Skip to content
Newer
Older
100644 125 lines (109 sloc) 2.43 KB
9595725 update copyrights to 2011
Laurent Sansonetti authored
1 /*
2 * This file is covered by the Ruby license. See COPYING for more details.
7d7d3e8 @ferrous26 Change ownership to The MacRuby Team and update copyrights
ferrous26 authored
3 *
4 * Copyright (C) 2012, The MacRuby Team. All rights reserved.
9595725 update copyrights to 2011
Laurent Sansonetti authored
5 * Copyright (C) 2007-2011, Apple Inc. All rights reserved.
6 * Copyright (C) 1993-2007 Yukihiro Matsumoto
7 * Copyright (C) 2000 Network Applied Communication Laboratory, Inc.
8 * Copyright (C) 2000 Information-technology Promotion Agency, Japan
9 */
10
9c1d230 committing experimental branch content
Laurent Sansonetti authored
11 /*
12 * This file is included by eval.c
13 */
14
15 /* safe-level:
16 0 - strings from streams/environment/ARGV are tainted (default)
17 1 - no dangerous operation by tainted value
18 2 - process/file operations prohibited
19 3 - all generated objects are tainted
20 4 - no global (non-tainted) variable modification/no direct output
21 */
22
23 #define SAFE_LEVEL_MAX 4
24
25 /* $SAFE accessor */
26
27 int
28 rb_safe_level(void)
29 {
30 return rb_vm_safe_level();
31 }
32
33 void
34 rb_set_safe_level_force(int safe)
35 {
36 rb_vm_set_safe_level(safe);
37 }
38
39 void
40 rb_set_safe_level(int level)
41 {
42 if (level > rb_vm_safe_level()) {
43 if (level > SAFE_LEVEL_MAX) {
44 level = SAFE_LEVEL_MAX;
45 }
46 rb_vm_set_safe_level(level);
47 }
48 }
49
50 static VALUE
51 safe_getter(void)
52 {
53 return INT2NUM(rb_safe_level());
54 }
55
56 static void
57 safe_setter(VALUE val)
58 {
59 int level = NUM2INT(val);
60 int current_level = rb_vm_safe_level();
61
62 if (level < current_level) {
63 rb_raise(rb_eSecurityError,
64 "tried to downgrade safe level from %d to %d",
65 current_level, level);
66 }
67 if (level > SAFE_LEVEL_MAX) {
68 level = SAFE_LEVEL_MAX;
69 }
70 rb_vm_set_safe_level(level);
71 }
72
73 void
74 rb_secure(int level)
75 {
76 if (level <= rb_safe_level()) {
77 if (rb_frame_callee()) {
78 rb_raise(rb_eSecurityError, "Insecure operation `%s' at level %d",
79 rb_id2name(rb_frame_callee()), rb_safe_level());
80 }
81 else {
82 rb_raise(rb_eSecurityError, "Insecure operation at level %d",
83 rb_safe_level());
84 }
85 }
86 }
87
88 void
89 rb_secure_update(VALUE obj)
90 {
91 if (!OBJ_TAINTED(obj))
92 rb_secure(4);
93 }
94
95 void
30aca31 @Watson1978 check with given safe level
Watson1978 authored
96 rb_insecure_operation(void)
97 {
98 if (rb_frame_callee()) {
99 rb_raise(rb_eSecurityError, "Insecure operation - %s",
100 rb_id2name(rb_frame_callee()));
101 }
102 else {
103 rb_raise(rb_eSecurityError, "Insecure operation: -r");
104 }
105 }
106
107 void
9c1d230 committing experimental branch content
Laurent Sansonetti authored
108 rb_check_safe_obj(VALUE x)
109 {
110 if (rb_safe_level() > 0 && OBJ_TAINTED(x)) {
30aca31 @Watson1978 check with given safe level
Watson1978 authored
111 rb_insecure_operation();
9c1d230 committing experimental branch content
Laurent Sansonetti authored
112 }
113 rb_secure(4);
114 }
115
116 void
117 rb_check_safe_str(VALUE x)
118 {
119 rb_check_safe_obj(x);
120 if (TYPE(x) != T_STRING) {
121 rb_raise(rb_eTypeError, "wrong argument type %s (expected String)",
122 rb_obj_classname(x));
123 }
124 }
Something went wrong with that request. Please try again.