forked from jruby/jruby
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
First minor push of security-related changes.
* Check JRubyPermission("eval.string") for String evals
* Check JRubyPermission("eval.block") for Block evals- Loading branch information
Showing
4 changed files
with
116 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| /* | ||
| ****************************************************************************** | ||
| * BEGIN LICENSE BLOCK *** Version: CPL 1.0/GPL 2.0/LGPL 2.1 | ||
| * | ||
| * The contents of this file are subject to the Common Public License Version | ||
| * 1.0 (the "License"); you may not use this file except in compliance with the | ||
| * License. You may obtain a copy of the License at | ||
| * http://www.eclipse.org/legal/cpl-v10.html | ||
| * | ||
| * Software distributed under the License is distributed on an "AS IS" basis, | ||
| * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for | ||
| * the specific language governing rights and limitations under the License. | ||
| * | ||
| * Alternatively, the contents of this file may be used under the terms of | ||
| * either of the GNU General Public License Version 2 or later (the "GPL"), or | ||
| * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), in | ||
| * which case the provisions of the GPL or the LGPL are applicable instead of | ||
| * those above. If you wish to allow use of your version of this file only under | ||
| * the terms of either the GPL or the LGPL, and not to allow others to use your | ||
| * version of this file under the terms of the CPL, indicate your decision by | ||
| * deleting the provisions above and replace them with the notice and other | ||
| * provisions required by the GPL or the LGPL. If you do not delete the | ||
| * provisions above, a recipient may use your version of this file under the | ||
| * terms of any one of the CPL, the GPL or the LGPL. END LICENSE BLOCK **** | ||
| ******************************************************************************/ | ||
|
|
||
| package org.jruby.security; | ||
|
|
||
| import java.security.BasicPermission; | ||
|
|
||
| public class JRubyPermission extends BasicPermission { | ||
| public static final JRubyPermission EVAL_STRING = new JRubyPermission("eval.string"); | ||
| public static final JRubyPermission EVAL_BLOCK = new JRubyPermission("eval.block"); | ||
|
|
||
| private String name; | ||
| public JRubyPermission(String name) { | ||
| super(name); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| /* | ||
| ****************************************************************************** | ||
| * BEGIN LICENSE BLOCK *** Version: CPL 1.0/GPL 2.0/LGPL 2.1 | ||
| * | ||
| * The contents of this file are subject to the Common Public License Version | ||
| * 1.0 (the "License"); you may not use this file except in compliance with the | ||
| * License. You may obtain a copy of the License at | ||
| * http://www.eclipse.org/legal/cpl-v10.html | ||
| * | ||
| * Software distributed under the License is distributed on an "AS IS" basis, | ||
| * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for | ||
| * the specific language governing rights and limitations under the License. | ||
| * | ||
| * Alternatively, the contents of this file may be used under the terms of | ||
| * either of the GNU General Public License Version 2 or later (the "GPL"), or | ||
| * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), in | ||
| * which case the provisions of the GPL or the LGPL are applicable instead of | ||
| * those above. If you wish to allow use of your version of this file only under | ||
| * the terms of either the GPL or the LGPL, and not to allow others to use your | ||
| * version of this file under the terms of the CPL, indicate your decision by | ||
| * deleting the provisions above and replace them with the notice and other | ||
| * provisions required by the GPL or the LGPL. If you do not delete the | ||
| * provisions above, a recipient may use your version of this file under the | ||
| * terms of any one of the CPL, the GPL or the LGPL. END LICENSE BLOCK **** | ||
| ******************************************************************************/ | ||
|
|
||
| package org.jruby.security; | ||
|
|
||
| import org.jruby.runtime.ThreadContext; | ||
|
|
||
| /** | ||
| * Utility class for checking various JRuby permissions. | ||
| */ | ||
| public class SecurityUtil { | ||
| /** | ||
| * Check if the given thread (context) has permission to eval strings. | ||
| * | ||
| * @param context the thread context to confirm | ||
| */ | ||
| public static void checkEvalString(ThreadContext context) { | ||
| try { | ||
| SecurityManager sm = System.getSecurityManager(); | ||
| if (sm != null) { | ||
| sm.checkPermission(JRubyPermission.EVAL_STRING); | ||
| } | ||
| } catch (SecurityException se) { | ||
| throw context.runtime.newSecurityError(se.getLocalizedMessage()); | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Check if the given thread (context) has permission to eval blocks. | ||
| * | ||
| * @param context the thread context to confirm | ||
| */ | ||
| public static void checkEvalBlock(ThreadContext context) { | ||
| try { | ||
| SecurityManager sm = System.getSecurityManager(); | ||
| if (sm != null) { | ||
| sm.checkPermission(JRubyPermission.EVAL_BLOCK); | ||
| } | ||
| } catch (SecurityException se) { | ||
| throw context.runtime.newSecurityError(se.getLocalizedMessage()); | ||
| } | ||
| } | ||
| } |