Project

General

Profile

Feature #5434 ยป 5434.patch

zzak (Zachary Scott), 11/19/2012 07:11 AM

View differences:

lib/drb/drb.rb
1437 1437
    ]
1438 1438

  
1439 1439
    # Has a method been included in the list of insecure methods?
1440
    # Or, if a list of drb-safe methods has been defined for the
1441
    # front object, is this method not included in that list?
1440 1442
    def insecure_method?(msg_id)
1441
      INSECURE_METHOD.include?(msg_id)
1443
      INSECURE_METHOD.include?(msg_id) ||
1444
        (@front.respond_to?(:drb_safe_methods_list) &&
1445
         !@front.drb_safe_methods_list.include?(msg_id))
1442 1446
    end
1443 1447

  
1444 1448
    # Coerce an object to a string, providing our own representation if
......
1768 1772
  module_function :fetch_server
1769 1773
end
1770 1774

  
1775

  
1776
# Declare a list of methods to expose to DRb
1777
#
1778
# Allows the optional declaration of a whitelist of methods to expose
1779
# through DRb for any class DRb will be sharing an instance of. If
1780
# drb_safe_methods is used, then any attempt to call a non-whitelisted
1781
# method on that class through DRb will fail.
1782
#
1783
# EXAMPLE USAGE:
1784
# def MyClass
1785
#   drb_safe_methods :method1, :method2
1786
# end
1787
#
1788
# NOTE: if you are using irb as the client and :to_s isn't in the list,
1789
# you will get a DRb::DRbConnError when you create the DRbObject, but only
1790
# because irb calls to_s to display the result; the DRbObject is still
1791
# usable.
1792
class Class
1793
  def drb_safe_methods(*symbols)
1794
    define_method(:drb_safe_methods_list) do
1795
      symbols
1796
    end
1797
  end
1798
end
1799

  
1771 1800
# :stopdoc:
1772 1801
DRbObject = DRb::DRbObject
1773 1802
DRbUndumped = DRb::DRbUndumped
1774
- 
lib/drb/drb.rb
1439 1439
    # Has a method been included in the list of insecure methods?
1440 1440
    # Or, if a list of drb-safe methods has been defined for the
1441 1441
    # front object, is this method not included in that list?
1442
    def insecure_method?(msg_id)
1442
    def insecure_method?(obj, msg_id)
1443 1443
      INSECURE_METHOD.include?(msg_id) ||
1444
        (@front.respond_to?(:drb_safe_methods_list) &&
1445
         !@front.drb_safe_methods_list.include?(msg_id))
1444
        (obj.respond_to?(:drb_safe_methods_list) &&
1445
         !obj.drb_safe_methods_list.include?(msg_id))
1446 1446
    end
1447 1447

  
1448

  
1448 1449
    # Coerce an object to a string, providing our own representation if
1449 1450
    # to_s is not defined for the object.
1450 1451
    def any_to_s(obj)
......
1464 1465
    def check_insecure_method(obj, msg_id)
1465 1466
      return true if Proc === obj && msg_id == :__drb_yield
1466 1467
      raise(ArgumentError, "#{any_to_s(msg_id)} is not a symbol") unless Symbol == msg_id.class
1467
      raise(SecurityError, "insecure method `#{msg_id}'") if insecure_method?(msg_id)
1468
      raise(SecurityError, "insecure method `#{msg_id}'") if insecure_method?(obj, msg_id)
1468 1469

  
1469 1470
      if obj.private_methods.include?(msg_id)
1470 1471
        desc = any_to_s(obj)
1471
- 
lib/drb/drb.rb
1441 1441
    # front object, is this method not included in that list?
1442 1442
    def insecure_method?(obj, msg_id)
1443 1443
      INSECURE_METHOD.include?(msg_id) ||
1444
        (obj.respond_to?(:drb_safe_methods_list) &&
1444
        (obj.public_methods.include?(:drb_safe_methods_list)  &&
1445
         obj.public_methods.include?(msg_id) &&
1445 1446
         !obj.drb_safe_methods_list.include?(msg_id))
1446 1447
    end
1447 1448

  
1448
-