I'm working on a rails application that takes ruby code as input and executes it. Since the code submitted comes from an untrusted domain, I want to restrict access to certain methods and modules. For example, I don't want users to access File.read
or open()
.
Also, is it possible to restrict access to only a few modules? Only modules from a whitelist can be required from user submitted code.
I can probably do a validation on the user code, but I wanted to check if ruby language or any modules already have this capability.
Codeschool.com has interactive tutorials. I am wondering if they restrict access to user code or do any validation at all.