github
Advanced Search
  • Home
  • Pricing and Signup
  • Explore GitHub
  • Blog
  • Login

jmettraux / rufus-treechecker

  • Admin
  • Watch Unwatch
  • Fork
  • Your Fork
  • Pull Request
  • Download Source
    • 4
    • 0
  • Source
  • Commits
  • Network (0)
  • Issues (0)
  • Downloads (4)
  • Wiki (1)
  • Graphs
  • Branch: master

click here to add a description

click here to add a homepage

  • Branches (1)
    • master ✓
  • Tags (4)
    • r1.0.3
    • r1.0.2
    • r1.0.1
    • r1.0
Sending Request…
Enable Donations

Pledgie Donations

Once activated, we'll place the following badge in your repository's detail box:
Pledgie_example
This service is courtesy of Pledgie.

checking ruby sexp trees [before eval()], raise security error if excluded code pattern spotted — Read more

  cancel

http://rufus.rubyforge.org/rufus-treechecker

  cancel
  • Private
  • Read-Only
  • HTTP Read-Only

This URL has Read+Write access

cosmetic changes
jmettraux (author)
Mon May 11 22:54:46 -0700 2009
commit  c27b5fa7e2bcb81262f619496c84a76660ad7eef
tree    cf248d3d378eb29cffa7af323f8b87f1d48f504b
parent  845820d87f1abf1db3e9a6f791727147c36725b3
rufus-treechecker /
name age
history
message
file CHANGELOG.txt Loading commit data...
file CREDITS.txt
file LICENSE.txt
file README.txt Sun Nov 09 22:13:33 -0800 2008 doc update [jmettraux]
file Rakefile Thu Mar 12 16:59:13 -0700 2009 moved to hanna rdoc template [jmettraux]
directory doc/
file jtest.sh
directory lib/
directory test/
README.txt
= 'rufus-treechecker'

== what is it ?

Initialize a Rufus::TreeChecker and pass some ruby code to make sure it's safe before calling eval().


== getting it

    sudo gem install -y rufus-treechecker

or download[http://rubyforge.org/frs/?group_id=4812] it from RubyForge.


== usage

The treechecker uses ruby_parser (http://rubyforge.org/projects/parsetree)
to turn Ruby code into s-expressions, the treechecker then 
checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern 
is spotted.

The excluded patterns are defined at the initialization of the TreeChecker
instance by listing rules.

    require 'rubygems'
    require 'rufus-treechecker'

    tc = Rufus::TreeChecker.new do
      exclude_fvcall :abort
      exclude_fvcall :exit, :exit!
    end
    
    tc.check("1 + 1; abort")               # will raise a SecurityError
    tc.check("puts (1..10).to_a.inspect")  # OK


Nice, but how do I know what to exclude ?

    require 'rubygems'
    require 'rufus-treechecker'

    Rufus::TreeChecker.new.ptree('a = 5 + 6; puts a')

will yield

    "a = 5 + 6; puts a"
     => 
     [:block, 
       [:lasgn, :a, [:call, [:lit, 5], :+, [:array, [:lit, 6]]]], 
       [:fcall, :puts, [:array, [:lvar, :a]]]
     ]


For more documentation, see http://github.com/jmettraux/rufus-treechecker/tree/master/lib/rufus/treechecker.rb


== dependencies

the 'ruby_parser' gem by Ryan Davis.


== mailing list

On the Rufus-Ruby list[http://groups.google.com/group/rufus-ruby] :

    http://groups.google.com/group/rufus-ruby


== issue tracker

    http://rubyforge.org/tracker/?atid=18584&group_id=4812&func=browse


== source

http://github.com/jmettraux/rufus-treechecker

    git clone git://github.com/jmettraux/rufus-treechecker.git


== author

John Mettraux, jmettraux@gmail.com,
http://jmettraux.wordpress.com


== the rest of Rufus

http://rufus.rubyforge.org


== license

MIT
Blog | Support | Training | Contact | API | Status | Twitter | Help | Security
© 2010 GitHub Inc. All rights reserved. | Terms of Service | Privacy Policy
Powered by the Dedicated Servers and
Cloud Computing of Rackspace Hosting®
Dedicated Server