Class: Shikashi::Sandbox::EvalhookHandler

Inherits:
EvalHook::HookHandler
  • Object
show all
Defined in:
lib/shikashi/sandbox.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#sandboxObject

Returns the value of attribute sandbox.



144
145
146
 
# File 'lib/shikashi/sandbox.rb', line 144

def sandbox
  @sandbox
end

Instance Method Details

#get_callerObject

if



273
274
275
 
# File 'lib/shikashi/sandbox.rb', line 273

def get_caller
  caller[2].split(":").first
end

#handle_cdecl(klass, const_id, value) ⇒ Object 



199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
 
# File 'lib/shikashi/sandbox.rb', line 199

def handle_cdecl(klass, const_id, value)
  source = get_caller

  privileges = sandbox.privileges[source]
  if privileges
    unless privileges.const_write_allowed? "#{klass}::#{const_id}"
      if (klass == Object)
        unless privileges.const_write_allowed? const_id.to_s
          raise SecurityError.new("Cannot assign const #{const_id}")
        end
      else
        raise SecurityError.new("Cannot assign const #{klass}::#{const_id}")
      end
    end
  end

  nil
end

#handle_const(name) ⇒ Object 



184
185
186
187
188
189
190
191
192
193
194
195
196
197
 
# File 'lib/shikashi/sandbox.rb', line 184

def handle_const(name)
  source = get_caller
  privileges = sandbox.privileges[source]
  if privileges
    constants = sandbox.base_namespace.constants
    unless constants.include? name or constants.include? name.to_sym
      unless privileges.const_read_allowed? name.to_s
        raise SecurityError, "cannot access constant #{name}"
      end
    end
  end

  const_value(sandbox.base_namespace.const_get(name))
end

#handle_gasgn(global_id, value) ⇒ Object 



159
160
161
162
163
164
165
166
167
168
169
170
 
# File 'lib/shikashi/sandbox.rb', line 159

def handle_gasgn( global_id, value )
  source = get_caller

  privileges = sandbox.privileges[source]
  if privileges
    unless privileges.global_write_allowed? global_id
      raise SecurityError.new("Cannot assign global variable #{global_id}")
    end
  end

  nil
end

#handle_gvar(global_id) ⇒ Object 



172
173
174
175
176
177
178
179
180
181
182
 
# File 'lib/shikashi/sandbox.rb', line 172

def handle_gvar(global_id)
  source = get_caller
  privileges = sandbox.privileges[source]
  if privileges
    unless privileges.global_read_allowed? global_id
      raise SecurityError, "cannot access global variable #{global_id}"
    end
  end

  nil
end

#handle_method(klass, recv, method_name) ⇒ Object 



218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
 
# File 'lib/shikashi/sandbox.rb', line 218

def handle_method(klass, recv, method_name)
  source = nil

  method_id = 0

  if method_name

    source = self.get_caller
    m = begin
      klass.instance_method(method_name)
    rescue
      method_name = :method_missing
      klass.instance_method(:method_missing)
    end
    dest_source = m.body.file

    privileges = nil
    if source != dest_source then
      privileges = sandbox.privileges[source]

      unless privileges then
         raise SecurityError.new("Cannot invoke method #{method_name} on object of class #{klass}")
      else
#              privileges = privileges.dup
        loop_source = source
        loop_privileges = privileges

        while loop_privileges and loop_source != dest_source
          unless loop_privileges.allow?(klass,recv,method_name,method_id)
            raise SecurityError.new("Cannot invoke method #{method_name} on object of class #{klass}")
          end

          loop_privileges = nil
          loop_source = sandbox.chain[loop_source]

          if dest_source then
            loop_privileges = sandbox.privileges[loop_source]
          else
            loop_privileges = nil
          end

        end
      end
    end

    return nil if method_name == :instance_eval
    return nil if method_name == :binding

    nil

  end


end

#handle_xstr(str) ⇒ Object 



146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'lib/shikashi/sandbox.rb', line 146

def handle_xstr( str )
  source = get_caller

  privileges = sandbox.privileges[source]
  if privileges
    unless privileges.xstr_allowed?
      raise SecurityError, "fobidden shell commands"
    end
  end

  `#{str}`
end