dan
/
jekyll
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1657 from mojombo/safe-whitelist 

A gem-based plugin whitelist for `safe` mode
This commit is contained in:
Parker Moore 2013-12-07 21:41:55 -08:00
parent d4bbe3c997 e91db82d26
commit b58cd5c132
5 changed files with 76 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
features/site_configuration.feature
View File

@ -233,3 +233,26 @@ Feature: Site configuration
Then the _site directory should exist Then the _site directory should exist
And I should see "Whatever" in "_site/index.html" And I should see "Whatever" in "_site/index.html"
And I should see "this is a test" in "_site/test.txt" And I should see "this is a test" in "_site/test.txt"
Scenario: Add an empty whitelist to restrict all gems
Given I have an "index.html" file that contains "Whatever"
And I have a configuration file with:
| key | value |
| gems | [jekyll_test_plugin] |
| whitelist | [] |
When I run jekyll in safe mode
Then the _site directory should exist
And I should see "Whatever" in "_site/index.html"
And the "_site/test.txt" file should not exist
Scenario: Add a whitelist to restrict some gems but allow others
Given I have an "index.html" file that contains "Whatever"
And I have a configuration file with:
| key | value |
| gems | [jekyll_test_plugin, jekyll_test_plugin_malicious] |
| whitelist | [jekyll_test_plugin] |
When I run jekyll in safe mode
Then the _site directory should exist
And I should see "Whatever" in "_site/index.html"
And the "_site/test.txt" file should exist
And I should see "this is a test" in "_site/test.txt"

18
features/step_definitions/jekyll_steps.rb
View File

@ -1,9 +1,13 @@
Before do Before do
FileUtils.rm_rf(TEST_DIR)
FileUtils.mkdir(TEST_DIR) FileUtils.mkdir(TEST_DIR)
Dir.chdir(TEST_DIR) Dir.chdir(TEST_DIR)
end end
After do
FileUtils.rm_rf(TEST_DIR)
FileUtils.rm_rf(JEKYLL_COMMAND_OUTPUT_FILE)
end
World(Test::Unit::Assertions) World(Test::Unit::Assertions)
Given /^I have a blank site in "(.*)"$/ do |path| Given /^I have a blank site in "(.*)"$/ do |path|
@ -123,19 +127,23 @@ end
When /^I run jekyll$/ do When /^I run jekyll$/ do
run_jekyll run_jekyll_build
end
When /^I run jekyll in safe mode$/ do
run_jekyll_build("--safe")
end end
When /^I run jekyll with drafts$/ do When /^I run jekyll with drafts$/ do
run_jekyll(:drafts => true) run_jekyll_build("--drafts")
end end
When /^I call jekyll new with test_blank --blank$/ do When /^I call jekyll new with test_blank --blank$/ do
call_jekyll_new(:path => "test_blank", :blank => true) run_jekyll_new("test_blank --blank")
end end
When /^I debug jekyll$/ do When /^I debug jekyll$/ do
run_jekyll(:debug => true) run_jekyll_build("--verbose")
end end
When /^I change "(.*)" to contain "(.*)"$/ do |file, text| When /^I change "(.*)" to contain "(.*)"$/ do |file, text|

33
features/support/env.rb
View File

@ -10,22 +10,31 @@ require 'time'
TEST_DIR = File.join('/', 'tmp', 'jekyll') TEST_DIR = File.join('/', 'tmp', 'jekyll')
JEKYLL_PATH = File.join(File.dirname(__FILE__), '..', '..', 'bin', 'jekyll') JEKYLL_PATH = File.join(File.dirname(__FILE__), '..', '..', 'bin', 'jekyll')
JEKYLL_COMMAND_OUTPUT_FILE = File.join('/', 'tmp', 'jekyll_output.txt')
def run_jekyll(opts = {}) def jekyll_output_file
command = JEKYLL_PATH.clone JEKYLL_COMMAND_OUTPUT_FILE
command << " build" end
command << " --drafts" if opts[:drafts]
command << " >> /dev/null 2>&1" if opts[:debug].nil? def jekyll_run_output
File.read(jekyll_output_file)
end
def run_jekyll(args, output_file)
command = "#{JEKYLL_PATH} #{args} > #{jekyll_output_file} 2>&1"
system command system command
end end
def call_jekyll_new(opts = {}) def run_jekyll_build(build_args = "")
command = JEKYLL_PATH.clone if !run_jekyll("build #{build_args}", jekyll_output_file) || build_args.eql?("--verbose")
command << " new" puts jekyll_run_output
command << " #{opts[:path]}" if opts[:path] end
command << " --blank" if opts[:blank] end
command << " >> /dev/null 2>&1" if opts[:debug].nil?
system command def run_jekyll_new(new_args = "")
unless run_jekyll("new #{new_args}", jekyll_output_file)
puts jekyll_run_output
end
end end
def slug(title) def slug(title)

1
jekyll.gemspec
View File

@ -50,6 +50,7 @@ Gem::Specification.new do |s|
s.add_development_dependency('mime-types', "~> 1.5") s.add_development_dependency('mime-types', "~> 1.5")
s.add_development_dependency('activesupport', '~> 3.2.13') s.add_development_dependency('activesupport', '~> 3.2.13')
s.add_development_dependency('jekyll_test_plugin') s.add_development_dependency('jekyll_test_plugin')
s.add_development_dependency('jekyll_test_plugin_malicious')
# = MANIFEST = # = MANIFEST =
s.files = %w[ s.files = %w[

21
lib/jekyll/site.rb
View File

@ -77,11 +77,10 @@ module Jekyll
require f require f
end end
end end
self.gems.each do |gem|
require gem
end
end end
require_gems
self.converters = instantiate_subclasses(Jekyll::Converter) self.converters = instantiate_subclasses(Jekyll::Converter)
self.generators = instantiate_subclasses(Jekyll::Generator) self.generators = instantiate_subclasses(Jekyll::Generator)
end end
@ -97,6 +96,22 @@ module Jekyll
end end
end end
def require_gems
self.gems.each do |gem|
if plugin_allowed?(gem)
require gem
end
end
end
def plugin_allowed?(gem_name)
whitelist.include?(gem_name) || !self.safe
end
def whitelist
@whitelist ||= Array[self.config['whitelist']].flatten || []
end
# Internal: Setup the plugin search path # Internal: Setup the plugin search path
# #
# Returns an Array of plugin search paths # Returns an Array of plugin search paths