Skip to content

QaDeS/sandboxed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

lib

lib

 
 

spec

spec

 
 

.gitignore

.gitignore

 
 

Gemfile

Gemfile

 
 

LICENSE

LICENSE

 
 

README.rdoc

README.rdoc

 
 

all_spec

all_spec

 
 

sandboxed.gemspec

sandboxed.gemspec

 
 

Repository files navigation

Sandboxed

A Ruby execution sandbox. It executes a code block at a given $SAFE level and handles the security of the context the code will operate on. Unsafe operations will raise a SecurityError. See www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html for more information on $SAFE levels.

Usage

Kernel Methods

Sandboxed provides two methods directly in the Kernel module for convenience.

safe do
  do_something
end

safe_method :my_method

Example

A simple example would be a program that executes a line from STDIN.

require 'sandboxed'

code = gets.untaint
puts safe{ eval(code) }

Setting the $SAFE level

Per default, code will be executed at $SAFE=4. To change this, use the :level option.

safe(:level => 3) { ... }

Setting the context

You can also set the context which the given code block will operate on.

safe(:context => 'foo') { reverse }  # => "oof"

Passing in local variables

Local variables are automatically passed into the safe block.

foo = "foo"
safe{ foo.reverse }  # => "oof"

Even though they are accessible, unsave operations on them are prevented.

arr = []
safe{ arr << 'foo' }  # => SecurityError

To perform unsafe operations on them, you have to untrust them.

arr.untrust
safe{ arr << 'foo' }  # => ["foo"]

Alternative modes

Per default, Sandboxed uses :overlay mode, which prevents For Ruby 1.8.7 or higher, :ctx_only mode is available. This means only the context is available to unsafe code. In case you want to publish local variables to the safe block, you have to pass them as parameters.

bar = 'bar'
safe(bar, :context => 'foo', :mode => :ctx_only) { |bar| bar + reverse }  # => "baroof"

Setting the default mode

If you want to have :ctx_only ad the default mode for your application, you can do so.

Sandboxed.default_mode = :ctx_only

Publishing methods

Some methods on your context might (intentionally!) raise a SecurityError when called in a safe environment.

class MyContext
  def log(text)
    puts text       # would raise a SecurityError on $SAFE=4
  end
  safe_method :log  # this makes it safe to call
end

ctx = MyContext.new
safe(:context => ctx) do
  log "something important"
end

Compatability

Sandboxed was successfully tested on MRI and REE >= 1.8.6. JRuby does not support $SAFE levels, so we’re pretty much out of luck. Same seems to be the case with Rubinius.

Test results and patches for other environments are greatly appreciated!

Installation

You can install Sandboxed via rubygems.

gem install sandboxed

Or you can use Bundler.

echo "gem 'sandboxed'" >> Gemfile
bundle install

That way, you can easily switch to the bleeding edge directly from the github repository.

gem 'sandboxed', :git => 'git://github.com/QaDeS/sandboxed.git'

Contributing

For bug reports and feature requests, use the github tracker at github.com/QaDeS/sandboxed/issues

If you want to get your hands dirty, please fork the project at github.com/QaDeS/sandboxed

Copyright

Copyright © 2011 Michael Klaus. See LICENSE for details.

About

Execute code blocks in a $SAFE environment.

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages