“ThreadError: current thread not owner” using Sinatra?

I’m building a small Sinatra server which has one GET route called
/execute. It accepts a code parameter and runs the Ruby code from
that parameter using the sandboxed gem, returning a result in JSON.

# /app.rb
class MistressBase < Sinatra::Base
  get '/execute' do
    content_type :json
    Oj.dump( {
      'result' => safe { eval(URI.unescape(params[:code])) }
    } )
  end
end

# /config.ru
require 'sinatra/base'
require 'sandboxed'
require 'uri'
require 'oj'

require './app'

run MistressBase

When I run shotgun config.ru everything’s fine. If I go to and pass
something simple like http://localhost:9393/execute?code=70-1 I get
the expected JSON response of {"result":69}. However if I pass a
file-like string like
require%20'benchmark'%0A%0ABenchmark.measure%20%7B%20'a'%20*%201_000_000%20%7D%0A%0A
which is basically, this but URI.escapeed:

require 'benchmark'

Benchmark.measure { 'a' * 1_000_000 }

I get a ThreadError at /execute with the description of current thread not owner. I have attached the backtrace.

Also, setting code the parameter to /execute to something like 1 - 1 (encoded) gives me the same error while 1-1 doesn’t. What am I
missing? Why am I getting this error?

On Sat, Nov 16, 2013 at 7:47 PM, Rafal C. [email protected] wrote:

I get a ThreadError at /execute with the description of current thread not owner. I have attached the backtrace.

Also, setting code the parameter to /execute to something like 1 - 1 (encoded) gives me the same error while 1-1 doesn’t. What am I
missing? Why am I getting this error?

Just guessing: method safe will probably start a new thread so it can
adjust $SAFE. The code in the block passed to safe probably somewhere
tries to access a critical section which the outer code has locked
already.

Kind regards

robert

Robert K. wrote in post #1127735:

Just guessing: method safe will probably start a new thread so it can
adjust $SAFE. The code in the block passed to safe probably somewhere
tries to access a critical section which the outer code has locked
already.

Any way to avoid that and be able to run code safely in my setup and
scenario?

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs