I'm writing an application in ruby and would like to access some legacy code written in another language (php). Unfortunately this legacy code does not have an HTTP API, but it is living on the same file system. I had the idea that maybe instead of building an API, or rewriting all of the code in ruby, there may be some clever way I can expose these PHP functions so ruby can access them. Do you have an idea or approach I can use to accomplish this?
Assuming you mean code that is callable at the command-line, using either backticks or the %x operator or the more complex system, popen and popen3 commands lets you execute separate pieces of code and gather the results.
For instance in IRB:
irb(main):002:0> puts `ls`
Desktop
Documents
Wrap that in a method and it becomes a way to call an external program:
def ls(s='')
`ls #{s}`
end
ls() # => "Desktop\nDocuments\nDownloads\nLibrary\nMovies\nMusic\nPictures\nPublic\nSites\nVirtualBox VMs\nbin\ndevelopment\nlibsmi\nperl5\nproduction\nshare\ntest.data\ntmp\n"
ls('M*') # => "Movies:\n\nMusic:\niTunes\n"
See "Ruby, Difference between exec, system and %x() or Backticks" for additional information.
The only reasonable solution I can think of is to rewrite chunks of the php or to write an http api.
If you want to embark upon a more adventurous route you could take a look compiling the php into exes (Convert a PHP script into a stand-alone windows executable) and then execute them via backticks, system, or etc...
It probably would be best to rewrite it though.
Related
Hi thanks for taking a look at my question. I'm trying to create a site with a Sinatra server that will allow users to run ruby code in the browser similar to what you see with repl.it, code academy, etc.
Is there a gem/library or anything out there can can handle the interpreter? If I need to create one myself, how can I do this without evaluating the code in the server? (seems dangerous)
Any advice is helpful, thanks!
You can use repl.it's API https://repl.it/api
Should be very easy to use
You can use Kernel#eval to run code from the string (user's input). Remember that it is not safe to execute some random code directly in your production environment.
Suppose that I have a Java program that uses JRuby to allow the user to use Ruby scripting to control the behaviour of some funny character in a window.
Users can share their Ruby code with the community, so others can execute the snippets on their own copy of the program and see the funny character do stuff.
I have a security concern with this, though, as users may contribute malicious Ruby code to the community.
The obvious precaution is that users shouldn't run the snippets of untrusted users. However, due to the nature of the community, the point is to check out the creations of strangers.
So, it has occurred to me that maybe I can restrict the capabilities of JRuby.
There may be other things, but some of the restrictions off of my head would be:
Do not allow any sort of networking.
No access to the filesystem.
Do not permit system DOS calls.
Can't require/import ruby code/gems/etc.
Can't create new processes etc.
Is there a reasonable way to restrict JRuby functionality?
I have thought of, perhaps, redefining several constants that are required for that sort of operations. For instance,
File = nil
But I am unsure of what constants to nullify exactly, and whether this is effective at all.
since your requirements are concrete you would likely need to implement those restrictions yourself ... some pointers :
rubygems can be disable within JRuby - assuming it's fine for you to boot that way, otherwise chaing load/require is a good option
same for system and similar calls that create a new process
instead of doing File = nil early on you might end up needing to review File/IO methods one by one
undefine Java constant and java methods to disallow smart cheating with Java APIs
I would like to create a small Rails application that would allow users to give a few snippets of code to benchmark in multiple implementations and versions of Ruby. I am capable of creating the application, I am just afraid of users mucking around in the filesystem or doing other destructive actions. Is there any way to prevent this?
There is $SAFE:
The variable $SAFE determines Ruby's level of paranoia.
The various "safety levels" are noted at the link, there's also some examples (which still work) of using a thread, $SAFE, and load to wrap untrusted code. $SAFE on ruby might be worth a look as well.
If I have a ruby script Daemon that, as it's name implies, runs as a daemon, monitoring parts of the system and able to perform commands which require authentication, for example changing permissions, is there an easy way to have a second ruby script, say client, communicate to that script and send it commands / ask for information? I'm looking for a built in ruby way of doing this, I'd prefer to avoid building my own server protocol here.
Ruby provides many mechanisms for this including your standards such as: sockets, pipes, shared memory. But ruby also has a higher level library specifically for IPC which you can checkout Here, Drb. I haven't had a chance to play around with it too much but it looks really cool.
You may want to look into http://rubyeventmachine.com/
After being blown away by the greatness of irb and rails console, I am loving the dynamical parts of the language more and more. Now, I wonder if it would be possible for a Ruby application to update itself on-the-fly (if the write permission allows it). Can a Ruby application fetch an update and refresh itself? I have seen this functionality a lot in Apple applications and I know updates and fixes are something you must anticipate for when deploying an application.
Thank you for your feedback, comments and answers!
Sure. You can load a file that re-opens an existing class and alters behavior. There are a few ways to get the new code, too. Read it off disk, or have a socket that accepts connections and then eval the strings passed in. Or use HTTP: http://www.neurogami.com/articles/The_year_of_living_dangerously/
BTW, there's some risk involved with doing thngs this way. :)