Executing user-supplied ruby code on a web server Executing user-supplied ruby code on a web server ruby-on-rails ruby-on-rails

Executing user-supplied ruby code on a web server


ruby-on-rails ruby web-applications permissions

You can use a "blank slate" as a clean room, and a sandbox in which to set the safe level to 4.

A blank slate an object you've stripped all the methods from:

class BlankSlate  instance_methods.each do |name|    class_eval do      unless name =~ /^__|^instance_eval$|^binding$|^object_id$/        undef_method name      end    end  endend

A clean room is an object in which context you evaluate other code:

  clean_room = BlankSlate.new

Read a command from an untrusted source, then untaint it. Unless untainted, Ruby will refuse to eval the string in a sandbox.

  command = gets  command.untaint

Now execute the string in a sandbox, cranking the safe level up as high as it will go. The $SAFE level will go back to normal when the proc ends. We execute the command in the context of the clean room's binding, so that it can only see the methods and variables that the clean room can see (remember, though, that like any object, the clean room can see anything in global scape).

  result = proc do    $SAFE = 4    clean_room.instance_eval do      binding    end.eval(command)  end.call

print the result:

  p result

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last