Sha256: 4bcce90d42c284bee2365a4ce384e39b9d76c6e4cce7a58c842fd629557809aa
Contents?: true
Size: 780 Bytes
Versions: 5
Compression:
Stored size: 780 Bytes
Contents
# frozen_string_literal: true
module Toycol
module Helper
private
def safe_execution!(&block)
safe_executionable_tp.enable(&block)
end
def safe_executionable_tp
@safe_executionable_tp ||= TracePoint.new(:script_compiled) do |tp|
if tp.binding.receiver == Toycol::Protocol && tp.method_id.to_s.match?(unauthorized_methods_regex)
raise Toycol::UnauthorizedMethodError, <<~ERROR
- Unauthorized method was called!
You can't use methods that may cause injections in your protocol.
Ex. Kernel.#eval, Kernel.#exec, Kernel.#require and so on.
ERROR
end
end
end
def unauthorized_methods_regex
/(.*eval|.*exec|`.+|%x\(|system|open|require|load)/
end
end
end
Version data entries
5 entries across 5 versions & 1 rubygems
| Version | Path |
|---|---|
| toycol-0.3.0 | lib/toycol/helper.rb |
| toycol-0.2.2 | lib/toycol/helper.rb |
| toycol-0.2.1 | lib/toycol/helper.rb |
| toycol-0.2.0 | lib/toycol/helper.rb |
| toycol-0.1.0 | lib/toycol/helper.rb |