restricted evaluation

[Johannes Ahl-mann]

hi,

is there an easy way to restrict evaluation of code to certain
methods/classes only??

i am fiddling around with domain specific languages in ruby and would
like to ensure that only a subset of ruby can be used in the DSL.
obviously the implementation of the DSL has to use the whole of ruby,
but it would be nice to be able to "hide" certain ruby methods from the
DSL (especially to prevent anyone from using them ;-)).

maybe it's a stupid thing to want to have, but just from a technical
standpoint i wonder if (and especially how ;-) this might be possible...

Johannes

 

[Johannes Ahl-mann]

is there an easy way to restrict evaluation of code to certain

methods/classes only??

just came up with an example!
for example i might want to prevent users of the DSL to "catch"
exceptions by themselves...

for example:

begin
dsl_data {
field1 :broken
}
rescue
nil
end

this might "hide" syntax problems of the DSL and would not make
much sense if the DSL was used solely for data entry. therefore i might
want to disallow use of "rescue"...

Johannes

 

[Luke Graham]

If you are sure you want them executing code in the same context,
you can freeze objects. That will get rid of a certain class of attacks.
Another way would be to do some AOP-style checks on who exactly
is calling a given function. FWIW, rescue is a keyword, not a method,
so I believe there is nothing you can do short of scanning their
file for that word. Eval would be another good one, otherwise they
could piece together say, eval("res" + "cue").