I am embedding the plugin architecture in a Rails project. The plugin architecture includes the ability for plugins to write Ruby code for execution on the server. I want to make it safe so that plugin writers are not able to write destructive code.
I think what I need to do, although I am open to other parameters, is executing the Ruby code for the plugin in an isolated environment that has a limited scope. I am thinking of something in the vein of therubyracer gem, but I want to run Ruby safely instead of JavaScript.
I cannot find a good way to do this. I was thinking about using evalwith a limited object bindings, but I think it would be difficult to have evalmultiple files, and I don’t think I can adequately limit the bindings. For example, I do not want the plugin to be able to do something like destroy_allon a model, or in the code of an existing monkey-patch code in an application.
I'm completely at a standstill with this. Does anyone have any ideas?
source
share