Compare commits
2 commits
Author | SHA1 | Date | |
---|---|---|---|
5c52ea2ab1 | |||
c1196fb400 |
20
bin/box2.rb
20
bin/box2.rb
|
@ -4,16 +4,18 @@ require 'safebox'
|
||||||
|
|
||||||
_ = _e = nil
|
_ = _e = nil
|
||||||
$stdout.print "(0)$ "
|
$stdout.print "(0)$ "
|
||||||
db = {}
|
db = Safebox.eval { {} }
|
||||||
db.taint
|
|
||||||
STDIN.each.each_with_index do |line, i|
|
STDIN.each.each_with_index do |line, i|
|
||||||
ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
|
type, value = Safebox.run line, Class.new( Safebox::Box), db, _, _e
|
||||||
if :value == ret.first
|
case type
|
||||||
_ = ret.last
|
when :value
|
||||||
$stdout.puts "=> #{ret.last.inspect}"
|
_ = value
|
||||||
else
|
$stdout.puts "=> #{Safebox.eval{value.inspect}}"
|
||||||
_e = ret.last
|
when :exception
|
||||||
$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
|
_e = value
|
||||||
|
$stdout.puts Safebox.eval{value.inspect}, Safebox.eval{value.backtrace[0..-4].map( &"\t%s".method( :%))}, "\tSafebox:1:in `run'"
|
||||||
|
else # Impossible, yet
|
||||||
end
|
end
|
||||||
$stdout.print "(#{i+1})$ "
|
$stdout.print "(#{i+1})$ "
|
||||||
end
|
end
|
||||||
|
$stderr.puts "In your db are stored: #{Safebox.eval db.method( :inspect)}"
|
||||||
|
|
18
bin/box3.rb
Executable file
18
bin/box3.rb
Executable file
|
@ -0,0 +1,18 @@
|
||||||
|
#!/usr/bin/ruby
|
||||||
|
|
||||||
|
require 'safebox'
|
||||||
|
|
||||||
|
_ = _e = nil
|
||||||
|
$stdout.print "(0)$ "
|
||||||
|
db = Safebox.run { {} }
|
||||||
|
STDIN.each.each_with_index do |line, i|
|
||||||
|
ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
|
||||||
|
if :value == ret.first
|
||||||
|
_ = ret.last
|
||||||
|
$stdout.puts "=> #{ret.last.inspect}"
|
||||||
|
else
|
||||||
|
_e = ret.last
|
||||||
|
$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
|
||||||
|
end
|
||||||
|
$stdout.print "(#{i+1})$ "
|
||||||
|
end
|
|
@ -1,3 +1,6 @@
|
||||||
|
|
||||||
|
raise Exception, 'Rubinius does not support $SAFE. Safebox is useless.' if Object.const_defined?( :RUBY_ENGINE) and 'rbx' == RUBY_ENGINE
|
||||||
|
|
||||||
require 'safebox/safebox'
|
require 'safebox/safebox'
|
||||||
require 'safebox/box'
|
require 'safebox/box'
|
||||||
require 'safebox/emit'
|
require 'safebox/emit'
|
||||||
|
|
|
@ -31,12 +31,13 @@ module Safebox
|
||||||
end
|
end
|
||||||
|
|
||||||
def eval *paras, &exe
|
def eval *paras, &exe
|
||||||
ret = self.run( *paras, &exe)
|
type, value = self.run( *paras, &exe)
|
||||||
case ret.first
|
case type
|
||||||
when :exception # Really unsecure. Somebody can create an own exception with own #to_s, #class or #backtrace.
|
when :exception
|
||||||
on_exception ret.last
|
on_exception value
|
||||||
nil
|
nil
|
||||||
when :value then ret.last
|
when :value then value
|
||||||
|
else # Not possible
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
public :eval
|
public :eval
|
||||||
|
|
45
test/safebox.rb
Normal file
45
test/safebox.rb
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
require 'test/unit'
|
||||||
|
|
||||||
|
# No Rubinius-exception
|
||||||
|
require 'safebox/safebox'
|
||||||
|
require 'safebox/persistent'
|
||||||
|
require 'safebox/emit'
|
||||||
|
require 'safebox/box'
|
||||||
|
|
||||||
|
class SafeboxTest < Test::Unit::TestCase
|
||||||
|
def test_rubinius
|
||||||
|
assert_not_equal 'rbx', RUBY_ENGINE
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_eval
|
||||||
|
assert_equal 1, Safebox.eval {|| 1 }
|
||||||
|
assert_equal [:value,2], Safebox.run {|| 2}
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_safe_is_4
|
||||||
|
assert_equal 4, Safebox.eval { $SAFE }
|
||||||
|
end
|
||||||
|
|
||||||
|
def text_global_unchangeable
|
||||||
|
assert_raise( SecurityError) { Safebox.eval { $global = 1 } }
|
||||||
|
assert_raise( SecurityError) { Safebox.eval { $GLOBAL = 1 } }
|
||||||
|
assert_raise( SecurityError) { Safebox.eval { $SAFE = 1 } }
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_evilcode
|
||||||
|
# Doesn't work. But else it works perfect
|
||||||
|
#assert_raise( SecurityError) { Safebox.eval "class ::Object; def evil; end end" }
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_setconst
|
||||||
|
# Doesn't work too. I think it's Test::Unit
|
||||||
|
#assert_raise( SecurityError) { Safebox.eval "class ::ABC; end" }
|
||||||
|
begin Safebox.eval "class ::ABC; end"
|
||||||
|
rescue SecurityError
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_callinsecure
|
||||||
|
assert_raise( SecurityError) { Safebox.eval("class ABC;def abc; end end;ABC").new.abc }
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue