Project

Sandrbox

0.01
No commit activity in last 3 years
No release in over 3 years
Sandrboxveraticus/sandrboxHomepageDocumentationSource CodeBug TrackerWiki
A sandbox for that tries to change all Ruby code executed to be safe and non-destructive, both to the filesystem and the currently running process
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
4,966
Stars
17
Forks
2
Watchers
2
 Releases
Current version
0.0.1
Total releases
1
First release
2012-03-30
Latest release
2012-03-30
 Issues
Open Issues
2
Closed Issues
1
Total Issues
3
Issue Closure Rate
33%
 Development
Primary Language
Ruby
Average date of last 50 commits
2012-03-30
Reverse Dependencies
0

 Dependencies

Development

bundler
>= 0
github-markup
>= 0
jeweler
>= 0
mocha
>= 0
rake
>= 0
redcarpet
= 1.17.2
rspec
>= 0
yard
>= 0
 Project Readme

Sandrbox

Sandrbox allows you to execute arbitrary Ruby code while being assured it won't destroy your life (or your server). It's intended to be small, fast, and secure. I built it to replace TryRuby's really slow Ruby sandbox, since I wanted something faster.

Note that while I made a concentrated effort to make this secure, it's still possible it's not. I wouldn't run this code outside of a secure prison of some sort, and definitely not on anything connected to a database whose data you care about. (I intend to run this on Heroku without a database.)

Set It Up

I automatically remove all the bad methods and classes I can think of. But maybe you need more:

Sandrbox.configure do |config|
  config.bad_constants << :Rails
  config.bad_constants << :ActiveRecord
end

How To Use It

require 'sandrbox'

Sandrbox.perform(['a = 1']).output # => [1]
Sandrbox.perform(['a = 1', 'a = a + a', 'a ** a']).output # => [1, 2, 4]
Sandrbox.perform(['a = 1', 'a = a + a', 'a ** b']).output # => [1, 2, "NameError: undefined local variable or method `b' for main:Object"] 

Sandrbox.perform(['`rm -rf /`']).output # => ["NameError: undefined local variable or method ``' for Kernel:Module"]
Sandrbox.perform(['exec("rm -rf /")']).output # => ["NameError: undefined local variable or method `exec' for main:Object"] 
Sandrbox.perform(['Kernel.exec("rm -rf /")']).output # => ["NameError: undefined local variable or method `exec' for Kernel:Module"]

Sandrbox.perform(['require "open3"']).output # => ["NameError: undefined local variable or method `require' for main:Object"]

Sandrbox.perform(['class Foo', 'def test', '"hi"', 'end', 'end']).output # => [nil]
Sandrbox.perform(['class Foo', 'def test', '"hi"', 'end', 'end', 'Foo.new.test']).output # => [nil, "hi"]
Sandrbox.perform(['Foo.new.test']).output # => ["NameError: uninitialized constant Foo"] Each perform is independent of previous performs

Sandrbox.perform(['class Foo']).output # => []
Sandrbox.perform(['class Foo']).complete? # => false
Sandrbox.perform(['class Foo']).indent_level # => 1
Sandrbox.perform(['class Foo']).indent_character # => "class"

Copyright

Copyright (c) 2012 Josh Symonds. See LICENSE.txt for further details.