diff --git a/bin/box2.rb b/bin/box2.rb index e96a2e3..d58b555 100755 --- a/bin/box2.rb +++ b/bin/box2.rb @@ -4,18 +4,16 @@ require 'safebox' _ = _e = nil $stdout.print "(0)$ " -db = Safebox.eval { {} } +db = {} +db.taint STDIN.each.each_with_index do |line, i| - type, value = Safebox.run line, Class.new( Safebox::Box), db, _, _e - case type - when :value - _ = value - $stdout.puts "=> #{Safebox.eval{value.inspect}}" - when :exception - _e = value - $stdout.puts Safebox.eval{value.inspect}, Safebox.eval{value.backtrace[0..-4].map( &"\t%s".method( :%))}, "\tSafebox:1:in `run'" - else # Impossible, yet + ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e + if :value == ret.first + _ = ret.last + $stdout.puts "=> #{ret.last.inspect}" + else + _e = ret.last + $stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'" end $stdout.print "(#{i+1})$ " end -$stderr.puts "In your db are stored: #{Safebox.eval db.method( :inspect)}" diff --git a/bin/box3.rb b/bin/box3.rb deleted file mode 100755 index 9f08c8b..0000000 --- a/bin/box3.rb +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/ruby - -require 'safebox' - -_ = _e = nil -$stdout.print "(0)$ " -db = Safebox.run { {} } -STDIN.each.each_with_index do |line, i| - ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e - if :value == ret.first - _ = ret.last - $stdout.puts "=> #{ret.last.inspect}" - else - _e = ret.last - $stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'" - end - $stdout.print "(#{i+1})$ " -end diff --git a/lib/safebox.rb b/lib/safebox.rb index d29f557..25032f2 100644 --- a/lib/safebox.rb +++ b/lib/safebox.rb @@ -1,6 +1,3 @@ - -raise Exception, 'Rubinius does not support $SAFE. Safebox is useless.' if Object.const_defined?( :RUBY_ENGINE) and 'rbx' == RUBY_ENGINE - require 'safebox/safebox' require 'safebox/box' require 'safebox/emit' diff --git a/lib/safebox/safebox.rb b/lib/safebox/safebox.rb index 37be02e..a848bdb 100644 --- a/lib/safebox/safebox.rb +++ b/lib/safebox/safebox.rb @@ -31,13 +31,12 @@ module Safebox end def eval *paras, &exe - type, value = self.run( *paras, &exe) - case type - when :exception - on_exception value + ret = self.run( *paras, &exe) + case ret.first + when :exception # Really unsecure. Somebody can create an own exception with own #to_s, #class or #backtrace. + on_exception ret.last nil - when :value then value - else # Not possible + when :value then ret.last end end public :eval diff --git a/test/safebox.rb b/test/safebox.rb deleted file mode 100644 index b1fcc40..0000000 --- a/test/safebox.rb +++ /dev/null @@ -1,45 +0,0 @@ -require 'test/unit' - -# No Rubinius-exception -require 'safebox/safebox' -require 'safebox/persistent' -require 'safebox/emit' -require 'safebox/box' - -class SafeboxTest < Test::Unit::TestCase - def test_rubinius - assert_not_equal 'rbx', RUBY_ENGINE - end - - def test_eval - assert_equal 1, Safebox.eval {|| 1 } - assert_equal [:value,2], Safebox.run {|| 2} - end - - def test_safe_is_4 - assert_equal 4, Safebox.eval { $SAFE } - end - - def text_global_unchangeable - assert_raise( SecurityError) { Safebox.eval { $global = 1 } } - assert_raise( SecurityError) { Safebox.eval { $GLOBAL = 1 } } - assert_raise( SecurityError) { Safebox.eval { $SAFE = 1 } } - end - - def test_evilcode - # Doesn't work. But else it works perfect - #assert_raise( SecurityError) { Safebox.eval "class ::Object; def evil; end end" } - end - - def test_setconst - # Doesn't work too. I think it's Test::Unit - #assert_raise( SecurityError) { Safebox.eval "class ::ABC; end" } - begin Safebox.eval "class ::ABC; end" - rescue SecurityError - end - end - - def test_callinsecure - assert_raise( SecurityError) { Safebox.eval("class ABC;def abc; end end;ABC").new.abc } - end -end