Eval without eval?

Can anyone explain how “Proc.new{}” (String) could be converted into
Proc.new{} (Code) without using any form of eval?

I am having issues with Sourcify/ ParseTree not evaluating eval-ed codes
and thinking if that could help.

Dipesh G. wrote in post #1072447:

Can anyone explain how “Proc.new{}” (String) could be converted into
Proc.new{} (Code) without using any form of eval?

if str == “Proc.new{}”
return Proc.new
end

??

Hi Dipesh,

It depends on what you need. Eval is very powerful, but any time you
permit arbitrary code execution from the contents of a string, there are
safety concerns. If you’re looking to execute or apply a specific block
of
code to particular objects or object instances, consider using blocks
and
yield.

def yieldingMethod ( arg1 )
yield arg1
end

yieldingMethod( “Hello, World!” ) do |yieldedValue|

prints yieldedValue

end

If you’re calling methods whose names are being dynamically provided,
consider Class#send, which allows you to provide a method name and pass
parameters to it.

You can also call Class#const_get(“String”) to get a class name at
runtime.

If you still feel that eval is the appropriate solution to your problem,
consider wrapping code blocks in %q{} and %Q{} to make your code easier
to
read and debug.

I am not sure if an equivalent to JavaScript’s “new Function( strCode )”
exists. In JavaScript, new Function() is a potential optimization and
level of additional security over eval, since the same Function object
returned from new may be compiled and isn’t like to be modified between
calls. In Ruby, more is done at runtime, so eval is used very commonly.

You may want to read this page on tainted data, for some Ruby security
configurations:
http://ruby-doc.org/docs/ProgrammingRuby/html/taint.html

Thanks,

  • Alexander Pritchard

Ryan D. wrote in post #1072466:

I am having issues with Sourcify/ ParseTree not evaluating eval-ed codes
and thinking if that could help.

If you have the string, ruby_parser is probably your best bet.

If you’re having problems with either of those two gems, you should file
a bug on one or both instead of getting unhelpful advice here (eg
Brian).

I found the question to be unclear to the point of senseless.

(1) If the question was intended to mean “how can I convert an arbitrary
string containing ruby code to the value which would result from
executing that code?” (and you don’t care about the side effects of
executing that code), then it seems to me you may as well just eval it.
But the OP said “not using any form of eval”, without giving any reason.

(2) If the question was “how can I eval an arbitrary string of ruby
code, but limited to a safe subset of functions” (e.g. disable calls to
Kernel#system) then it becomes a sandboxing question. You could run a
ruby-in-ruby implementation configured to execute certain constructs but
not others; or you could run something like the sandbox gem for MRI.

(3) The question actually was ‘how “Proc.new{}” (String) could be
converted into Proc.new{} (Code)’, which is a highly limited form of
(2). Even this is unclear when it says (Code), and I took this to mean
(Object) or (Value).

I was not being 100% facetious in answering this literally. If you have
only a handful of different Ruby expressions you want to recognise and
turn into real objects, then I think a case statement would be a
perfectly reasonable way to proceed.

case str
when /\A(\d+)\z/
$1.to_i
… etc
else
raise “Invalid expression”
end

On Aug 15, 2012, at 2:04 PM, Brian C. [email protected] wrote:

I found the question to be unclear to the point of senseless.
Then. Don’t. Answer.

On Aug 15, 2012, at 8:38, Dipesh G. [email protected] wrote:

Can anyone explain how “Proc.new{}” (String) could be converted into
Proc.new{} (Code) without using any form of eval?

I am having issues with Sourcify/ ParseTree not evaluating eval-ed codes
and thinking if that could help.

If you have the string, ruby_parser is probably your best bet.

If you’re having problems with either of those two gems, you should file
a bug on one or both instead of getting unhelpful advice here (eg
Brian).

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs