Compare commits

..

2 commits

5 changed files with 83 additions and 14 deletions

View file

@ -4,16 +4,18 @@ require 'safebox'
_ = _e = nil _ = _e = nil
$stdout.print "(0)$ " $stdout.print "(0)$ "
db = {} db = Safebox.eval { {} }
db.taint
STDIN.each.each_with_index do |line, i| STDIN.each.each_with_index do |line, i|
ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e type, value = Safebox.run line, Class.new( Safebox::Box), db, _, _e
if :value == ret.first case type
_ = ret.last when :value
$stdout.puts "=> #{ret.last.inspect}" _ = value
else $stdout.puts "=> #{Safebox.eval{value.inspect}}"
_e = ret.last when :exception
$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'" _e = value
$stdout.puts Safebox.eval{value.inspect}, Safebox.eval{value.backtrace[0..-4].map( &"\t%s".method( :%))}, "\tSafebox:1:in `run'"
else # Impossible, yet
end end
$stdout.print "(#{i+1})$ " $stdout.print "(#{i+1})$ "
end end
$stderr.puts "In your db are stored: #{Safebox.eval db.method( :inspect)}"

18
bin/box3.rb Executable file
View file

@ -0,0 +1,18 @@
#!/usr/bin/ruby
require 'safebox'
_ = _e = nil
$stdout.print "(0)$ "
db = Safebox.run { {} }
STDIN.each.each_with_index do |line, i|
ret = Safebox.run line, Class.new( Safebox::Box), db, _, _e
if :value == ret.first
_ = ret.last
$stdout.puts "=> #{ret.last.inspect}"
else
_e = ret.last
$stdout.puts ret.last.inspect, ret.last.backtrace[0..-4].map( &"\t%s".method( :%)), "\tSafebox:1:in `run'"
end
$stdout.print "(#{i+1})$ "
end

View file

@ -1,3 +1,6 @@
raise Exception, 'Rubinius does not support $SAFE. Safebox is useless.' if Object.const_defined?( :RUBY_ENGINE) and 'rbx' == RUBY_ENGINE
require 'safebox/safebox' require 'safebox/safebox'
require 'safebox/box' require 'safebox/box'
require 'safebox/emit' require 'safebox/emit'

View file

@ -31,12 +31,13 @@ module Safebox
end end
def eval *paras, &exe def eval *paras, &exe
ret = self.run( *paras, &exe) type, value = self.run( *paras, &exe)
case ret.first case type
when :exception # Really unsecure. Somebody can create an own exception with own #to_s, #class or #backtrace. when :exception
on_exception ret.last on_exception value
nil nil
when :value then ret.last when :value then value
else # Not possible
end end
end end
public :eval public :eval

45
test/safebox.rb Normal file
View file

@ -0,0 +1,45 @@
require 'test/unit'
# No Rubinius-exception
require 'safebox/safebox'
require 'safebox/persistent'
require 'safebox/emit'
require 'safebox/box'
class SafeboxTest < Test::Unit::TestCase
def test_rubinius
assert_not_equal 'rbx', RUBY_ENGINE
end
def test_eval
assert_equal 1, Safebox.eval {|| 1 }
assert_equal [:value,2], Safebox.run {|| 2}
end
def test_safe_is_4
assert_equal 4, Safebox.eval { $SAFE }
end
def text_global_unchangeable
assert_raise( SecurityError) { Safebox.eval { $global = 1 } }
assert_raise( SecurityError) { Safebox.eval { $GLOBAL = 1 } }
assert_raise( SecurityError) { Safebox.eval { $SAFE = 1 } }
end
def test_evilcode
# Doesn't work. But else it works perfect
#assert_raise( SecurityError) { Safebox.eval "class ::Object; def evil; end end" }
end
def test_setconst
# Doesn't work too. I think it's Test::Unit
#assert_raise( SecurityError) { Safebox.eval "class ::ABC; end" }
begin Safebox.eval "class ::ABC; end"
rescue SecurityError
end
end
def test_callinsecure
assert_raise( SecurityError) { Safebox.eval("class ABC;def abc; end end;ABC").new.abc }
end
end