限制对Rails中用户提交的代码的访问 [英] Restricting access to user submitted code in Rails

问题描述

我正在开发一个将ruby代码作为输入并执行它的Rails应用程序.由于提交的代码来自不受信任的域，因此我想限制对某些方法和模块的访问.例如，我不希望用户访问File.read或open().

I'm working on a rails application that takes ruby code as input and executes it. Since the code submitted comes from an untrusted domain, I want to restrict access to certain methods and modules. For example, I don't want users to access File.read or open().

还可以将访问权限限制为仅几个模块吗?用户提交的代码中仅需要白名单中的模块.

Also, is it possible to restrict access to only a few modules? Only modules from a whitelist can be required from user submitted code.

我可能可以对用户代码进行验证，但是我想检查ruby语言或任何模块是否已经具有此功能.

I can probably do a validation on the user code, but I wanted to check if ruby language or any modules already have this capability.

Codeschool.com有交互式教程.我想知道他们是否限制访问用户代码或进行任何验证.

Codeschool.com has interactive tutorials. I am wondering if they restrict access to user code or do any validation at all.

推荐答案

我一直使用 shikashi 对这种任务感到满意.

I've always used shikashi with satisfaction for this kind of tasks.

这篇关于限制对Rails中用户提交的代码的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！