Sandrbox allows you to execute arbitrary Ruby code while being assured it won't destroy your life (or your server). It's intended to be small, fast, and secure. I built it to replace TryRuby's really slow Ruby sandbox, since I wanted something faster.
Note that while I made a concentrated effort to make this secure, it's still possible it's not. I wouldn't run this code outside of a secure prison of some sort, and definitely not on anything connected to a database whose data you care about. (I intend to run this on Heroku without a database.)
I automatically remove all the bad methods and classes I can think of. But maybe you need more:
Sandrbox.configure do |config|
config.bad_constants << :Rails
config.bad_constants << :ActiveRecord
endrequire 'sandrbox'
Sandrbox.perform(['a = 1']).output # => [1]
Sandrbox.perform(['a = 1', 'a = a + a', 'a ** a']).output # => [1, 2, 4]
Sandrbox.perform(['a = 1', 'a = a + a', 'a ** b']).output # => [1, 2, "NameError: undefined local variable or method `b' for main:Object"]
Sandrbox.perform(['`rm -rf /`']).output # => ["NameError: undefined local variable or method ``' for Kernel:Module"]
Sandrbox.perform(['exec("rm -rf /")']).output # => ["NameError: undefined local variable or method `exec' for main:Object"]
Sandrbox.perform(['Kernel.exec("rm -rf /")']).output # => ["NameError: undefined local variable or method `exec' for Kernel:Module"]
Sandrbox.perform(['require "open3"']).output # => ["NameError: undefined local variable or method `require' for main:Object"]
Sandrbox.perform(['class Foo', 'def test', '"hi"', 'end', 'end']).output # => [nil]
Sandrbox.perform(['class Foo', 'def test', '"hi"', 'end', 'end', 'Foo.new.test']).output # => [nil, "hi"]
Sandrbox.perform(['Foo.new.test']).output # => ["NameError: uninitialized constant Foo"] Each perform is independent of previous performs
Sandrbox.perform(['class Foo']).output # => []
Sandrbox.perform(['class Foo']).complete? # => false
Sandrbox.perform(['class Foo']).indent_level # => 1
Sandrbox.perform(['class Foo']).indent_character # => "class"Copyright (c) 2012 Josh Symonds. See LICENSE.txt for further details.