Class: Secure::ChildProcess

Inherits:
Object
  • Object
show all
Defined in:
lib/secure/child_process.rb

Instance Method Summary collapse

Constructor Details

#initialize(opts, read_file, write_file) ⇒ ChildProcess

Returns a new instance of ChildProcess.



5
6
7
8
9
10
11
12
13
14
15
16
17
 
# File 'lib/secure/child_process.rb', line 5

def initialize(opts, read_file, write_file)
  read_file.close
  @pipe = write_file
  @timeout = opts[:timeout]
  @limit_memory = opts[:limit_memory]
  @limit_cpu = opts[:limit_cpu]
  @pipe_stdout = opts[:pipe_stdout]
  @pipe_stderr = opts[:pipe_stderr]
  @pipe_stdin = opts[:pipe_stdin]
  @run_before = opts[:run_before]
  @safe_value = opts[:safe] || 3
  @limit_files = opts[:limit_files]
end

Instance Method Details

#decorate_with_guard_threads(thread) ⇒ Object 



58
59
60
 
# File 'lib/secure/child_process.rb', line 58

def decorate_with_guard_threads(thread)
  GuardThread.kill_thread_on_timeout(@timeout, thread) if @timeout
end

#executeObject 



62
63
64
65
 
# File 'lib/secure/child_process.rb', line 62

def execute
  ret = safely_run_block { yield }
  @pipe.write(Base64.encode64(Marshal.dump(ret)))
end

#guard_threadsObject 



19
20
21
 
# File 'lib/secure/child_process.rb', line 19

def guard_threads
  @guard_threads || []
end

#redirect_filesObject 



29
30
31
32
33
 
# File 'lib/secure/child_process.rb', line 29

def redirect_files
  $stdout.reopen(@pipe_stdout) if @pipe_stdout
  $stderr.reopen(@pipe_stderr) if @pipe_stderr
  $stdin.reopen(@pipe_stdin) if @pipe_stdin
end

#run_before_methodsObject 



35
36
37
38
39
40
41
42
 
# File 'lib/secure/child_process.rb', line 35

def run_before_methods
  return unless @run_before
  if @run_before.is_a? Array
    @run_before.each &:call
  else
    @run_before.call
  end
end

#safely_run_blockObject 



44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/secure/child_process.rb', line 44

def safely_run_block
  set_resource_limits
  redirect_files
  thread = Thread.start do
    run_before_methods
    $SAFE = @safe_value
    yield
  end
  decorate_with_guard_threads(thread)
  Response.success(thread.value)
rescue Exception => e
  Response.error(e)
end

#set_resource_limitsObject 



23
24
25
26
27
 
# File 'lib/secure/child_process.rb', line 23

def set_resource_limits
  Process::setrlimit(Process::RLIMIT_AS, @limit_memory) if @limit_memory
  Process::setrlimit(Process::RLIMIT_CPU, @limit_cpu, 2 + @limit_cpu) if @limit_cpu
  Process::setrlimit(Process::RLIMIT_NOFILE, @limit_files, @limit_files) if @limit_files
end