Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Allow per-class whitelisting of methods safe to expose through DRb #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Allow per-class whitelisting of methods safe to expose through DRb #50

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0be2422
Allows the optional declaration of a whitelist of methods to expose t…
mohamedhafez Sep 27, 2011
704c7a6
whoops, I was checking @front each time for the drb_safe_methods_list…
mohamedhafez Sep 29, 2011
96665e3
I was accidentally classifying private methods, protected methods,and…
mohamedhafez Oct 19, 2011
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 34 additions & 3 deletions lib/drb/drb.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1437,10 +1437,16 @@ def run
]

# Has a method been included in the list of insecure methods?
def insecure_method?(msg_id)
INSECURE_METHOD.include?(msg_id)
# Or, if a list of drb-safe methods has been defined for the
# front object, is this method not included in that list?
def insecure_method?(obj, msg_id)
INSECURE_METHOD.include?(msg_id) ||
(obj.public_methods.include?(:drb_safe_methods_list) &&
obj.public_methods.include?(msg_id) &&
!obj.drb_safe_methods_list.include?(msg_id))
end


# Coerce an object to a string, providing our own representation if
# to_s is not defined for the object.
def any_to_s(obj)
Expand All @@ -1460,7 +1466,7 @@ def any_to_s(obj)
def check_insecure_method(obj, msg_id)
return true if Proc === obj && msg_id == :__drb_yield
raise(ArgumentError, "#{any_to_s(msg_id)} is not a symbol") unless Symbol == msg_id.class
raise(SecurityError, "insecure method `#{msg_id}'") if insecure_method?(msg_id)
raise(SecurityError, "insecure method `#{msg_id}'") if insecure_method?(obj, msg_id)

if obj.private_methods.include?(msg_id)
desc = any_to_s(obj)
Expand Down Expand Up @@ -1768,6 +1774,31 @@ def fetch_server(uri)
module_function :fetch_server
end


# Declare a list of methods to expose to DRb
#
# Allows the optional declaration of a whitelist of methods to expose
# through DRb for any class DRb will be sharing an instance of. If
# drb_safe_methods is used, then any attempt to call a non-whitelisted
# method on that class through DRb will fail.
#
# EXAMPLE USAGE:
# def MyClass
# drb_safe_methods :method1, :method2
# end
#
# NOTE: if you are using irb as the client and :to_s isn't in the list,
# you will get a DRb::DRbConnError when you create the DRbObject, but only
# because irb calls to_s to display the result; the DRbObject is still
# usable.
class Class
def drb_safe_methods(*symbols)
define_method(:drb_safe_methods_list) do
symbols
end
end
end

# :stopdoc:
DRbObject = DRb::DRbObject
DRbUndumped = DRb::DRbUndumped
Expand Down