Merge pull request #1657 from mojombo/safe-whitelist

A gem-based plugin whitelist for `safe` mode
2013-12-07 21:41:55 -08:00 · 2013-12-07 21:41:55 -08:00 · b58cd5c132
parent d4bbe3c997 e91db82d26
commit b58cd5c132
5 changed files with 76 additions and 20 deletions
--- a/features/site_configuration.feature
+++ b/features/site_configuration.feature
@ -233,3 +233,26 @@ Feature: Site configuration
    Then the _site directory should exist
    And I should see "Whatever" in "_site/index.html"
    And I should see "this is a test" in "_site/test.txt"
+
+  Scenario: Add an empty whitelist to restrict all gems
+    Given I have an "index.html" file that contains "Whatever"
+    And I have a configuration file with:
+      | key       | value |
+      | gems      | [jekyll_test_plugin] |
+      | whitelist | [] |
+    When I run jekyll in safe mode
+    Then the _site directory should exist
+    And I should see "Whatever" in "_site/index.html"
+    And the "_site/test.txt" file should not exist
+
+  Scenario: Add a whitelist to restrict some gems but allow others
+    Given I have an "index.html" file that contains "Whatever"
+    And I have a configuration file with:
+      | key       | value |
+      | gems      | [jekyll_test_plugin, jekyll_test_plugin_malicious] |
+      | whitelist | [jekyll_test_plugin] |
+    When I run jekyll in safe mode
+    Then the _site directory should exist
+    And I should see "Whatever" in "_site/index.html"
+    And the "_site/test.txt" file should exist
+    And I should see "this is a test" in "_site/test.txt"
--- a/features/step_definitions/jekyll_steps.rb
+++ b/features/step_definitions/jekyll_steps.rb
@ -1,9 +1,13 @@
 Before do
-  FileUtils.rm_rf(TEST_DIR)
  FileUtils.mkdir(TEST_DIR)
  Dir.chdir(TEST_DIR)
 end

+After do
+  FileUtils.rm_rf(TEST_DIR)
+  FileUtils.rm_rf(JEKYLL_COMMAND_OUTPUT_FILE)
+end
+
 World(Test::Unit::Assertions)

 Given /^I have a blank site in "(.*)"$/ do |path|
@ -123,19 +127,23 @@ end


 When /^I run jekyll$/ do
-  run_jekyll
+  run_jekyll_build
+end
+
+When /^I run jekyll in safe mode$/ do
+  run_jekyll_build("--safe")
 end

 When /^I run jekyll with drafts$/ do
-  run_jekyll(:drafts => true)
+  run_jekyll_build("--drafts")
 end

 When /^I call jekyll new with test_blank --blank$/ do
-  call_jekyll_new(:path => "test_blank", :blank => true)
+  run_jekyll_new("test_blank --blank")
 end

 When /^I debug jekyll$/ do
-  run_jekyll(:debug => true)
+  run_jekyll_build("--verbose")
 end

 When /^I change "(.*)" to contain "(.*)"$/ do |file, text|
--- a/features/support/env.rb
+++ b/features/support/env.rb
@ -10,22 +10,31 @@ require 'time'

 TEST_DIR    = File.join('/', 'tmp', 'jekyll')
 JEKYLL_PATH = File.join(File.dirname(__FILE__), '..', '..', 'bin', 'jekyll')
+JEKYLL_COMMAND_OUTPUT_FILE = File.join('/', 'tmp', 'jekyll_output.txt')

-def run_jekyll(opts = {})
-  command = JEKYLL_PATH.clone
-  command << " build"
-  command << " --drafts" if opts[:drafts]
-  command << " >> /dev/null 2>&1" if opts[:debug].nil?
+def jekyll_output_file
+  JEKYLL_COMMAND_OUTPUT_FILE
+end
+
+def jekyll_run_output
+  File.read(jekyll_output_file)
+end
+
+def run_jekyll(args, output_file)
+  command = "#{JEKYLL_PATH} #{args} > #{jekyll_output_file} 2>&1"
  system command
 end

-def call_jekyll_new(opts = {})
-  command = JEKYLL_PATH.clone
-  command << " new"
-  command << " #{opts[:path]}" if opts[:path]
-  command << " --blank" if opts[:blank]
-  command << " >> /dev/null 2>&1" if opts[:debug].nil?
-  system command
+def run_jekyll_build(build_args = "")
+  if !run_jekyll("build #{build_args}", jekyll_output_file) || build_args.eql?("--verbose")
+    puts jekyll_run_output
+  end
+end
+
+def run_jekyll_new(new_args = "")
+  unless run_jekyll("new #{new_args}", jekyll_output_file)
+    puts jekyll_run_output
+  end
 end

 def slug(title)
--- a/jekyll.gemspec
+++ b/jekyll.gemspec
@ -50,6 +50,7 @@ Gem::Specification.new do |s|
  s.add_development_dependency('mime-types', "~> 1.5")
  s.add_development_dependency('activesupport', '~> 3.2.13')
  s.add_development_dependency('jekyll_test_plugin')
+  s.add_development_dependency('jekyll_test_plugin_malicious')

  # = MANIFEST =
  s.files = %w[
--- a/lib/jekyll/site.rb
+++ b/lib/jekyll/site.rb
@ -77,11 +77,10 @@ module Jekyll
              require f
            end
        end
-        self.gems.each do |gem|
-          require gem
-        end
      end

+      require_gems
+
      self.converters = instantiate_subclasses(Jekyll::Converter)
      self.generators = instantiate_subclasses(Jekyll::Generator)
    end
@ -97,6 +96,22 @@ module Jekyll
      end
    end

+    def require_gems
+      self.gems.each do |gem|
+        if plugin_allowed?(gem)
+          require gem
+        end
+      end
+    end
+
+    def plugin_allowed?(gem_name)
+      whitelist.include?(gem_name) || !self.safe
+    end
+
+    def whitelist
+      @whitelist ||= Array[self.config['whitelist']].flatten || []
+    end
+
    # Internal: Setup the plugin search path
    #
    # Returns an Array of plugin search paths