This question already has answers here:
How to run untrusted Ruby code inside a safe sandbox?
(4 answers)
Closed 8 years ago.
I've found that there WAS a sandbox gem (created by the guys that made try ruby in your browser but it was compatible only with Ruby 1.8. Another problem is that I cannot find it anymore (it seems they stop serving the gem from the servers...).
So, is there any secure way of running ruby in a sandbox (so you can run it from your browser)?
Or an easy way to run (for example lua/python) in a sandbox (no filesystem access, no creation of objects etc) and be called from Ruby (Rails 2.2)?
I want to make an application like try_ruby even without having a ruby underneath. But it has to be an easy language (I saw there was a prolog in ruby, even a lisp but I don't think they are easy to learn languages...).
So, do you have any suggestions or tips? Or should I just start creating my own DSL in Ruby (if there is a solution in creating a somewhat safe system)?
Thx
I am developing an implementation of a sandbox for ruby based on a modification of the ruby interpreter written in C, I have released recently a functional version of the gem called shikashi (rdoc documentation).
You should try embedding JRuby in the browser.
http://ruby-in-browser.googlecode.com/svn/trunk/evalruby/index.html
The guy who wrote the original gem disappeared, Keyser Söze style:
http://www.rubyinside.com/why-the-lucky-stiff-is-missing-2278.html
I've read that the JRuby gem is more current or maintained, but I've found it buggy so far. Here are some setup instructions:
http://flouri.sh/2009/4/4/how-to-set-up-the-jruby-sandbox
Overall, it looks like Ruby is lacking a solid implementation of this right now :(
I came across This article on hackety.org(dead link) this morning. Maybe it can serve you as a guide into the right direction
Another way is like codepad.org does it (VM isolation and checking the calls)
I am not sure if you want to run any language in a sandbox. But I found that JavaScript has been running as a sandbox language for a long time. The ruby racer project lets you embed the v8 engine in ruby. Hope that helps.
Related
I started programming on ruby at codecademy but where can I compile my codes on doing a website?
When I was making some lessons on C I used codeblocks to run codes. I know any text editor can run a HTML code. So what about ruby?
Thank you.
I'll take a stab at answering the question that I think you're asking, but I'm not 100% sure here.
Ruby is an interpreted language (what does that mean? Not a whole lot nowadays. If you'd like a more in depth discussion on the distinction or lack thereof between interpreting vs compiling, read Jorg's comments below). To execute ruby code, you'll need to install ruby. Fortunately for you, this is freely available on any major platform. If you're on something unix-y (eg, linux or mac), I'd strongly recommend installing ruby via something like rvm or rbenv. If you're on windows, you can either go the cygwin route and pretend it's a unix-y environment, or there are prebuilt installers out there. Googling 'install ruby' should have some sites that can help you at or near the top of the search results.
So I'd like to call a Haskell function from a Ruby app running on Heroku. I'm aware of Hubris, but it seems unlikely to work in the Heroku sandbox, so I'm thinking of automatically converting the Haskell code to Ruby. Unsurprisingly, there's no tool that will do this in one shot, but there appear to be a whole bunch of Haskell-to-X and Y-to-Ruby tools. Which would do the trick, or are there other solutions I'm missing?
And yes, I'm aware that any twice-generated code would be horribly obfuscated code spaghetti, and I'm OK with that as long as it works.
You might be able to use multi-buildpack to have an app that has both ruby and haskell. Multi-buildpack is a buildpack that allows you to compose several buildpacks into one. With this you could use both the official Heroku ruby buildpack (https://github.com/heroku/heroku-buildpack-ruby.git) and a 3rd party haskell buildpack.
Ruby and Haskell are have very different evaluation models. Unless you have a very compelling case, you'd be better off trying a different integration path.
Here is a talk from Haskell Exchange 2012 that talks about integrating haskell and ruby via ampq. https://skillsmatter.com/skillscasts/3637-integrating-haskell-using-amqp
I'm working on building a GUI for my checkers implementation. I'm utilizing a GUI framework that only works with Ruby 1.8, yet my game engine, which I have packaged as a gem, only works with Ruby 1.9.
I can't change the code for the GUI framework and reworking my game engine to make it compatible with 1.8 is undesirable, to say the least.
I'm using RVM though, and it looks like you can write RVM scripts to change Ruby versions on the fly.
Does anyone have any experience with that or what the script might look like?
You could run it in two processes. Give the GUI a 1.8 process and talk to it via a shared db or an API on the other side. That's how I'd do it. The good part about that is you can have on online version of your game as well because other clients will be able to talk to it as well.
You can't run one app with two versions of Ruby. How do you imagine this?
RVM has an ability to automatically change current ruby when you cd into a directory. Just create in that directory a file called .rvmrc with content like
rvm use 1.8.7
What I mean by this is if I install jRuby on Rails, can I use only the ruby language to build my application? I wanted to install my rails application with jRuby in case I wanted to use Java in the future, though I don't need it now. Or do I not understand? Is jRuby ruby that has access to java libraries?
yes, jruby is ruby (your ruby scripts need no modification to run under jruby). in addition, it has full access to java libraries - check out the wiki for how easy it is to integrate a java class or library into your ruby code.
The others have answered your direct question. I just want to say that I've been using jruby full time at work for the past 6 months and it's great. Deploying a rails app with the glassfish gem is very easy and jruby performs better than MRI ruby 1.8.x.
I've seen no real downside after 6 months other than the fact that we can't use gems that have pieces written in C. However, we've taken a C library and created a gem using FFI and it wasn't too much trouble.
It's also really easy to speed up your app by writing a few key pieces in java (which is easier t work with than C).
I'd like to be able to send a Ruby app to some colleagues without requiring them to install a Ruby interpreter. A single exe would be preferable.
I googled and found "RubyScript2Exe".
What are your experiences with that? Are there other such tools or are there better approaches altogether than building an exe?
I've used it about 3 times and I haven't had any problems with it and I ran one of the apps on 10 servers and never had any issues. So, I think RubyScript2Exe is about as good as it gets for ruby.
_why's Shoes framework lets you package the program as an executable for Mac or Windows that installs Shoes (contains a Ruby interpreter). Information about using the packager is here. _why also gives hints about how he makes the Windows executable here.
Don't forget OCRA [1] which I used a couple of times and which Just Worked.
I used to create my exes with RubyScript2Exe as mentioned above but had problems when used with Ruby 1.9 [2].
[1] http://ocra.rubyforge.org/
[2] http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/343891
There is another one called Crate. You can find some information about it here. However I haven't tested it on Windows.
Sorry to be late to the party, but I found this question in my search for trying to do this myself (starting to use SO more and more as a primary resource).
Anyway, I have just had success with exerb, although I'd add a couple of notes:
The web page says exerb runs on any platform. That is true; however if you "compile" a program calls out to native code, then exerb will embed your system's native code (e.g. Linux .so files) into the .exe. In practice, that means you have to build any significant app on Windows.
The web page also says ruby -r exerb/mkrbc but the actual command is ruby -r exerb/mkexy.