Compare commits
No commits in common. "master" and "v0.0.2" have entirely different histories.
20
bin/box2.rb
20
bin/box2.rb
|
@ -4,18 +4,16 @@ require 'safebox'
|
|||
|
||||
_ = _e = nil
|
||||
$stdout.print "(0)$ "
|
||||
db = Safebox.eval { {} }
|
||||
db = {}
|
||||
db.taint
|
||||
STDIN.each.each_with_index do |line, i|
|
||||
type, value = Safebox.run line, Class.new( Safebox::Box), db, _, _e
|
||||
case type
|
||||
when :value
|
||||
_ = value
|
||||
$stdout.puts "=> #{Safebox.eval{value.inspect}}"
|
||||
when :exception
|
||||
_e = value
|
||||
$stdout.puts Safebox.eval{value.inspect}, Safebox.eval{value.backtrace[0..-4].map( &"\t%s".method( :%))}, "\tSafebox:1:in `run'"
|
||||
else # Impossible, yet
|
||||
ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
|
||||
if :value == ret.first
|
||||
_ = ret.last
|
||||
$stdout.puts "=> #{ret.last.inspect}"
|
||||
else
|
||||
_e = ret.last
|
||||
$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
|
||||
end
|
||||
$stdout.print "(#{i+1})$ "
|
||||
end
|
||||
$stderr.puts "In your db are stored: #{Safebox.eval db.method( :inspect)}"
|
||||
|
|
18
bin/box3.rb
18
bin/box3.rb
|
@ -1,18 +0,0 @@
|
|||
#!/usr/bin/ruby
|
||||
|
||||
require 'safebox'
|
||||
|
||||
_ = _e = nil
|
||||
$stdout.print "(0)$ "
|
||||
db = Safebox.run { {} }
|
||||
STDIN.each.each_with_index do |line, i|
|
||||
ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
|
||||
if :value == ret.first
|
||||
_ = ret.last
|
||||
$stdout.puts "=> #{ret.last.inspect}"
|
||||
else
|
||||
_e = ret.last
|
||||
$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
|
||||
end
|
||||
$stdout.print "(#{i+1})$ "
|
||||
end
|
|
@ -1,6 +1,3 @@
|
|||
|
||||
raise Exception, 'Rubinius does not support $SAFE. Safebox is useless.' if Object.const_defined?( :RUBY_ENGINE) and 'rbx' == RUBY_ENGINE
|
||||
|
||||
require 'safebox/safebox'
|
||||
require 'safebox/box'
|
||||
require 'safebox/emit'
|
||||
|
|
|
@ -31,13 +31,12 @@ module Safebox
|
|||
end
|
||||
|
||||
def eval *paras, &exe
|
||||
type, value = self.run( *paras, &exe)
|
||||
case type
|
||||
when :exception
|
||||
on_exception value
|
||||
ret = self.run( *paras, &exe)
|
||||
case ret.first
|
||||
when :exception # Really unsecure. Somebody can create an own exception with own #to_s, #class or #backtrace.
|
||||
on_exception ret.last
|
||||
nil
|
||||
when :value then value
|
||||
else # Not possible
|
||||
when :value then ret.last
|
||||
end
|
||||
end
|
||||
public :eval
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
require 'test/unit'
|
||||
|
||||
# No Rubinius-exception
|
||||
require 'safebox/safebox'
|
||||
require 'safebox/persistent'
|
||||
require 'safebox/emit'
|
||||
require 'safebox/box'
|
||||
|
||||
class SafeboxTest < Test::Unit::TestCase
|
||||
def test_rubinius
|
||||
assert_not_equal 'rbx', RUBY_ENGINE
|
||||
end
|
||||
|
||||
def test_eval
|
||||
assert_equal 1, Safebox.eval {|| 1 }
|
||||
assert_equal [:value,2], Safebox.run {|| 2}
|
||||
end
|
||||
|
||||
def test_safe_is_4
|
||||
assert_equal 4, Safebox.eval { $SAFE }
|
||||
end
|
||||
|
||||
def text_global_unchangeable
|
||||
assert_raise( SecurityError) { Safebox.eval { $global = 1 } }
|
||||
assert_raise( SecurityError) { Safebox.eval { $GLOBAL = 1 } }
|
||||
assert_raise( SecurityError) { Safebox.eval { $SAFE = 1 } }
|
||||
end
|
||||
|
||||
def test_evilcode
|
||||
# Doesn't work. But else it works perfect
|
||||
#assert_raise( SecurityError) { Safebox.eval "class ::Object; def evil; end end" }
|
||||
end
|
||||
|
||||
def test_setconst
|
||||
# Doesn't work too. I think it's Test::Unit
|
||||
#assert_raise( SecurityError) { Safebox.eval "class ::ABC; end" }
|
||||
begin Safebox.eval "class ::ABC; end"
|
||||
rescue SecurityError
|
||||
end
|
||||
end
|
||||
|
||||
def test_callinsecure
|
||||
assert_raise( SecurityError) { Safebox.eval("class ABC;def abc; end end;ABC").new.abc }
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue