🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

shikashi

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

shikashi

bundlerRubygems
Version
0.6.0
Version published
Maintainers
1
Created
Source

= Shikashi - A flexible sandbox for ruby

Shikashi is an sandbox for ruby that handles all ruby method calls executed in the interpreter to allow or deny these calls depending on the receiver object, the method name, the source file from where the call was originated and the source file where the called method is implemented.

The permissions for each sandboxed run is fully configurable and the implementation of the methods called from within the sandbox can be replaced transparently

The implementation of shikashi is written in pure ruby and now implemented based in evalhook, (see http://tario.github.com/evalhook)

== Installation

=== Gem installation

Run in the terminal:

sudo gem install shikashi

OR

sudo gem install shikashi-X.X.X.gem.

=== Troubleshooting

ERROR: While executing gem ... (Gem::DependencyError) Unable to resolve dependencies: ruby2ruby requires sexp_processor (> 3.0); ruby_parser requires sexp_processor (> 3.0)

The version of ruby2ruby and ruby_parser required depends on sexp_processor 3.X but for some reason this version of the gem is not automatically installed by gem, you can workaround this issue by installing it before using:

gem install sexp_processor --version '~> 3.2'

== Documentation

Full API documentation can be found on: http://tario.github.com/shikashi/doc/

== Usage

This examples and more can be found in examples directory

=== Basic Example

Hello world from a sandbox

require "rubygems"
require "shikashi"

include Shikashi

s = Sandbox.new
priv = Privileges.new
priv.allow_method :print

s.run(priv, 'print "hello world\n"')

=== Basic Example 2

Call external method from inside the sandbox

require "rubygems"
require "shikashi"

include Shikashi

def foo
	# privileged code, can do any operation
	print "foo\n"
end

s = Sandbox.new
priv = Privileges.new

# allow execution of foo in this object
priv.object(self).allow :foo

# allow execution of method :times on instances of Fixnum
priv.instances_of(Fixnum).allow :times

#inside the sandbox, only can use method foo on main and method times on instances of Fixnum
s.run(priv, "2.times do foo end")

=== Basic Example 3

Define a class outside the sandbox and use it in the sandbox

require "rubygems"
require "shikashi"

include Shikashi

s = Sandbox.new
priv = Privileges.new

# allow execution of print
priv.allow_method :print

class X
	def foo
		print "X#foo\n"
	end

	def bar
		system("echo hello world") # accepted, called from privileged context
	end

	def privileged_operation( out )
		# write to file specified in out
		system("echo privileged operation > " + out)
	end
end
# allow method new of class X
priv.object(X).allow :new

# allow instance methods of X. Note that the method privileged_operations is not allowed
priv.instances_of(X).allow :foo, :bar

priv.allow_method :=== # for exception handling
#inside the sandbox, only can use method foo on main and method times on instances of Fixnum
s.run(priv, '
x = X.new
x.foo
x.bar

begin
x.privileged_operation # FAIL
rescue SecurityError
print "privileged_operation failed due security error\n"
end
')

=== Basic Example 4

define a class from inside the sandbox and use it from outside

require "rubygems"
require "shikashi"

include Shikashi

s = Sandbox.new
priv = Privileges.new

# allow execution of print
priv.allow_method :print

#inside the sandbox, only can use method foo on main and method times on instances of Fixnum
s.run(priv, '
class X
	def foo
		print "X#foo\n"
	end

	def bar
		system("ls -l")
	end
end
')

x = s.base_namespace::X.new
x.foo
begin
	x.bar
rescue SecurityError => e
	print "x.bar failed due security errors: #{e}\n"
end

=== Base namespace

require "rubygems"
require "shikashi"

include Shikashi

class X
	def foo
		print "X#foo\n"
	end
end

s = Sandbox.new

s.run( "
  class X
	def foo
		print \"foo defined inside the sandbox\\n\"
	end
  end
  ", Privileges.allow_method(:print))
  

x = X.new # X class is not affected by the sandbox (The X Class defined in the sandbox is SandboxModule::X)
x.foo

x = s.base_namespace::X.new
x.foo

s.run("X.new.foo", Privileges.allow_method(:new).allow_method(:foo))

=== Timeout example

require "rubygems"
require "shikashi"

s = Shikashi::Sandbox.new
perm = Shikashi::Privileges.new

perm.allow_method :sleep

s.run(perm,"sleep 3", :timeout => 2) # raise Shikashi::Timeout::Error after 2 seconds

== Copying

Copyright (c) 2010-2011 Dario Seminara, released under the GPL License (see LICENSE)

FAQs

Package last updated on 11 May 2014

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks

Research

Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks

Socket Threat Research maps a rare inside look at OtterCookie’s npm-Vercel-GitHub chain, adding 197 malicious packages and evidence of North Korean operators.

By Kirill Boychenko  -  Nov 26, 2025
Shai Hulud Strikes Again (v2)

Research

/

Security News

Shai Hulud Strikes Again (v2)

Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.

By Socket Research Team  -  Nov 24, 2025