Ruote::TreeChecker

# File lib/ruote/util/treechecker.rb, line 40
def initialize (context)

  (context['use_ruby_treechecker'] == false) and return

  require 'rufus/treechecker' # gem 'rufus-treechecker'
    # load only when needed

  @checker = Rufus::TreeChecker.new do

    exclude_fvccall :abort, :exit, :exit!
    exclude_fvccall :system, :fork, :syscall, :trap, :require, :load

    #exclude_call_to :class
    exclude_fvcall :private, :public, :protected

    #exclude_def               # no method definition
    exclude_eval              # no eval, module_eval or instance_eval
    exclude_backquotes        # no `rm -fR the/kitchen/sink`
    exclude_alias             # no alias or aliast_method
    exclude_global_vars       # $vars are off limits
    exclude_module_tinkering  # no module opening
    exclude_raise             # no raise or throw

    exclude_rebinding Kernel # no 'k = Kernel'

    exclude_access_to(
      IO, File, FileUtils, Process, Signal, Thread, ThreadGroup)

    #exclude_class_tinkering :except => Ruote::ProcessDefinition
      #
      # excludes defining/opening any class except
      # Ruote::ProcessDefinition

    exclude_call_to :instance_variable_get, :instance_variable_set
  end

  @cchecker = @checker.clone # and not dup
  @cchecker.add_rules do
    at_root do
      exclude_head [ :block ] # preventing 'a < b; do_sthing_evil()'
      exclude_head [ :lasgn ] # preventing 'a = 3'
    end
  end

  @checker.freeze
  @cchecker.freeze
  freeze
    #
    # preventing further modifications
end

# File lib/ruote/util/treechecker.rb, line 91
def check (ruby_code)

  @checker.check(ruby_code) if @checker
end

# File lib/ruote/util/treechecker.rb, line 96
def check_conditional (ruby_code)

  @cchecker.check(ruby_code) if @checker
end