Find file
Fetching contributors…
Cannot retrieve contributors at this time
26 lines (19 sloc) 724 Bytes


We launched rails for zombies and we let people run code on heroku. Our initial method for sandboxing was regex based. Zedshaw took us down quickly with a 1 liner. We then had to learn more about sandboxing.


Using $SAFE global, unfortunately rails doesn't work with any level higher than 0


looks at the ast


isolates Namespaces create a sandbox evaluate a sandbox Blocks dangerous operations with Protects secrets Limits resource utilization sandboxeval %{while;true;end}, timeout: 5 # Can give sandbox "capabilitites sandbox.ref(Foo) foo = sandbox.eval('')

please go to and try to break it.