Class: Legion::Extensions::Exec::Helpers::Sandbox

Inherits:

Object

• Object
• Legion::Extensions::Exec::Helpers::Sandbox

Defined in:

lib/legion/extensions/exec/helpers/sandbox.rb

Instance Method Summary

• #allowed?(command) ⇒ Boolean
• #initialize(allowed_commands: Helpers::Constants::ALLOWED_COMMANDS, blocked_patterns: Helpers::Constants::BLOCKED_PATTERNS) ⇒ Sandbox constructor

  A new instance of Sandbox.

• #sanitize(command) ⇒ Object

Constructor Details

#initialize(allowed_commands: Helpers::Constants::ALLOWED_COMMANDS, blocked_patterns: Helpers::Constants::BLOCKED_PATTERNS) ⇒ Sandbox

Returns a new instance of Sandbox.

# File 'lib/legion/extensions/exec/helpers/sandbox.rb', line 8

def initialize(allowed_commands: Helpers::Constants::ALLOWED_COMMANDS,
               blocked_patterns: Helpers::Constants::BLOCKED_PATTERNS)
  @allowed_commands = allowed_commands
  @blocked_patterns = blocked_patterns
end

Instance Method Details

#allowed?(command) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/legion/extensions/exec/helpers/sandbox.rb', line 14

def allowed?(command)
  base = base_command(command)

  return { allowed: false, reason: "command '#{base}' is not in the allowlist" } unless @allowed_commands.include?(base)

  @blocked_patterns.each do |pattern|
    return { allowed: false, reason: "command matches blocked pattern: #{pattern.source}" } if pattern.match?(command)
  end

  { allowed: true, reason: nil }
end

#sanitize(command) ⇒ Object

# File 'lib/legion/extensions/exec/helpers/sandbox.rb', line 26

def sanitize(command)
  command.gsub(/[`$()]/, '')
end