diff options
author | ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-06-24 19:23:24 +0000 |
---|---|---|
committer | ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-06-24 19:23:24 +0000 |
commit | e7beb46b822b527f70eb12ee6783dd38dde9d766 (patch) | |
tree | c1455cc27728e449a71956d95c6fdaf0c541f9e3 /eval_safe.ci | |
parent | efe27762873b0aaab265ff645251bbffe2838554 (diff) | |
download | ruby-e7beb46b822b527f70eb12ee6783dd38dde9d766.tar.gz ruby-e7beb46b822b527f70eb12ee6783dd38dde9d766.tar.xz ruby-e7beb46b822b527f70eb12ee6783dd38dde9d766.zip |
* eval_*.h: rename to eval_*.ci.
* common.mk: ditto.
* eval_error.ci: remove ruby_set_current_source().
* error.c, eval.c, ruby.c: ditto.
* eval_safe.c, proc.c: remove unused macros.
git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@12607 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'eval_safe.ci')
-rw-r--r-- | eval_safe.ci | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/eval_safe.ci b/eval_safe.ci new file mode 100644 index 000000000..aef5767da --- /dev/null +++ b/eval_safe.ci @@ -0,0 +1,109 @@ +/* + * This file is included by eval.c + */ + +/* safe-level: + 0 - strings from streams/environment/ARGV are tainted (default) + 1 - no dangerous operation by tainted value + 2 - process/file operations prohibited + 3 - all generated objects are tainted + 4 - no global (non-tainted) variable modification/no direct output +*/ + +#define SAFE_LEVEL_MAX 4 + +int +rb_safe_level(void) +{ + return GET_THREAD()->safe_level; +} + +void +rb_set_safe_level_force(int safe) +{ + GET_THREAD()->safe_level = safe; +} + +/* $SAFE accessor */ +void +rb_set_safe_level(int level) +{ + rb_thread_t *th = GET_THREAD(); + + if (level > th->safe_level) { + if (level > SAFE_LEVEL_MAX) { + level = SAFE_LEVEL_MAX; + } + th->safe_level = level; + } +} + +static VALUE +safe_getter(void) +{ + return INT2NUM(rb_safe_level()); +} + +static void +safe_setter(VALUE val) +{ + int level = NUM2INT(val); + rb_thread_t *th = GET_THREAD(); + + if (level < th->safe_level) { + rb_raise(rb_eSecurityError, + "tried to downgrade safe level from %d to %d", + th->safe_level, level); + } + if (level > SAFE_LEVEL_MAX) { + level = SAFE_LEVEL_MAX; + } + th->safe_level = level; +} + +void +rb_secure(int level) +{ + if (level <= rb_safe_level()) { + if (rb_frame_callee()) { + rb_raise(rb_eSecurityError, "Insecure operation `%s' at level %d", + rb_id2name(rb_frame_callee()), rb_safe_level()); + } + else { + rb_raise(rb_eSecurityError, "Insecure operation at level %d", + rb_safe_level()); + } + } +} + +void +rb_secure_update(VALUE obj) +{ + if (!OBJ_TAINTED(obj)) + rb_secure(4); +} + +void +rb_check_safe_obj(VALUE x) +{ + if (rb_safe_level() > 0 && OBJ_TAINTED(x)) { + if (rb_frame_callee()) { + rb_raise(rb_eSecurityError, "Insecure operation - %s", + rb_id2name(rb_frame_callee())); + } + else { + rb_raise(rb_eSecurityError, "Insecure operation: -r"); + } + } + rb_secure(4); +} + +void +rb_check_safe_str(VALUE x) +{ + rb_check_safe_obj(x); + if (TYPE(x) != T_STRING) { + rb_raise(rb_eTypeError, "wrong argument type %s (expected String)", + rb_obj_classname(x)); + } +} |