Skip to content

Commit

Permalink
Remove trailing whitespace
Browse files Browse the repository at this point in the history
  • Loading branch information
@ekohl
ekohl committed Nov 22, 2022
1 parent 73c2e1d commit aa37ed6
Show file tree
Hide file tree
Showing 9 changed files with 62 additions and 62 deletions.
2 changes: 1 addition & 1 deletion lib/action_view/template_handlers/safe_haml.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ module TemplateHandlers
class SafeHaml < TemplateHandler
include Compilable rescue nil # does not exist prior Rails 2.1
extend SafemodeHandler

def self.line_offset
3
end
Expand Down
10 changes: 5 additions & 5 deletions lib/action_view/template_handlers/safemode_handler.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,23 @@ module SafemodeHandler
def valid_assigns(assigns)
assigns = assigns.reject{|key, value| skip_assigns.include?(key) }
end

def delegate_methods(view)
[ :render, :params, :flash ] +
helper_methods(view) +
[ :render, :params, :flash ] +
helper_methods(view) +
ActionController::Routing::Routes.named_routes.helpers
end

def helper_methods(view)
view.class.included_modules.collect {|m| m.instance_methods(false) }.flatten.map(&:to_sym)
end

def skip_assigns
[ "_cookies", "_flash", "_headers", "_params", "_request",
"_response", "_session", "before_filter_chain_aborted",
"ignore_missing_templates", "logger", "request_origin",
"template", "template_class", "url", "variables_added",
"view_paths" ]
"view_paths" ]
end
end
end
Expand Down
22 changes: 11 additions & 11 deletions lib/haml/safemode.rb
View file
Original file line number Diff line number Diff line change
@@ -1,40 +1,40 @@
require 'haml'

module Haml
module Haml
class Buffer
class Jail < Safemode::Jail
allow :push_script, :push_text, :_hamlout, :open_tag
end
end
end

module Haml
module Haml
class Engine
def precompile_for_safemode(filename, ignore_assigns = [], delegate_methods = [])
def precompile_for_safemode(filename, ignore_assigns = [], delegate_methods = [])
@precompiled.gsub!('\\','\\\\\\') # backslashes would disappear in compile_template/modul_eval, so we escape them
<<-CODE

<<-CODE
buffer = Haml::Buffer.new(#{options_for_buffer.inspect})
local_assigns = local_assigns.merge :_hamlout => buffer
handler = ActionView::TemplateHandlers::SafeHaml
assigns = handler.valid_assigns(@template.assigns)
methods = handler.delegate_methods(self)
code = %Q(#{code});
box = Safemode::Box.new(self, methods, #{filename.inspect}, 0)
box.eval(code, assigns, local_assigns, &lambda{ yield })
buffer.buffer
box.eval(code, assigns, local_assigns, &lambda{ yield })
buffer.buffer
CODE

# preamble = "buffer = Haml::Buffer.new(#{options_for_buffer.inspect})
# local_assigns = local_assigns.merge :_hamlout => buffer
# assigns = @template.assigns.reject{|key, value| #{ignore_assigns.inspect}.include?(key) };".gsub("\n", ';')
#
#
# postamble = "box = Safemode::Box.new(self, #{delegate_methods.inspect})
# box.eval(code, assigns, local_assigns, &lambda{ yield })
# buffer.buffer".gsub("\n", ';')
#
#
# preamble + "code = %Q(#{@precompiled});" + postamble
end
end
Expand Down
12 changes: 6 additions & 6 deletions lib/safemode.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ class << self
def jail(obj)
find_jail_class(obj.is_a?(Class) ? obj : obj.class).new obj
end

def find_jail_class(klass)
while klass != Object
return klass.const_get('Jail') if klass.const_defined?('Jail')
Expand All @@ -35,24 +35,24 @@ def find_jail_class(klass)
Jail
end
end

define_core_jail_classes

class Box
def initialize(delegate = nil, delegate_methods = [], filename = nil, line = nil)
@scope = Scope.new(delegate, delegate_methods)
@filename = filename
@line = line
end
end

def eval(code, assigns = {}, locals = {}, &block)
code = Parser.jail(code)
binding = @scope.bind(assigns, locals, &block)
result = Kernel.eval(code, binding, @filename || __FILE__, @line || __LINE__)
end

def output
@scope.output
end
end
end
end
8 changes: 4 additions & 4 deletions lib/safemode/core_ext.rb
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
module Kernel
module Kernel
def silently(&blk)
old_verbose, $VERBOSE = $VERBOSE, nil
yield
$VERBOSE = old_verbose
end
end
end

class Module
class Module
def undef_methods(*methods)
methods.each { |name| undef_method(name) }
end
Expand All @@ -29,7 +29,7 @@ def to_jail
# Safemode.jail collect{ |obj| obj.to_jail }
# end
# end
#
#
# class Hash
# def to_jail
# hash = {}
Expand Down
6 changes: 3 additions & 3 deletions lib/safemode/exceptions.rb
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
module Safemode
class Error < RuntimeError; end

class SecurityError < Error
@@types = { :const => 'constant',
:xstr => 'shell command',
:fcall => 'method',
:vcall => 'method',
:gvar => 'global variable' }

def initialize(type, value = nil)
type = @@types[type] if @@types.include?(type)
super "Safemode doesn't allow to access '#{type}'" + (value ? " on #{value}" : '')
end
end

class NoMethodError < Error
def initialize(method, jail, source = nil)
super "undefined method '#{method}' for #{jail}" + (source ? " (#{source})" : '')
Expand Down
22 changes: 11 additions & 11 deletions lib/safemode/scope.rb
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
module Safemode
class Scope < Blankslate
def initialize(delegate = nil, delegate_methods = [])
@delegate = delegate
@delegate = delegate
@delegate_methods = delegate_methods
@locals = {}
end

def bind(instance_vars = {}, locals = {}, &block)
@locals = symbolize_keys(locals) # why can't I just pull them to local scope in the same way like instance_vars?
instance_vars = symbolize_keys(instance_vars)
instance_vars.each {|key, obj| eval "@#{key} = instance_vars[:#{key}]" }
@_safemode_output = ''
binding
end

def to_jail
self
end

def puts(*args)
print args.to_s + "\n"
end

def print(*args)
def print(*args)
@_safemode_output += args.to_s
end

def output
@_safemode_output
end
Expand All @@ -39,18 +39,18 @@ def method_missing(method, *args, &block)
raise Safemode::SecurityError.new(method, "#<Safemode::ScopeObject>")
end
end

private

def symbolize_keys(hash)
hash.inject({}) do |hash, (key, value)|
hash.inject({}) do |hash, (key, value)|
hash[key.to_s.intern] = value
hash
end
end

def unjail_args(args)
args.collect do |arg|
args.collect do |arg|
arg.class.name =~ /::Jail$/ ? arg.instance_variable_get(:@source) : arg
end
end
Expand Down
26 changes: 13 additions & 13 deletions test/test_erb_eval.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

class TestERBEval < Test::Unit::TestCase
include TestHelper

def setup
@box = Safemode::Box.new
@locals = { :article => Article.new }
Expand All @@ -18,45 +18,45 @@ def test_some_stuff_that_should_work
assert_nothing_raised{ @box.eval code }
end
end

def test_should_turn_assigns_to_jails
assert_raise_no_method "@article.system", @assigns, &@erb_parse
end

def test_should_turn_locals_to_jails
code = @erb_parse.call "article.system"
assert_raise(Safemode::NoMethodError){ @box.eval code, {}, @locals }
end

def test_should_allow_method_access_on_assigns
code = @erb_parse.call "@article.title"
assert_nothing_raised{ @box.eval code, @assigns }
end

def test_should_allow_method_access_on_locals
code = @erb_parse.call "article.title"
assert_nothing_raised{ @box.eval code, {}, @locals }
end

def test_should_not_raise_on_if_using_return_values
code = @erb_parse.call "if @article.is_article?\n 1\n end"
assert_nothing_raised{ @box.eval code, @assigns }
end

def test_should_work_with_if_using_return_values
code = @erb_parse.call "if @article.is_article? then 1 end"
assert_equal @box.eval(code, @assigns), "1" # ERB calls to_s on the result of the if block
end

def test__FILE__should_not_render_filename
code = @erb_parse.call "__FILE__"
assert_equal '(string)', @box.eval(code)
end

def test_interpolated_xstr_should_raise_security
assert_raise_security '"#{`ls -a`}"'
end
end

TestHelper.no_method_error_raising_calls.each do |call|
call.gsub!('"', '\\\\"')
class_eval %Q(
Expand All @@ -65,14 +65,14 @@ def test_calling_#{call.gsub(/[\W]/, '_')}_should_raise_no_method
end
)
end

TestHelper.security_error_raising_calls.each do |call|
call.gsub!('"', '\\\\"')
class_eval %Q(
def test_calling_#{call.gsub(/[\W]/, '_')}_should_raise_security
assert_raise_security "#{call}", @assigns, @locals
end
)
end
end

end
16 changes: 8 additions & 8 deletions test/test_safemode_parser.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,23 @@ class TestSafemodeParser < Test::Unit::TestCase
def test_vcall_should_be_jailed
assert_jailed 'to_jail.a.to_jail.class', 'a.class'
end

def test_call_should_be_jailed
assert_jailed '(1.to_jail + 1).to_jail.class', '(1 + 1).class'
end

def test_estr_should_be_jailed
assert_jailed '"#{1.to_jail.class}"', '"#{1.class}"'
end

def test_if_should_be_usable_for_erb
assert_jailed "if true then\n 1\nend", "if true\n 1\n end"
end

def test_if_else_should_be_usable_for_erb
assert_jailed "if true then\n 1\n else\n2\nend", "if true\n 1\n else\n2\n end"
end

def test_ternary_should_be_usable_for_erb
assert_jailed "if true then\n 1\n else\n2\nend", "true ? 1 : 2"
end
Expand All @@ -38,11 +38,11 @@ def test_block_pass_is_disabled
end

private

def assert_jailed(expected, code)
assert_equal expected.gsub(' ', ''), jail(code).gsub(' ', '')
end
end

def jail(code)
Safemode::Parser.jail(code)
end
Expand Down

0 comments on commit aa37ed6

Please sign in to comment.