Permalink
Browse files

enable SAFE mode when evaluating code

  • Loading branch information...
1 parent d667377 commit cccdee479f27f5009c0ca8dbed51e020f857810a @siuying committed Apr 22, 2012
Showing with 27 additions and 3 deletions.
  1. +9 −3 lib/instant/runner.rb
  2. +18 −0 spec/instant/runner_spec.rb
View
@@ -13,14 +13,20 @@ def run(source, timeout=1)
context = Context.new
return_value = nil
- begin
- Timeout::timeout(timeout) do
- return_value = context.instance_eval(@processed)
+ begin
+ thread = Thread.new do
+ $SAFE = 3
+ Timeout::timeout(timeout) do
+ return_value = context.instance_eval(@processed)
+ end
end
+ thread.join
ensure
context.close
end
{:status => :ok, :result => context.to_s, :return_value => return_value}
+ rescue SecurityError => e
+ {:status => :error, :cause => :security_error, :message => format_error(e), :result => context.to_s }
rescue SyntaxError => e
{:status => :error, :cause => :syntax_error, :message => format_error(e), :result => context.to_s }
rescue Racc::ParseError => e
@@ -80,5 +80,23 @@
results = result[:result].split("\n")
results[0].strip.should =~ /k = 1/
end
+
+ it "should guard against dangerous code" do
+ source = "def hello
+ k = 1
+ fork do
+ puts 'haha!'
+ end
+ end; hello"
+
+ runner = Instant::Runner.new
+ result = runner.run(source)
+ result[:status].should == :error
+ result[:cause].should == :security_error
+
+ results = result[:result].split("\n")
+ results[0].strip.should =~ /k = 1/
+
+ end
end
end

0 comments on commit cccdee4

Please sign in to comment.