Module: Unveiler

Defined in:
lib/unveiler.rb

Overview

Unveiler allows for testing programs using pledge and unveil.

Class Method Summary collapse

Class Method Details

.pledge_and_unveil(pledge, unveil) ⇒ Object

Use Pledge.unveil to limit access to the file system based on the unveil argument. Then pledge the process with the given pledge permissions. This will automatically unveil the rack and mail gems if they are loaded.



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/unveiler.rb', line 21

def self.pledge_and_unveil(pledge, unveil)
  unveil = Hash[unveil]

  if defined?(Gem) && Gem.respond_to?(:loaded_specs)
    if defined?(Rack) && Gem.loaded_specs['rack']
      unveil['rack'] = :gem
    end
    if defined?(Mail) && Gem.loaded_specs['mail']
      unveil['mail'] = :gem
    end
  end

  # :nocov:
  if defined?(SimpleCov)
  # :nocov:
    # If running coverage tests, add necessary pledges and unveils for
    # coverage testing to work.
    dir = SimpleCov.coverage_dir
    unveil[dir] = 'rwc'

    # Unveil read access to the entire current directory, since any part
    # that has covered code needs to be read to generate the coverage
    # information.
    unveil['.'] = 'r'

    if defined?(Gem)
      # Unveil access to the simplecov-html gem, since that is used by default
      # to build the coverage pages.
      unveil['simplecov-html'] = :gem
    end

    # :nocov:
    # Must create directory before attempting to unveil it.
    # When running unveiler tests, the coverage directory is already created.
    Dir.mkdir(dir) unless File.directory?(dir)
    # :nocov:

    pledge = (pledge.split + %w'rpath wpath cpath flock').uniq.join(' ')
  end

  Pledge.unveil(unveil)
  Pledge.pledge(pledge)
end