Class: TheMechanic2::SecurityService

Inherits:

Object

• Object
• TheMechanic2::SecurityService

Defined in:

lib/the_mechanic_2/security_service.rb

Overview

Service for validating Ruby code before execution Blocks dangerous operations like system calls, file I/O, network access, etc.

Constant Summary

FORBIDDEN_PATTERNS =

Forbidden patterns that should not be allowed in benchmark code

{
  system_calls: [
    /\bsystem\s*\(/,
    /\bexec\s*\(/,
    /\bspawn\s*\(/,
    /`[^`]+`/,  # backticks
    /\%x\{/,    # %x{} syntax
    /\bfork\s*(\(|do|\{)/,
    /Process\.spawn/,
    /Process\.exec/,
    /Kernel\.system/,
    /Kernel\.exec/,
    /Kernel\.spawn/
  ],
  network_operations: [
    /URI\.open/,  # Check this first before generic open
    /Net::HTTP/,
    /Net::FTP/,
    /Net::SMTP/,
    /Net::POP3/,
    /Net::IMAP/,
    /Socket\./,
    /TCPSocket/,
    /UDPSocket/,
    /UNIXSocket/,
    /HTTParty/,
    /Faraday/,
    /RestClient/
  ],
  file_operations: [
    /File\.open/,
    /File\.read/,
    /File\.write/,
    /File\.delete/,
    /File\.unlink/,
    /File\.rename/,
    /File\.chmod/,
    /File\.chown/,
    /FileUtils\./,
    /IO\.read/,
    /IO\.write/,
    /IO\.open/,
    /\bopen\s*\(/  # Kernel#open
  ],
  database_writes: [
    /\.save[!\s(]/,
    /\.save$/,
    /\.update[!\s(]/,
    /\.update$/,
    /\.update_all/,
    /\.update_attribute/,
    /\.update_column/,
    /\.destroy[!\s(]/,
    /\.destroy$/,
    /\.destroy_all/,
    /\.delete[!\s(]/,
    /\.delete$/,
    /\.delete_all/,
    /\.create[!\s(]/,
    /\.create$/,
    /\.insert/,
    /\.upsert/,
    /ActiveRecord::Base\.connection\.execute/,
    /\.connection\.execute/
  ],
  dangerous_evals: [
    /\beval\s*\(/,
    /instance_eval/,
    /class_eval/,
    /module_eval/,
    /define_method/,
    /send\s*\(/,
    /__send__/,
    /public_send/,
    /method\s*\(/,
    /const_get/,
    /const_set/,
    /remove_const/,
    /class_variable_set/,
    /instance_variable_set/
  ],
  thread_operations: [
    /Thread\.new/,
    /Thread\.start/,
    /Thread\.fork/
  ]
}.freeze

Class Method Summary

• .validate(code) ⇒ Hash

  Validates the given code for security issues.

Class Method Details

.validate(code) ⇒ Hash

Validates the given code for security issues

Parameters:

• code (String) —

  The Ruby code to validate

Returns:

• (Hash) —

  Validation result with :valid and :errors keys

# File 'lib/the_mechanic_2/security_service.rb', line 99

def self.validate(code)
  return { valid: false, errors: ['Code cannot be empty'] } if code.nil? || code.strip.empty?
  
  errors = []
  
  FORBIDDEN_PATTERNS.each do |category, patterns|
    patterns.each do |pattern|
      if code.match?(pattern)
        errors << format_error(category, pattern, code)
      end
    end
  end
  
  {
    valid: errors.empty?,
    errors: errors
  }
end