我正在开发一个将ruby代码作为输入并执行它的Rails应用程序.由于提交的代码来自不受信任的域,因此我想限制对某些方法和模块的访问.例如,我不希望用户访问File.read或open().
I'm working on a rails application that takes ruby code as input and executes it. Since the code submitted comes from an untrusted domain, I want to restrict access to certain methods and modules. For example, I don't want users to access File.read or open().
还可以将访问权限限制为仅几个模块吗?用户提交的代码中仅需要白名单中的模块.
Also, is it possible to restrict access to only a few modules? Only modules from a whitelist can be required from user submitted code.
我可能可以对用户代码进行验证,但是我想检查ruby语言或任何模块是否已经具有此功能.
I can probably do a validation on the user code, but I wanted to check if ruby language or any modules already have this capability.
Codeschool有交互式教程.我想知道他们是否限制访问用户代码或进行任何验证.
Codeschool has interactive tutorials. I am wondering if they restrict access to user code or do any validation at all.
推荐答案我一直使用 shikashi 对这种任务感到满意.
I've always used shikashi with satisfaction for this kind of tasks.
更多推荐
限制对Rails中用户提交的代码的访问
发布评论