Run time programming

Hi all,

How can I run ruby code from my ruby program? Let’s say I have a program
with a text box. In that text box user writes a ruby function. I
want the program to call that function in such way that this function
would have access to the classes and variables in the main program.

How can this be done? I imagine that since Ruby is interpreted
dynamically adding code shouldn’t be much of a problem. But then I just
started learning Ruby and have no idea how this could work…

Thanks for your replies.

eval(user_given_text, binding)
user_defined_method

On Wed, May 4, 2011 at 12:39 PM, Karolis Juodele
[email protected] wrote:

How can I run ruby code from my ruby program? Let’s say I have a program
with a text box. In that text box user writes a ruby function. I
want the program to call that function in such way that this function
would have access to the classes and variables in the main program.

How can this be done? I imagine that since Ruby is interpreted
dynamically adding code shouldn’t be much of a problem. But then I just
started learning Ruby and have no idea how this could work…

$ ri eval

Kind regards

robert

Robert K. wrote in post #996572:

$ ri eval

And see also:

http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html

eval though is the root method it might be safer to use one of the
more focused wrapper methods such as class_eval, instance_eval and
define_method.

~Stu

On Thu, May 5, 2011 at 3:30 PM, Stu [email protected] wrote:

eval though is the root method it might be safer to use one of the
more focused wrapper methods such as class_eval, instance_eval and
define_method.

~Stu

It’s not clear to me how those are safer, I thought those just change
contexts. For example, I can still call system (or do anything else, I
would
expect).

Whatever = Class.new
users_code = ‘system “echo just doin the evils”’
Whatever.class_eval users_code # >> just doin the evils

Funny I was just playing with the go language version of tryruby which
also uses a sandbox.

I referring to how rails generators as input are used to alleviate the
boilerplate code in crud operations. For example the dynamic finders
i.e. find_by_#{evaluated_string} are most likely eval created.

I imagine putting the whole interpreter online must be a huge security
conscious effort.

Robert K. wrote in post #996572:

$ ri eval

And you might also want to think about who is entering that code and
what it does: cautionary tale at
http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html

So, re-implementing tryruby.org is not as simple as you might think.
Look for the ruby sandbox gem.

If only fully trusted users are entering data into this text box, then
it’s not a problem.

For example the dynamic finders
i.e. find_by_#{evaluated_string} are most likely eval created.

Sorta, yeah: method_missing which then does a class_eval to help with
performance.

https://github.com/rails/rails/blob/master/activerecord/lib/active_record/base.rb#L1018

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs