Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
GitHub's safe gem eval web service
tag: v0.2.8

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
lib
test
.gitignore
README
Rakefile
VERSION.yml
safegem.gemspec

README

SafeGem: GitHub's Safe Gem Eval Web Service
-------------------------------------------

Help make GitHub's gem build process more secure and robust!

SafeGem is a Sinatra app that safely converts Ruby gemspecs into YAML gemspecs.

It works as follows:

1) Receives a request with the repo location and the ruby gemspec
2) Returns immediately and schedules the following via EM.defer:

1) Makes a shallow clone of the repo and chdir's to that repo
2) Evals the spec in a separate thread with a higher $SAFE level
3) Converts spec to YAML
4) Posts the YAML to the specified callback

Goals
-----
* Lower the $SAFE level to allow methods like Dir.glob, but without compromising security.
Something went wrong with that request. Please try again.