Shikashi is an sandbox for ruby that handles all ruby method calls executed in the interpreter to allow or deny these calls depending on the receiver object, the method name, the source file from where the call was originatedFor more info about the project, visit the project page
You can install the gem by doing
gem install shikashi
New Enhancements
removed evalmimic dependency
evalmimic is a gem to emulate the behavior of the binding argument of the eval method (the default binding), to allow the API to do this:
a = 5
Sandbox.run("a+1", Privileges.allow_method(:+)) # return 6
The implementation of evalmimic is somewhat complex because it relies in a C extension and even implements some low level hacks using unsupported features of MRI (e.g. evalmimic will not compile and install for ruby 1.9)
So it was decided to remove the evalmimic dependency from shikashi and evalhook, and remove the feature shown in the above example. The only difference now is that you must add the binding as parameter if you decide to execute the sandbox in that way.
a = 5
Sandbox.run("a+1", Privileges.allow_method(:+), binding) # return 6
And if you do not specify the binding, the default behavior is use the global binding nested in the sandbox namespace
Sugar Syntax
As seen in previous code examples, it's no longer necessary to instanciate lot of objects in order to execute code in the sandbox, only Sandbox.run and Privileges now use method chaining syntax. Example:
require "shikashi"
Sandbox.run('print "hello world\n"', Privileges.allow_method(:print))
$a = 1
Sandbox.run('print $a, "\n"',
Privileges.allow_method(:print).allow_global_read(:$a)
)
Control over read access of constants and global variables
Now, you must grant read privileges over global variables and constants in order to allow the read access to them. By default, trying to access to global variables and constants will result on SecurityError exceptions. Constants defined inside the base namespace of the sandbox are allowed by default (e.g. classes defined in the same code)
# this will work
include Shikashi
Sandbox.run("
class X
def foo
end
end
X.new.foo
", Privileges.allow_method(:new))
$a = 4
Sandbox.run("$a", Privileges.allow_global_read(:$a)) # 4
A = 4
Sandbox.run("A", Privileges.allow_const_read("A") # 4
Sandbox.run("$a") # raise SecurityError
Sandbox.run("A") # raise SecurityError
Interception of method calls using super on evalhook
Now, call to super methods are intercepted by evalhook and rejected by shikashi when appropiate
include Shikashi
#=begin
Sandbox.run("
class X
def system(*args)
super # raise SecurityError
end
end
X.new.system('ls -l')
", Privileges.allow_method(:new))
Refactor to use Ruby2Ruby on partialruby
Partialruby is the gem that emulates ruby using ruby to allow the changes to AST needed by evalhook for interceptions. Up to version 0.1.0, partialruby implements the emulation with abstract tree processing from scratch. Now, at released version 0.2.0, partialruby relies on more mature and stable gem Ruby2Ruby which converts AST to executable ruby source code
Links
No hay comentarios:
Publicar un comentario