Mindflow Solutions Safemode

December16

Safemode

I was wanting to let my users execute arbitrary ruby code to give them the ultimate power to create in my little mud project. But I didn’t want them doing dangerous things or wiping my filesystem. I investigated tainting as well as creating a DSL with treetop.

But I came across a cool experimental project on github called safemode. Unfortunatley it wasn’t packaged as a gem – so I grabbed it from git and packaged it as a gem and pushed it to rubygems. It’s pretty simple to use:

require 'rubygems'
require 'erb'
require 'safemode'

erb_code = %q{<% 10.times do |i| %><%= i %><% end %>}

raw_code = %q{
  (1..10).to_a.collect do |i|
    puts i
    i * 2
  end.join(', ')
}

box = Safemode::Box.new

puts "Doing the ERB code in safe mode\n-----" 
puts box.eval(ERB.new(erb_code).src)

puts "\nDoing the regular Ruby code in safe mode\n-----" 
puts box.eval(raw_code)

puts "\nOutput from regular Ruby code\n-----" 
puts box.output

Posted by kingsleyh | Filed in Ruby |

Sorry, comments are closed for this article.

Geeky Code Stuff

Safemode

Recent Entries

Categories

Friends

Latest Comments