Class: Safemode::Parser
Constant Summary collapse
- @@parser =
@@parser = defined?(RubyParser) ? ‘RubyParser’ : ‘ParseTree’
'RubyParser'
Class Method Summary collapse
Instance Method Summary collapse
- #jail(str, parentheses = false) ⇒ Object
-
#process_call(exp) ⇒ Object
split up #process_call.
- #process_call_args(exp) ⇒ Object
- #process_call_code(receiver, name, args) ⇒ Object
-
#process_call_receiver(exp) ⇒ Object
split up Ruby2Ruby#process_call monster method so we can hook into it in a more readable manner.
- #process_const(arg) ⇒ Object
- #process_fcall(exp) ⇒ Object
- #process_iasgn(exp) ⇒ Object
-
#process_if(exp) ⇒ Object
Ruby2Ruby process_if rewrites if and unless statements in a way that makes the result unusable for evaluation in, e.g.
- #process_vcall(exp) ⇒ Object
- #raise_security_error(type, info) ⇒ Object
Class Method Details
.jail(code, allowed_fcalls = []) ⇒ Object
7 8 9 10 11 |
# File 'lib/safemode/parser.rb', line 7 def jail(code, allowed_fcalls = []) @@allowed_fcalls = allowed_fcalls tree = parse code self.new.process(tree) end |
.parse(code) ⇒ Object
13 14 15 16 17 18 19 20 21 22 |
# File 'lib/safemode/parser.rb', line 13 def parse(code) case @@parser # when 'ParseTree' # ParseTree.translate(code) when 'RubyParser' RubyParser.new.parse(code) else raise "unknown parser #{@@parser}" end end |
.parser=(parser) ⇒ Object
24 25 26 |
# File 'lib/safemode/parser.rb', line 24 def parser=(parser) @@parser = parser end |
Instance Method Details
#jail(str, parentheses = false) ⇒ Object
29 30 31 32 |
# File 'lib/safemode/parser.rb', line 29 def jail(str, parentheses = false) str = parentheses ? "(#{str})." : "#{str}." if str "#{str}to_jail" end |
#process_call(exp) ⇒ Object
split up #process_call. see below …
35 36 37 38 39 40 41 42 |
# File 'lib/safemode/parser.rb', line 35 def process_call(exp) exp.shift # remove ":call" symbol receiver = jail process_call_receiver(exp) name = exp.shift args = process_call_args(exp) process_call_code(receiver, name, args) end |
#process_call_args(exp) ⇒ Object
151 152 153 154 155 156 157 158 159 160 161 162 163 |
# File 'lib/safemode/parser.rb', line 151 def process_call_args(exp) args = [] while not exp.empty? do args_exp = exp.shift if args_exp && args_exp.first == :array # FIX processed = "#{process(args_exp)[1..-2]}" else processed = process args_exp end args << processed unless (processed.nil? or processed.empty?) end args.empty? ? nil : args.join(", ") end |
#process_call_code(receiver, name, args) ⇒ Object
165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/safemode/parser.rb', line 165 def process_call_code(receiver, name, args) case name when :<=>, :==, "!=".to_sym, :<, :>, :<=, :>=, :-, :+, :*, :/, :%, :<<, :>>, :** then "(#{receiver} #{name} #{args})" when :[] then "#{receiver}[#{args}]" when :"-@" then "-#{receiver}" when :"+@" then "+#{receiver}" else unless receiver.nil? then "#{receiver}.#{name}#{args ? "(#{args})" : args}" else "#{name}#{args ? "(#{args})" : args}" end end end |
#process_call_receiver(exp) ⇒ Object
split up Ruby2Ruby#process_call monster method so we can hook into it in a more readable manner
143 144 145 146 147 148 149 |
# File 'lib/safemode/parser.rb', line 143 def process_call_receiver(exp) receiver_node_type = exp.first.nil? ? nil : exp.first.first receiver = process exp.shift receiver = "(#{receiver})" if Ruby2Ruby::ASSIGN_NODES.include? receiver_node_type receiver end |
#process_const(arg) ⇒ Object
122 123 124 125 126 127 128 129 130 131 132 133 134 |
# File 'lib/safemode/parser.rb', line 122 def process_const(arg) sexp_type = arg.sexp_body.sexp_type # constants are encoded as: "s(:const, :Encoding)" if RUBY_VERSION >= "1.9" && sexp_type == :Encoding # handling of Encoding constants in ruby 1.9. # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8) "#{super(arg).gsub('-', '_')}" elsif sexp_type == :String # Allow String.new as used in ERB in Ruby 2.4+ to create a string buffer super(arg).to_s else raise_security_error("constant", super(arg)) end end |
#process_fcall(exp) ⇒ Object
44 45 46 47 48 49 50 51 52 |
# File 'lib/safemode/parser.rb', line 44 def process_fcall(exp) # using haml we probably never arrive here because :lasgn'ed :fcalls # somehow seem to change to :calls somewhere during processing # unless @@allowed_fcalls.include?(exp.first) # code = Ruby2Ruby.new.process([:fcall, exp[1], exp[2]]) # wtf ... # raise_security_error(exp.first, code) # end "to_jail.#{super}" end |
#process_iasgn(exp) ⇒ Object
64 65 66 67 68 69 70 71 |
# File 'lib/safemode/parser.rb', line 64 def process_iasgn(exp) code = super if code != '@output_buffer = ""' raise_security_error(:iasgn, code) else code end end |
#process_if(exp) ⇒ Object
Ruby2Ruby process_if rewrites if and unless statements in a way that makes the result unusable for evaluation in, e.g. ERB which appends a call to to_s when using <%= %> tags. We’d need to either enclose the result from process_if into parentheses like (1 if true) and (true ? (1) : (2)) or just use the plain if-then-else-end syntax (so that ERB can safely append to_s to the resulting block).
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 |
# File 'lib/safemode/parser.rb', line 191 def process_if(exp) exp.shift # remove ":if" symbol from exp = Ruby2Ruby::ASSIGN_NODES.include? exp.first.first c = process exp.shift t = process exp.shift f = process exp.shift c = "(#{c.chomp})" if c =~ /\n/ if t then # unless expand then # if f then # r = "#{c} ? (#{t}) : (#{f})" # r = nil if r =~ /return/ # HACK - need contextual awareness or something # else # r = "#{t} if #{c}" # end # return r if r and (@indent+r).size < LINE_LENGTH and r !~ /\n/ # end r = "if #{c} then\n#{indent(t)}\n" r << "else\n#{indent(f)}\n" if f r << "end" r else # unless expand then # r = "#{f} unless #{c}" # return r if (@indent+r).size < LINE_LENGTH and r !~ /\n/ # end "unless #{c} then\n#{indent(f)}\nend" end end |
#process_vcall(exp) ⇒ Object
54 55 56 57 58 59 60 61 62 |
# File 'lib/safemode/parser.rb', line 54 def process_vcall(exp) # unless @@allowed_fcalls.include?(exp.first) # code = Ruby2Ruby.new.process([:fcall, exp[1], exp[2]]) # wtf ... # raise_security_error(exp.first, code) # end name = exp[1] exp.clear "to_jail.#{name}" end |
#raise_security_error(type, info) ⇒ Object
136 137 138 |
# File 'lib/safemode/parser.rb', line 136 def raise_security_error(type, info) raise Safemode::SecurityError.new(type, info) end |