deac/Safebox
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
Secure execution of Code
7 commits 1 branch 3 tags 280 KiB
Ruby 100%
Find a file
Denis Knauf d8832d5825 Little Doku.
2010-03-31 19:32:26 +02:00
bin Safebox.eval added. It is like Kernel.eval, but in a box and with <rescue Object>. 2010-03-31 19:00:23 +02:00
lib Safebox.eval added. It is like Kernel.eval, but in a box and with <rescue Object>. 2010-03-31 19:00:23 +02:00
AUTHORS first commit 2010-03-20 23:53:57 +01:00
LICENSE first commit 2010-03-20 23:53:57 +01:00
Rakefile little changes: metafiles 2010-03-21 01:42:55 +01:00
README.md Little Doku. 2010-03-31 19:32:26 +02:00
VERSION VERSION 0.0.2 2010-03-31 19:00:59 +02:00

README.md

Install

gem install Safebox

Usage

First load the safebox:

require 'safebox'

The most things in your Safebox are possible:

value = Safebox.eval "1+2**9"
value = Safebox.eval {|| 1+2**8 }

Only some good things are not possible:

Safebox.eval "$stdout.puts 'I am OK!'"

But, very bad code will not damage your system.

Safebox.eval "class Unsecure;def self.code() system 'rm *' ; end end; Unsecure.code"

This will raise a SecurityError.

What is with raised exceptions?

Safebox.eval "raise Exception"

This will print the Exception.

Or if you want to get the Exception:

ret = Safebox.run "raise Exception"
ret # => [:exception, #<Exception>]

What is Safebox.run?

ret = Safebox.run "1+2**9"
ret # => [:value, 513]

You get something back, which can be unsafe!

Safebox.eval( "class A;def to_s() 'Owned!'; end end; A.new").to_s
puts Safebox.eval( "class A;def to_s() 'Owned!'; end end; A.new")