Skip to content
checking ruby sexp trees [before eval()], raise security error if excluded code pattern spotted
Ruby Shell
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
lib
spec
test
.rspec
CHANGELOG.txt
CREDITS.txt
LICENSE.txt
README.txt
Rakefile
jtest.sh
rufus-treechecker.gemspec

README.txt

= 'rufus-treechecker'

== what is it ?

Initialize a Rufus::TreeChecker and pass some ruby code to make sure it's safe before calling eval().


== getting it

    gem install -y rufus-treechecker

or download[http://rubyforge.org/frs/?group_id=4812] it from RubyForge.


== usage

The treechecker uses ruby_parser (http://rubyforge.org/projects/parsetree)
to turn Ruby code into s-expressions, the treechecker then
checks this sexp tree and raises a Rufus::SecurityError if an excluded pattern
is spotted.

The excluded patterns are defined at the initialization of the TreeChecker
instance by listing rules.

  require 'rubygems'
  require 'rufus-treechecker'

  tc = Rufus::TreeChecker.new do
    exclude_fvcall :abort
    exclude_fvcall :exit, :exit!
  end

  tc.check("1 + 1; abort")               # will raise a SecurityError
  tc.check("puts (1..10).to_a.inspect")  # OK


Nice, but how do I know what to exclude ?

  require 'rubygems'
  require 'rufus-treechecker'

  Rufus::TreeChecker.new.ptree('a = 5 + 6; puts a')

will yield

  "a = 5 + 6; puts a"
   =>
   [:block,
     [:lasgn, :a, [:call, [:lit, 5], :+, [:array, [:lit, 6]]]],
     [:fcall, :puts, [:array, [:lvar, :a]]]
   ]


For more documentation, see http://github.com/jmettraux/rufus-treechecker/tree/master/lib/rufus/treechecker.rb


== dependencies

the 'ruby_parser' gem by Ryan Davis.


== mailing list

On the Rufus-Ruby list[http://groups.google.com/group/rufus-ruby] :

  http://groups.google.com/group/rufus-ruby


== issue tracker

  http://rubyforge.org/tracker/?atid=18584&group_id=4812&func=browse


== source

http://github.com/jmettraux/rufus-treechecker

  git clone git://github.com/jmettraux/rufus-treechecker.git


== author

John Mettraux, jmettraux@gmail.com,
http://jmettraux.wordpress.com


== the rest of Rufus

http://rufus.rubyforge.org


== license

MIT

Something went wrong with that request. Please try again.