限制对Rails中用户提交的代码的访问 [英] Restricting access to user submitted code in Rails
问题描述
我正在开发一个将ruby代码作为输入并执行它的Rails应用程序.由于提交的代码来自不受信任的域,因此我想限制对某些方法和模块的访问.例如,我不希望用户访问File.read
或open()
.
I'm working on a rails application that takes ruby code as input and executes it. Since the code submitted comes from an untrusted domain, I want to restrict access to certain methods and modules. For example, I don't want users to access File.read
or open()
.
还可以将访问权限限制为仅几个模块吗?用户提交的代码中仅需要白名单中的模块.
Also, is it possible to restrict access to only a few modules? Only modules from a whitelist can be required from user submitted code.
我可能可以对用户代码进行验证,但是我想检查ruby语言或任何模块是否已经具有此功能.
I can probably do a validation on the user code, but I wanted to check if ruby language or any modules already have this capability.
Codeschool.com有交互式教程.我想知道他们是否限制访问用户代码或进行任何验证.
Codeschool.com has interactive tutorials. I am wondering if they restrict access to user code or do any validation at all.
推荐答案
我一直使用 shikashi 对这种任务感到满意.
I've always used shikashi with satisfaction for this kind of tasks.
这篇关于限制对Rails中用户提交的代码的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!