限制对Rails中用户提交的代码的访问

本文介绍了限制对Rails中用户提交的代码的访问的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在开发一个将ruby代码作为输入并执行它的Rails应用程序.由于提交的代码来自不受信任的域，因此我想限制对某些方法和模块的访问.例如，我不希望用户访问File.read或open().

I'm working on a rails application that takes ruby code as input and executes it. Since the code submitted comes from an untrusted domain, I want to restrict access to certain methods and modules. For example, I don't want users to access File.read or open().

还可以将访问权限限制为仅几个模块吗?用户提交的代码中仅需要白名单中的模块.

Also, is it possible to restrict access to only a few modules? Only modules from a whitelist can be required from user submitted code.

我可能可以对用户代码进行验证，但是我想检查ruby语言或任何模块是否已经具有此功能.

I can probably do a validation on the user code, but I wanted to check if ruby language or any modules already have this capability.

Codeschool有交互式教程.我想知道他们是否限制访问用户代码或进行任何验证.

Codeschool has interactive tutorials. I am wondering if they restrict access to user code or do any validation at all.

推荐答案

我一直使用 shikashi 对这种任务感到满意.

I've always used shikashi with satisfaction for this kind of tasks.