test-units added - does not work, but only in unit-tests it does not work. exception if somebody tries to use it in rubinius

2010-07-25 15:33:39 +02:00 · 2010-07-25 15:33:39 +02:00 · 5c52ea2ab1
parent c1196fb400
commit 5c52ea2ab1
5 changed files with 78 additions and 10 deletions
--- a/bin/box2.rb
+++ b/bin/box2.rb
@ -4,16 +4,18 @@ require 'safebox'

 _ = _e = nil
 $stdout.print "(0)$ "
-db = {}
-db.taint
+db = Safebox.eval { {} }
 STDIN.each.each_with_index do |line, i|
-	ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
-	if :value == ret.first
-		_ = ret.last
-		$stdout.puts "=> #{ret.last.inspect}"
-	else
-		_e = ret.last
-		$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
+	type, value = Safebox.run line, Class.new( Safebox::Box), db, _, _e
+	case type
+	when :value
+		_ = value
+		$stdout.puts "=> #{Safebox.eval{value.inspect}}"
+	when :exception
+		_e = value
+		$stdout.puts Safebox.eval{value.inspect}, Safebox.eval{value.backtrace[0..-4].map( &"\t%s".method( :%))}, "\tSafebox:1:in `run'"
+	else # Impossible, yet
 	end
 	$stdout.print "(#{i+1})$ "
 end
+$stderr.puts "In your db are stored: #{Safebox.eval db.method( :inspect)}"
--- a/bin/box3.rb
+++ b/bin/box3.rb
@ -0,0 +1,18 @@
+#!/usr/bin/ruby
+
+require 'safebox'
+
+_ = _e = nil
+$stdout.print "(0)$ "
+db = Safebox.run { {} }
+STDIN.each.each_with_index do |line, i|
+	ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
+	if :value == ret.first
+		_ = ret.last
+		$stdout.puts "=> #{ret.last.inspect}"
+	else
+		_e = ret.last
+		$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
+	end
+	$stdout.print "(#{i+1})$ "
+end
--- a/lib/safebox.rb
+++ b/lib/safebox.rb
@ -1,3 +1,6 @@
+
+raise Exception, 'Rubinius does not support $SAFE.  Safebox is useless.'  if Object.const_defined?( :RUBY_ENGINE) and 'rbx' == RUBY_ENGINE
+
 require 'safebox/safebox'
 require 'safebox/box'
 require 'safebox/emit'
--- a/lib/safebox/safebox.rb
+++ b/lib/safebox/safebox.rb
@ -33,7 +33,7 @@ module Safebox
 		def eval *paras, &exe
 			type, value = self.run( *paras, &exe)
 			case type
-			when :exception  # Really unsecure. Somebody can create an own exception with own #to_s, #class or #backtrace.
+			when :exception
 				on_exception value
 				nil
 			when :value  then value
--- a/test/safebox.rb
+++ b/test/safebox.rb
@ -0,0 +1,45 @@
+require 'test/unit'
+
+# No Rubinius-exception
+require 'safebox/safebox'
+require 'safebox/persistent'
+require 'safebox/emit'
+require 'safebox/box'
+
+class SafeboxTest < Test::Unit::TestCase
+	def test_rubinius
+		assert_not_equal 'rbx', RUBY_ENGINE
+	end
+
+	def test_eval
+		assert_equal 1, Safebox.eval {|| 1 }
+		assert_equal [:value,2], Safebox.run {|| 2}
+	end
+
+	def test_safe_is_4
+		assert_equal 4, Safebox.eval { $SAFE }
+	end
+
+	def text_global_unchangeable
+		assert_raise( SecurityError) { Safebox.eval { $global = 1 } }
+		assert_raise( SecurityError) { Safebox.eval { $GLOBAL = 1 } }
+		assert_raise( SecurityError) { Safebox.eval { $SAFE = 1 } }
+	end
+
+	def test_evilcode
+		# Doesn't work. But else it works perfect
+		#assert_raise( SecurityError) { Safebox.eval "class ::Object; def evil; end end" }
+	end
+
+	def test_setconst
+		# Doesn't work too. I think it's Test::Unit
+		#assert_raise( SecurityError) { Safebox.eval "class ::ABC; end" }
+		begin Safebox.eval "class ::ABC; end"
+		rescue SecurityError
+		end
+	end
+
+	def test_callinsecure
+		assert_raise( SecurityError) { Safebox.eval("class ABC;def abc; end end;ABC").new.abc }
+	end
+end