Skip to content


Subversion checkout URL

You can clone with
Download ZIP
checking ruby sexp trees [before eval()], raise security error if excluded code pattern spotted
Ruby Shell
Branch: master


= 'rufus-treechecker'

== what is it ?

Initialize a Rufus::TreeChecker and pass some ruby code to make sure it's safe before calling eval().

== getting it

    gem install -y rufus-treechecker

or download[] it from RubyForge.

== usage

The treechecker uses ruby_parser (
to turn Ruby code into s-expressions, the treechecker then
checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern
is spotted.

The excluded patterns are defined at the initialization of the TreeChecker
instance by listing rules.

  require 'rubygems'
  require 'rufus-treechecker'

  tc = do
    exclude_fvcall :abort
    exclude_fvcall :exit, :exit!

  tc.check("1 + 1; abort")               # will raise a SecurityError
  tc.check("puts (1..10).to_a.inspect")  # OK

Nice, but how do I know what to exclude ?

  require 'rubygems'
  require 'rufus-treechecker''a = 5 + 6; puts a')

will yield

  "a = 5 + 6; puts a"
     [:lasgn, :a, [:call, [:lit, 5], :+, [:array, [:lit, 6]]]],
     [:fcall, :puts, [:array, [:lvar, :a]]]

For more documentation, see

== dependencies

the 'ruby_parser' gem by Ryan Davis.

== mailing list

On the Rufus-Ruby list[] :

== issue tracker

== source

  git clone git://

== author

John Mettraux,,

== the rest of Rufus

== license


Something went wrong with that request. Please try again.