= rufus-eval

The gem 'rufus-eval' is providing eval_safely() and instance_eval_safely(). The "safely" qualifier comes from playing with the $SAFE level.

Hopefully in the near future, something like a sandbox will be used to eval code 'safely'... Playing with Ruby2Ruby would be another alternative. Ruby 1.9 will maybe yield a decent answer to that code security issue.

This rufus-eval currently doesn't work with JRuby (which doesn't respect the safe levels). The JRuby team is working closely with the Ruby team, so, waiting for future releases of [J]Ruby.


== getting it

sudo gem install rufus-eval

or at

http://rubyforge.org/frs/?group_id=4812


== usage

require 'rubygems'
require 'rufus/eval'

Rufus::eval_safely "5 * 5", 4
# => 25

class Toto
end

Rufus::instance_eval_safely Toto.new, "@toto_name='surf'", 4
# => Insecure: can't modify instance variable (SecurityError)

t = Rufus::eval_safely "class Toto\ndef to_s\n"ok"; end; Toto.new", 4
# => extending class prohibited (SecurityError)

# ...

The two methods provided are eval_safely and instance_eval_safely. Both take at least a string of source code and a safety level (2 to 4) as arguments.

The instance_eval_safely method takes an instance as first argument (the eval will be done in the 'context' of that instance).

The eval_safely method takes a last optional argument, usually filled with the local binding()

def my_eval_method

a = 3
b = 7

Rufus::eval_safely("a * b", 4, binding())
end


= dependencies

None.


== mailing list

On the rufus-ruby list[http://groups.google.com/group/rufus-ruby] :

http://groups.google.com/group/rufus-ruby


== issue tracker

http://rubyforge.org/tracker/?atid=18584&group_id=4812&func=browse


== source

http://rufus.rubyforge.org/svn/trunk/eval

svn checkout http://rufus.rubyforge.org/svn/trunk/eval


== author

John Mettraux, jmettraux@gmail.com
http://jmettraux.wordpress.com


== license

MIT