rufus-treechecker 1.0.4

what is it ?

Initialize a Rufus::TreeChecker and pass some ruby code to make sure it’s safe before calling eval().

getting it

    gem install -y rufus-treechecker

or download it from RubyForge.

usage

The treechecker uses ruby_parser (rubyforge.org/projects/parsetree) to turn Ruby code into s-expressions, the treechecker then checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern is spotted.

The excluded patterns are defined at the initialization of the TreeChecker instance by listing rules.

  require 'rubygems'
  require 'rufus-treechecker'

  tc = Rufus::TreeChecker.new do
    exclude_fvcall :abort
    exclude_fvcall :exit, :exit!
  end

  tc.check("1 + 1; abort")               # will raise a SecurityError
  tc.check("puts (1..10).to_a.inspect")  # OK

Nice, but how do I know what to exclude ?

  require 'rubygems'
  require 'rufus-treechecker'

  Rufus::TreeChecker.new.ptree('a = 5 + 6; puts a')

will yield

  "a = 5 + 6; puts a"
   =>
   [:block,
     [:lasgn, :a, [:call, [:lit, 5], :+, [:array, [:lit, 6]]]],
     [:fcall, :puts, [:array, [:lvar, :a]]]
   ]

For more documentation, see github.com/jmettraux/rufus-treechecker/tree/master/lib/rufus/treechecker.rb

dependencies

the ‘ruby_parser’ gem by Ryan Davis.

mailing list

On the Rufus-Ruby list :

  http://groups.google.com/group/rufus-ruby

issue tracker

  http://rubyforge.org/tracker/?atid=18584&group_id=4812&func=browse

source

github.com/jmettraux/rufus-treechecker

  git clone git://github.com/jmettraux/rufus-treechecker.git

author

John Mettraux, jmettraux@gmail.com, jmettraux.wordpress.com

the rest of Rufus

rufus.rubyforge.org

license

MIT

Files

Classes/Modules

Methods

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.