Forum: Ruby serve string as file

9630ff9880eab934f14f7aa68930e060?d=identicon&s=25 Andras Horvath (log69)
on 2016-09-24 16:52
Hi Everyone,

I need to evaluate a string as a Ruby code to do some complex stuff. It
is essential to keep the contents of the string in memory without
writing it out to a file. Tried this:

mycode = "puts 'hello world'"
eval mycode

The eval() function does not work properly. This is a web service
utilizing FCGI and somehow feeding the code in the string to eval
produces interesting errors. I've been craving to solve this for days
now without any real progress.

I'm looking for an alternative to eval. The following works:

system("ruby #{filename}")

However I don't want to write the code in the string to a file.

Could I achieve evaluating the Ruby code in the string without writing
it to a file and without using eval either?

This does not seem to work either (my code is long and complex with many
functions, require calls and nested quotation marks):

system("ruby -e #{mycode}")

Isn't there some kind of pipe magic with what I could serve my string as
a file?

Any ideas? I'd appreciate your help. Thank you.
0fa73332c8e4a3b06ea439fd3f034322?d=identicon&s=25 Ronald Fischer (rovf)
on 2016-09-29 11:45
When you say "it produces interesting errors", we know from this
detailed information of course immediately what went wrong. It must be
on line 42 of your code.

Now, seriously:

Given a string consisting of Ruby code, you can of course do an eval on
it. In any sane solution, you would have to anticipate, that there are
errors - either in syntax, or runtime errors - so you will of course
catch the errors and display the error message to whoever had supplied
the string. With other words: When I see the command you use to evalute
the code, and see the error message you are catching, and see the string
to be supplied, we can start discussing on what goes wrong and why.

Having said this, I hope you don't really intend to get a string from
some "web service" and blindly execute it with "eval". Of course, you
CAN do it, but there are so many nicer ways to shoot yourself, if you
want to.

At least you should make sure that the code is running in a restricted
environment (where it can only access a certain part of the file system,
where it can not do any damage), and that it can not execute arbitrary
system commands.

I also recommend to catch STDOUT and STDERR from this process. Imagine
that someone is supplying a piece of code, which writes in an infinite
loop tons of information to STDOUT. How are you going to deal with this?
9630ff9880eab934f14f7aa68930e060?d=identicon&s=25 Andras Horvath (log69)
on 2016-10-07 13:05
Ronald Fischer wrote in post #1185092:
> When you say "it produces interesting errors", we know from this
> detailed information of course immediately what went wrong. It must be
> on line 42 of your code.
>
> Now, seriously:
>
> Given a string consisting of Ruby code, you can of course do an eval on
> it. In any sane solution, you would have to anticipate, that there are
> errors - either in syntax, or runtime errors - so you will of course
> catch the errors and display the error message to whoever had supplied
> the string. With other words: When I see the command you use to evalute
> the code, and see the error message you are catching, and see the string
> to be supplied, we can start discussing on what goes wrong and why.
>
> Having said this, I hope you don't really intend to get a string from
> some "web service" and blindly execute it with "eval". Of course, you
> CAN do it, but there are so many nicer ways to shoot yourself, if you
> want to.
>
> At least you should make sure that the code is running in a restricted
> environment (where it can only access a certain part of the file system,
> where it can not do any damage), and that it can not execute arbitrary
> system commands.
>
> I also recommend to catch STDOUT and STDERR from this process. Imagine
> that someone is supplying a piece of code, which writes in an infinite
> loop tons of information to STDOUT. How are you going to deal with this?

Hi, you are right. The error message is "argument error, wrong number of
arguments (0 instead of 2)" or similar ones.

BTW, I managed to track down the problem. My Ruby code to be run in eval
contained the same function name that I had in the main code the eval is
called from. That was all.

Thx anyway.
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.