Ruby: creating a sandboxed eval?
You might want to check the 'taint' method and related stuff. This is a good reference:
http://ruby-doc.com/docs/ProgrammingRuby/html/taint.html
Despite that, I can't advise you enough against storing code and evaluating it, it's a security risk that should be avoided and most times there's a simpler way of solving your problems.
If you need to evaluate complex rules and predicates I'd recommend a rule engine to create a nice DSL. Haven't used one in ruby but this one looks good to me:
http://treetop.rubyforge.org/index.html
Cheers
you can do that with a sandboxing gem, https://github.com/tario/shikashi, which allows you to whitelist methods.
credit to https://stackoverflow.com/a/8704768/188355
Assuming you're on at least ruby 1.8, you can run a proc at a different safe level.
def my_unsafe_function # possible unsafe stuffendproc { $SAFE = 4 # change level only inside this proc my_unsafe_function}.callHowever, you should rethink whether you really need to store ruby code in the DB. Are users of the app going to be modifying this stored code, and why? If they aren't, why not put the code in the app's files instead? I don't know your setup, but it should be possible to move the logic out of the DB.