forked from mtyaka/shikashi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
222 lines (147 loc) · 4.59 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
= Shikashi - A flexible sandbox for ruby
Shikashi is an sandbox for ruby that handles all ruby method calls executed in the interpreter to allow or deny
these calls depending on the receiver object, the method name, the source file from where the call was originated
and the source file where the called method is implemented.
The permissions for each sandboxed run is fully configurable and the implementation of the methods called from within
the sandbox can be replaced transparently
The implementation of shikashi is written in pure ruby and now implemented based in evalhook, (see http://tario.github.com/evalhook)
== Installation
=== Gem installation
Run in the terminal:
sudo gem install shikashi
OR
* Download the last version of the gem from http://github.com/tario/shikashi/downloads
* Install the gem with the following;
sudo gem install shikashi-X.X.X.gem.
=== Troubleshooting
ERROR: While executing gem ... (Gem::DependencyError)
Unable to resolve dependencies: ruby2ruby requires sexp_processor (~> 3.0); ruby_parser requires sexp_processor (~> 3.0)
The version of ruby2ruby and ruby_parser required depends on sexp_processor 3.X but for some reason this version of the gem
is not automatically installed by gem, you can workaround this issue by installing it before using:
gem install sexp_processor --version '~> 3.2'
== Documentation
Full API documentation can be found on:
http://tario.github.com/shikashi/doc/
== Usage
This examples and more can be found in examples directory
=== Basic Example
Hello world from a sandbox
require "rubygems"
require "shikashi"
include Shikashi
s = Sandbox.new
priv = Privileges.new
priv.allow_method :print
s.run(priv, 'print "hello world\n"')
=== Basic Example 2
Call external method from inside the sandbox
require "rubygems"
require "shikashi"
include Shikashi
def foo
# privileged code, can do any operation
print "foo\n"
end
s = Sandbox.new
priv = Privileges.new
# allow execution of foo in this object
priv.object(self).allow :foo
# allow execution of method :times on instances of Fixnum
priv.instances_of(Fixnum).allow :times
#inside the sandbox, only can use method foo on main and method times on instances of Fixnum
s.run(priv, "2.times do foo end")
=== Basic Example 3
Define a class outside the sandbox and use it in the sandbox
require "rubygems"
require "shikashi"
include Shikashi
s = Sandbox.new
priv = Privileges.new
# allow execution of print
priv.allow_method :print
class X
def foo
print "X#foo\n"
end
def bar
system("echo hello world") # accepted, called from privileged context
end
def privileged_operation( out )
# write to file specified in out
system("echo privileged operation > " + out)
end
end
# allow method new of class X
priv.object(X).allow :new
# allow instance methods of X. Note that the method privileged_operations is not allowed
priv.instances_of(X).allow :foo, :bar
priv.allow_method :=== # for exception handling
#inside the sandbox, only can use method foo on main and method times on instances of Fixnum
s.run(priv, '
x = X.new
x.foo
x.bar
begin
x.privileged_operation # FAIL
rescue SecurityError
print "privileged_operation failed due security error\n"
end
')
=== Basic Example 4
define a class from inside the sandbox and use it from outside
require "rubygems"
require "shikashi"
include Shikashi
s = Sandbox.new
priv = Privileges.new
# allow execution of print
priv.allow_method :print
#inside the sandbox, only can use method foo on main and method times on instances of Fixnum
s.run(priv, '
class X
def foo
print "X#foo\n"
end
def bar
system("ls -l")
end
end
')
x = s.base_namespace::X.new
x.foo
begin
x.bar
rescue SecurityError => e
print "x.bar failed due security errors: #{e}\n"
end
=== Base namespace
require "rubygems"
require "shikashi"
include Shikashi
class X
def foo
print "X#foo\n"
end
end
s = Sandbox.new
s.run( "
class X
def foo
print \"foo defined inside the sandbox\\n\"
end
end
", Privileges.allow_method(:print))
x = X.new # X class is not affected by the sandbox (The X Class defined in the sandbox is SandboxModule::X)
x.foo
x = s.base_namespace::X.new
x.foo
s.run("X.new.foo", Privileges.allow_method(:new).allow_method(:foo))
=== Timeout example
require "rubygems"
require "shikashi"
s = Shikashi::Sandbox.new
perm = Shikashi::Privileges.new
perm.allow_method :sleep
s.run(perm,"sleep 3", :timeout => 2) # raise Shikashi::Timeout::Error after 2 seconds
== Copying
Copyright (c) 2010-2011 Dario Seminara, released under the GPL License (see LICENSE)