Module: Vizcore::SceneTrust

Defined in:: lib/vizcore/scene_trust.rb

Overview

Builds safety warnings for Ruby scene files, which execute as normal Ruby.

Class Method Summary collapse

.under?(path, root) ⇒ Boolean
.warning_for(scene_file, project_root: Dir.pwd) ⇒ String^?

Class Method Details

.under?(path, root) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/vizcore/scene_trust.rb', line 24

def under?(path, root)
  relative = path.relative_path_from(root)
  !relative.each_filename.first&.start_with?("..")
rescue ArgumentError
  false
end

.warning_for(scene_file, project_root: Dir.pwd) ⇒ `String`^?

Parameters:

scene_file (String, Pathname, nil)
project_root (String, Pathname) (defaults to: Dir.pwd)

Returns:

(String, nil)

# File 'lib/vizcore/scene_trust.rb', line 13

def warning_for(scene_file, project_root: Dir.pwd)
  return nil if scene_file.to_s.strip.empty?

  path = Pathname.new(scene_file).expand_path
  root = Pathname.new(project_root).expand_path
  return nil if under?(path, root)
  return nil if under?(path, Vizcore.root)

  "Scene files execute Ruby code. Review #{path} before running it, or pass --trust to suppress this warning."
end

Module: Vizcore::SceneTrust

Overview

Class Method Summary collapse

Class Method Details

.under?(path, root) ⇒ Boolean

.warning_for(scene_file, project_root: Dir.pwd) ⇒ String?

.under?(path, root) ⇒ `Boolean`

.warning_for(scene_file, project_root: Dir.pwd) ⇒ `String`^?