Created
June 18, 2010 00:33
-
-
Save nicksieger/443025 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package demo; | |
| import java.io.FileInputStream; | |
| import java.io.IOException; | |
| import org.jruby.Ruby; | |
| import org.jruby.embed.LocalContextScope; | |
| import org.jruby.embed.ScriptingContainer; | |
| import org.jruby.runtime.ThreadContext; | |
| import org.jruby.runtime.Frame; | |
| import org.jruby.embed.EmbedEvalUnit; | |
| public class CustomMain { | |
| private ScriptingContainer container = new ScriptingContainer(LocalContextScope.THREADSAFE); | |
| public void run(String[] args) throws IOException { | |
| EmbedEvalUnit unit = container.parse(new FileInputStream(args[0]), args[0]); | |
| System.setSecurityManager(new ScriptSecurityManager()); | |
| unit.run(); | |
| } | |
| public static void main(String[] args) { | |
| try { | |
| new CustomMain().run(args); | |
| } catch (Exception e) { | |
| e.printStackTrace(); | |
| } | |
| } | |
| private class ScriptSecurityManager extends SecurityManager { | |
| public void checkRead(String file) { | |
| Ruby runtime = container.getProvider().getRuntime(); | |
| ThreadContext context = runtime.getCurrentContext(); | |
| Frame[] frames = context.createBacktrace(0, false); | |
| for (int i = 0; i < frames.length; i++) { | |
| if (frames[i].getFile().indexOf("hack") != -1) { | |
| throw new SecurityException("read not allowed"); | |
| } | |
| } | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| puts File.read(__FILE__) | |
| puts "I'm able to read" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| puts File.read(__FILE__) | |
| puts "I'm able to read" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ javac -d . -cp lib/jruby.jar CustomMain.java | |
| $ java -cp lib/jruby.jar:. demo.CustomMain good.rb | |
| puts File.read(__FILE__) | |
| puts "I'm able to read" | |
| I'm able to read | |
| $ java -cp lib/jruby.jar:. demo.CustomMain hack.rb | |
| java.lang.SecurityException: read not allowed | |
| at demo.CustomMain$ScriptSecurityManager.checkRead(CustomMain.java:37) | |
| at java.io.File.exists(File.java:731) | |
| at org.jruby.RubyFile.fopen(RubyFile.java:613) | |
| at org.jruby.RubyFile.openInternal(RubyFile.java:542) | |
| at org.jruby.RubyFile.openFile(RubyFile.java:504) | |
| at org.jruby.RubyFile.initialize(RubyFile.java:417) | |
| at org.jruby.RubyFile$i_method_0_2$RUBYFRAMEDINVOKER$initialize.call(org/jruby/RubyFile$i_method_0_2$RUBYFRAMEDINVOKER$initialize.gen:65535) | |
| at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:273) | |
| at org.jruby.runtime.callsite.CachingCallSite.callBlock(CachingCallSite.java:81) | |
| at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:86) | |
| at org.jruby.RubyClass.newInstance(RubyClass.java:759) | |
| at org.jruby.RubyIO.open(RubyIO.java:1072) | |
| at org.jruby.RubyKernel.open(RubyKernel.java:284) | |
| at org.jruby.RubyIO.newFile(RubyIO.java:3277) | |
| at org.jruby.RubyIO.read(RubyIO.java:3295) | |
| at org.jruby.RubyIO$s_method_multi$RUBYINVOKER$read.call(org/jruby/RubyIO$s_method_multi$RUBYINVOKER$read.gen:65535) | |
| at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:319) | |
| at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:313) | |
| at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:152) | |
| at org.jruby.ast.CallOneArgNode.interpret(CallOneArgNode.java:57) | |
| at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36) | |
| at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104) | |
| at org.jruby.ast.BlockNode.interpret(BlockNode.java:71) | |
| at org.jruby.ast.RootNode.interpret(RootNode.java:129) | |
| at org.jruby.Ruby.runInterpreter(Ruby.java:707) | |
| at org.jruby.embed.internal.EmbedEvalUnitImpl.run(EmbedEvalUnitImpl.java:119) | |
| at demo.CustomMain.run(CustomMain.java:19) | |
| at demo.CustomMain.main(CustomMain.java:24) | |
| org.jruby.embed.EvalFailedException: java.lang.SecurityException: read not allowed | |
| at org.jruby.embed.internal.EmbedEvalUnitImpl.run(EmbedEvalUnitImpl.java:141) | |
| at demo.CustomMain.run(CustomMain.java:19) | |
| at demo.CustomMain.main(CustomMain.java:24) | |
| Caused by: java.lang.SecurityException: read not allowed | |
| at demo.CustomMain$ScriptSecurityManager.checkRead(CustomMain.java:37) | |
| at java.io.File.exists(File.java:731) | |
| at org.jruby.RubyFile.fopen(RubyFile.java:613) | |
| at org.jruby.RubyFile.openInternal(RubyFile.java:542) | |
| at org.jruby.RubyFile.openFile(RubyFile.java:504) | |
| at org.jruby.RubyFile.initialize(RubyFile.java:417) | |
| at org.jruby.RubyFile$i_method_0_2$RUBYFRAMEDINVOKER$initialize.call(org/jruby/RubyFile$i_method_0_2$RUBYFRAMEDINVOKER$initialize.gen:65535) | |
| at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:273) | |
| at org.jruby.runtime.callsite.CachingCallSite.callBlock(CachingCallSite.java:81) | |
| at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:86) | |
| at org.jruby.RubyClass.newInstance(RubyClass.java:759) | |
| at org.jruby.RubyIO.open(RubyIO.java:1072) | |
| at org.jruby.RubyKernel.open(RubyKernel.java:284) | |
| at org.jruby.RubyIO.newFile(RubyIO.java:3277) | |
| at org.jruby.RubyIO.read(RubyIO.java:3295) | |
| at org.jruby.RubyIO$s_method_multi$RUBYINVOKER$read.call(org/jruby/RubyIO$s_method_multi$RUBYINVOKER$read.gen:65535) | |
| at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:319) | |
| at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:313) | |
| at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:152) | |
| at org.jruby.ast.CallOneArgNode.interpret(CallOneArgNode.java:57) | |
| at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36) | |
| at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:104) | |
| at org.jruby.ast.BlockNode.interpret(BlockNode.java:71) | |
| at org.jruby.ast.RootNode.interpret(RootNode.java:129) | |
| at org.jruby.Ruby.runInterpreter(Ruby.java:707) | |
| at org.jruby.embed.internal.EmbedEvalUnitImpl.run(EmbedEvalUnitImpl.java:119) | |
| ... 2 more |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment