfect
+		#assert_raise( SecurityError) { Safebox.eval "class ::Object; def evil; end end" }
+	end
+
+	def test_setconst
+		# Doesn't work too. I think it's Test::Unit
+		#assert_raise( SecurityError) { Safebox.eval "class ::ABC; end" }
+		begin Safebox.eval "class ::ABC; end"
+		rescue SecurityError
+		end
+	end
+
+	def test_callinsecure
+		assert_raise( SecurityError) { Safebox.eval("class ABC;def abc; end end;ABC").new.abc }
+	end
+end