Forum: Ruby serve string as file

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
9630ff9880eab934f14f7aa68930e060?d=identicon&s=25 Andras Horvath (log69)
on 2016-09-24 16:52
Hi Everyone,

I need to evaluate a string as a Ruby code to do some complex stuff. It
is essential to keep the contents of the string in memory without
writing it out to a file. Tried this:

mycode = "puts 'hello world'"
eval mycode

The eval() function does not work properly. This is a web service
utilizing FCGI and somehow feeding the code in the string to eval
produces interesting errors. I've been craving to solve this for days
now without any real progress.

I'm looking for an alternative to eval. The following works:

system("ruby #{filename}")

However I don't want to write the code in the string to a file.

Could I achieve evaluating the Ruby code in the string without writing
it to a file and without using eval either?

This does not seem to work either (my code is long and complex with many
functions, require calls and nested quotation marks):

system("ruby -e #{mycode}")

Isn't there some kind of pipe magic with what I could serve my string as
a file?

Any ideas? I'd appreciate your help. Thank you.
0fa73332c8e4a3b06ea439fd3f034322?d=identicon&s=25 Ronald Fischer (rovf)
on 2016-09-29 11:45
When you say "it produces interesting errors", we know from this
detailed information of course immediately what went wrong. It must be
on line 42 of your code.

Now, seriously:

Given a string consisting of Ruby code, you can of course do an eval on
it. In any sane solution, you would have to anticipate, that there are
errors - either in syntax, or runtime errors - so you will of course
catch the errors and display the error message to whoever had supplied
the string. With other words: When I see the command you use to evalute
the code, and see the error message you are catching, and see the string
to be supplied, we can start discussing on what goes wrong and why.

Having said this, I hope you don't really intend to get a string from
some "web service" and blindly execute it with "eval". Of course, you
CAN do it, but there are so many nicer ways to shoot yourself, if you
want to.

At least you should make sure that the code is running in a restricted
environment (where it can only access a certain part of the file system,
where it can not do any damage), and that it can not execute arbitrary
system commands.

I also recommend to catch STDOUT and STDERR from this process. Imagine
that someone is supplying a piece of code, which writes in an infinite
loop tons of information to STDOUT. How are you going to deal with this?
9630ff9880eab934f14f7aa68930e060?d=identicon&s=25 Andras Horvath (log69)
on 2016-10-07 13:05
Ronald Fischer wrote in post #1185092:
> When you say "it produces interesting errors", we know from this
> detailed information of course immediately what went wrong. It must be
> on line 42 of your code.
>
> Now, seriously:
>
> Given a string consisting of Ruby code, you can of course do an eval on
> it. In any sane solution, you would have to anticipate, that there are
> errors - either in syntax, or runtime errors - so you will of course
> catch the errors and display the error message to whoever had supplied
> the string. With other words: When I see the command you use to evalute
> the code, and see the error message you are catching, and see the string
> to be supplied, we can start discussing on what goes wrong and why.
>
> Having said this, I hope you don't really intend to get a string from
> some "web service" and blindly execute it with "eval". Of course, you
> CAN do it, but there are so many nicer ways to shoot yourself, if you
> want to.
>
> At least you should make sure that the code is running in a restricted
> environment (where it can only access a certain part of the file system,
> where it can not do any damage), and that it can not execute arbitrary
> system commands.
>
> I also recommend to catch STDOUT and STDERR from this process. Imagine
> that someone is supplying a piece of code, which writes in an infinite
> loop tons of information to STDOUT. How are you going to deal with this?

Hi, you are right. The error message is "argument error, wrong number of
arguments (0 instead of 2)" or similar ones.

BTW, I managed to track down the problem. My Ruby code to be run in eval
contained the same function name that I had in the main code the eval is
called from. That was all.

Thx anyway.
This topic is locked and can not be replied to.