Class: Safemode::Parser
Constant Summary collapse
- @@parser =
@@parser = defined?(RubyParser) ? ‘RubyParser’ : ‘ParseTree’
'RubyParser'
Class Method Summary collapse
Instance Method Summary collapse
- #jail(str, parentheses = false) ⇒ Object
-
#process_call(exp) ⇒ Object
split up #process_call.
- #process_call_args(exp) ⇒ Object
- #process_call_code(receiver, name, args) ⇒ Object
-
#process_call_receiver(exp) ⇒ Object
split up Ruby2Ruby#process_call monster method so we can hook into it in a more readable manner.
- #process_const(arg) ⇒ Object
- #process_fcall(exp) ⇒ Object
- #process_iasgn(exp) ⇒ Object
-
#process_if(exp) ⇒ Object
Ruby2Ruby process_if rewrites if and unless statements in a way that makes the result unusable for evaluation in, e.g.
- #process_vcall(exp) ⇒ Object
- #raise_security_error(type, info) ⇒ Object
Class Method Details
.jail(code, allowed_fcalls = []) ⇒ Object
7 8 9 10 11 |
# File 'lib/safemode/parser.rb', line 7 def jail(code, allowed_fcalls = []) @@allowed_fcalls = allowed_fcalls tree = parse code self.new.process(tree) end |
.parse(code) ⇒ Object
13 14 15 16 17 18 19 20 21 22 |
# File 'lib/safemode/parser.rb', line 13 def parse(code) case @@parser # when 'ParseTree' # ParseTree.translate(code) when 'RubyParser' RubyParser.new.parse(code) else raise "unknown parser #{@@parser}" end end |
.parser=(parser) ⇒ Object
24 25 26 |
# File 'lib/safemode/parser.rb', line 24 def parser=(parser) @@parser = parser end |
Instance Method Details
#jail(str, parentheses = false) ⇒ Object
29 30 31 32 |
# File 'lib/safemode/parser.rb', line 29 def jail(str, parentheses = false) str = parentheses ? "(#{str})." : "#{str}." if str "#{str}to_jail" end |
#process_call(exp) ⇒ Object
split up #process_call. see below …
35 36 37 38 39 40 41 |
# File 'lib/safemode/parser.rb', line 35 def process_call(exp) receiver = jail process_call_receiver(exp) name = exp.shift args = process_call_args(exp) process_call_code(receiver, name, args) end |
#process_call_args(exp) ⇒ Object
149 150 151 152 153 154 155 156 157 158 159 160 161 |
# File 'lib/safemode/parser.rb', line 149 def process_call_args(exp) args = [] while not exp.empty? do args_exp = exp.shift if args_exp && args_exp.first == :array # FIX processed = "#{process(args_exp)[1..-2]}" else processed = process args_exp end args << processed unless (processed.nil? or processed.empty?) end args.empty? ? nil : args.join(", ") end |
#process_call_code(receiver, name, args) ⇒ Object
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/safemode/parser.rb', line 163 def process_call_code(receiver, name, args) case name when :<=>, :==, "!=".to_sym, :<, :>, :<=, :>=, :-, :+, :*, :/, :%, :<<, :>>, :** then "(#{receiver} #{name} #{args})" when :[] then "#{receiver}[#{args}]" when :"-@" then "-#{receiver}" when :"+@" then "+#{receiver}" else unless receiver.nil? then "#{receiver}.#{name}#{args ? "(#{args})" : args}" else "#{name}#{args ? "(#{args})" : args}" end end end |
#process_call_receiver(exp) ⇒ Object
split up Ruby2Ruby#process_call monster method so we can hook into it in a more readable manner
141 142 143 144 145 146 147 |
# File 'lib/safemode/parser.rb', line 141 def process_call_receiver(exp) receiver_node_type = exp.first.nil? ? nil : exp.first.first receiver = process exp.shift receiver = "(#{receiver})" if Ruby2Ruby::ASSIGN_NODES.include? receiver_node_type receiver end |
#process_const(arg) ⇒ Object
121 122 123 124 125 126 127 128 129 130 131 132 |
# File 'lib/safemode/parser.rb', line 121 def process_const(arg) if RUBY_VERSION >= "1.9" && arg.sexp_type == :Encoding # handling of Encoding constants in ruby 1.9. # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8) "#{super(arg).gsub('-', '_')}" elsif arg.sexp_type == :String # Allow String.new as used in ERB in Ruby 2.4+ to create a string buffer super(arg).to_s else raise_security_error("constant", super(arg)) end end |
#process_fcall(exp) ⇒ Object
43 44 45 46 47 48 49 50 51 |
# File 'lib/safemode/parser.rb', line 43 def process_fcall(exp) # using haml we probably never arrive here because :lasgn'ed :fcalls # somehow seem to change to :calls somewhere during processing # unless @@allowed_fcalls.include?(exp.first) # code = Ruby2Ruby.new.process([:fcall, exp[1], exp[2]]) # wtf ... # raise_security_error(exp.first, code) # end "to_jail.#{super}" end |
#process_iasgn(exp) ⇒ Object
63 64 65 66 67 68 69 70 |
# File 'lib/safemode/parser.rb', line 63 def process_iasgn(exp) code = super if code != '@output_buffer = ""' raise_security_error(:iasgn, code) else code end end |
#process_if(exp) ⇒ Object
Ruby2Ruby process_if rewrites if and unless statements in a way that makes the result unusable for evaluation in, e.g. ERB which appends a call to to_s when using <%= %> tags. We’d need to either enclose the result from process_if into parentheses like (1 if true) and (true ? (1) : (2)) or just use the plain if-then-else-end syntax (so that ERB can safely append to_s to the resulting block).
189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 |
# File 'lib/safemode/parser.rb', line 189 def process_if(exp) = Ruby2Ruby::ASSIGN_NODES.include? exp.first.first c = process exp.shift t = process exp.shift f = process exp.shift c = "(#{c.chomp})" if c =~ /\n/ if t then # unless expand then # if f then # r = "#{c} ? (#{t}) : (#{f})" # r = nil if r =~ /return/ # HACK - need contextual awareness or something # else # r = "#{t} if #{c}" # end # return r if r and (@indent+r).size < LINE_LENGTH and r !~ /\n/ # end r = "if #{c} then\n#{indent(t)}\n" r << "else\n#{indent(f)}\n" if f r << "end" r else # unless expand then # r = "#{f} unless #{c}" # return r if (@indent+r).size < LINE_LENGTH and r !~ /\n/ # end "unless #{c} then\n#{indent(f)}\nend" end end |
#process_vcall(exp) ⇒ Object
53 54 55 56 57 58 59 60 61 |
# File 'lib/safemode/parser.rb', line 53 def process_vcall(exp) # unless @@allowed_fcalls.include?(exp.first) # code = Ruby2Ruby.new.process([:fcall, exp[1], exp[2]]) # wtf ... # raise_security_error(exp.first, code) # end name = exp[1] exp.clear "to_jail.#{name}" end |
#raise_security_error(type, info) ⇒ Object
134 135 136 |
# File 'lib/safemode/parser.rb', line 134 def raise_security_error(type, info) raise Safemode::SecurityError.new(type, info) end |