diff options
| author | ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-09-23 01:10:02 +0000 |
|---|---|---|
| committer | ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-09-23 01:10:02 +0000 |
| commit | 7440ec27fd23fc725c35049a1aea5bdc4fe9a7b3 (patch) | |
| tree | 529d40fb8489cb9708bb9a1368cbe2ce4492ebd7 /safe.c | |
| parent | 8cd252ac6f3fd2d2eb3524880bf45767490bed70 (diff) | |
* eval_safe.c, safe.c: rename eval_safe.c to safe.c.
* common.mk, eval.c, safe.c, inits.c: separate safe.c from eval.c and
make Init_safe().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@19467 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'safe.c')
| -rw-r--r-- | safe.c | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/safe.c b/safe.c new file mode 100644 index 0000000000..e351579132 --- /dev/null +++ b/safe.c @@ -0,0 +1,126 @@ +/********************************************************************** + + eval.c - + + $Author$ + created at: Tue Sep 23 09:44:32 JST 2008 + + Copyright (C) 2008 Yukihiro Matsumoto + +**********************************************************************/ + +/* safe-level: + 0 - strings from streams/environment/ARGV are tainted (default) + 1 - no dangerous operation by tainted value + 2 - process/file operations prohibited + 3 - all generated objects are tainted + 4 - no global (non-tainted) variable modification/no direct output +*/ + +#define SAFE_LEVEL_MAX 4 + +#include "ruby/ruby.h" +#include "vm_core.h" + +/* $SAFE accessor */ + +int +rb_safe_level(void) +{ + return GET_THREAD()->safe_level; +} + +void +rb_set_safe_level_force(int safe) +{ + GET_THREAD()->safe_level = safe; +} + +void +rb_set_safe_level(int level) +{ + rb_thread_t *th = GET_THREAD(); + + if (level > th->safe_level) { + if (level > SAFE_LEVEL_MAX) { + level = SAFE_LEVEL_MAX; + } + th->safe_level = level; + } +} + +static VALUE +safe_getter(void) +{ + return INT2NUM(rb_safe_level()); +} + +static void +safe_setter(VALUE val) +{ + int level = NUM2INT(val); + rb_thread_t *th = GET_THREAD(); + + if (level < th->safe_level) { + rb_raise(rb_eSecurityError, + "tried to downgrade safe level from %d to %d", + th->safe_level, level); + } + if (level > SAFE_LEVEL_MAX) { + level = SAFE_LEVEL_MAX; + } + th->safe_level = level; +} + +void +rb_secure(int level) +{ + if (level <= rb_safe_level()) { + if (rb_frame_callee()) { + rb_raise(rb_eSecurityError, "Insecure operation `%s' at level %d", + rb_id2name(rb_frame_callee()), rb_safe_level()); + } + else { + rb_raise(rb_eSecurityError, "Insecure operation at level %d", + rb_safe_level()); + } + } +} + +void +rb_secure_update(VALUE obj) +{ + if (!OBJ_TAINTED(obj)) + rb_secure(4); +} + +void +rb_check_safe_obj(VALUE x) +{ + if (rb_safe_level() > 0 && OBJ_TAINTED(x)) { + if (rb_frame_callee()) { + rb_raise(rb_eSecurityError, "Insecure operation - %s", + rb_id2name(rb_frame_callee())); + } + else { + rb_raise(rb_eSecurityError, "Insecure operation: -r"); + } + } + rb_secure(4); +} + +void +rb_check_safe_str(VALUE x) +{ + rb_check_safe_obj(x); + if (TYPE(x) != T_STRING) { + rb_raise(rb_eTypeError, "wrong argument type %s (expected String)", + rb_obj_classname(x)); + } +} + +void +Init_safe(void) +{ + rb_define_virtual_variable("$SAFE", safe_getter, safe_setter); +} |