svenfuchs / safemode fork watch download tarball
public
Description: A library for safe evaluation of Ruby code based on ParseTree/RubyParser and Ruby2Ruby. Provides Rails ActionView template handlers for ERB and Haml.
Homepage: http://www.artweb-design.de
Clone URL: git://github.com/svenfuchs/safemode.git
safemode / lib / safemode / scope.rb
100644 59 lines (49 sloc) 1.478 kb
raw blame history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

module Safemode
  class Scope < Blankslate
    def initialize(delegate = nil, delegate_methods = [])
      @delegate = delegate        
      @delegate_methods = delegate_methods
      @locals = {}
    end
    
    def bind(instance_vars = {}, locals = {}, &block)
      @locals = symbolize_keys(locals) # why can't I just pull them to local scope in the same way like instance_vars?
      instance_vars = symbolize_keys(instance_vars)
      instance_vars.each {|key, obj| eval "@#{key} = instance_vars[:#{key}]" }
      @_safemode_output = ''
      binding
    end
  
    def to_jail
      self
    end
    
    def puts(*args)
      print args.to_s + "\n"
    end
 
    def print(*args)      
      @_safemode_output += args.to_s
    end
    
    def output
      @_safemode_output
    end
    
    def method_missing(method, *args, &block)
      if @locals.has_key?(method)
        @locals[method] 
      elsif @delegate_methods.include?(method)
        @delegate.send method, *unjail_args(args), &block
      else
        raise Safemode::SecurityError.new(method, "#<Safemode::ScopeObject>")
      end
    end
    
    private
    
      def symbolize_keys(hash)
        hash.inject({}) do |hash, (key, value)| 
          hash[key.to_s.intern] = value
          hash
        end
      end
    
      def unjail_args(args)
        args.collect do |arg|        
          arg.class.name =~ /::Jail$/ ? arg.instance_variable_get(:@source) : arg
        end
      end
  end 
end