Initialize a Rufus::TreeChecker and pass some ruby code to make sure it's safe before calling eval().
sudo gem install -y rufus-treechecker
or download it from RubyForge.
The treechecker uses ruby_parser (rubyforge.org/projects/parsetree) to turn Ruby code into s-expressions, the treechecker then checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern is spotted.
The excluded patterns are defined at the initialization of the TreeChecker instance by listing rules.
![[+]](./images/find.png "show/hide quicksearch"){kind=small}
require 'rubygems'
require 'rufus-treechecker'
tc = Rufus::TreeChecker.new do
exclude_fvcall :abort
exclude_fvcall :exit, :exit!
end
tc.check("1 + 1; abort") # will raise a SecurityError
tc.check("puts (1..10).to_a.inspect") # OK
Nice, but how do I know what to exclude ?
require 'rubygems'
require 'rufus-treechecker'
Rufus::TreeChecker.new.ptree('a = 5 + 6; puts a')
will yield
"a = 5 + 6; puts a" => [:block, [:lasgn, :a, [:call, [:lit, 5], :+, [:array, [:lit, 6]]]], [:fcall, :puts, [:array, [:lvar, :a]]] ]
For more documentation, see github.com/jmettraux/rufus-treechecker/tree/master/lib/rufus/treechecker.rb
the 'rogue-parser' gem
On the Rufus-Ruby list :
http://groups.google.com/group/rufus-ruby
http://rubyforge.org/tracker/?atid=18584&group_id=4812&func=browse
github.com/jmettraux/rufus-treechecker
git clone git://github.com/jmettraux/rufus-treechecker.git
John Mettraux, jmettraux@gmail.com, jmettraux.wordpress.com
MIT
Generated with the Darkfish Rdoc Generator 2.