Executing user-supplied ruby code on a web server

2019-01-21 11:42发布

问题:

I would like to let my users create Ruby scripts that do computation on some data residing on the web server and then outputs results. The scripts are executed on the server. Is there any way to do this securely?

More specifically, I would like to:

  • restrict the resources the script can use (memory and cpu), and limit its running time
  • restrict which core classes the script can use (e.g. String, Fixnum, Float, Math etc)
  • let the script access and return data
  • output any errors to the user

Are there any libraries or projects that do what I'm asking for? If not in Ruby, maybe some other language?

回答1:

You can use a "blank slate" as a clean room, and a sandbox in which to set the safe level to 4.

A blank slate an object you've stripped all the methods from:

class BlankSlate

  instance_methods.each do |name|
    class_eval do
      unless name =~ /^__|^instance_eval$|^binding$|^object_id$/
        undef_method name
      end
    end
  end

end

A clean room is an object in which context you evaluate other code:

  clean_room = BlankSlate.new

Read a command from an untrusted source, then untaint it. Unless untainted, Ruby will refuse to eval the string in a sandbox.

  command = gets
  command.untaint

Now execute the string in a sandbox, cranking the safe level up as high as it will go. The $SAFE level will go back to normal when the proc ends. We execute the command in the context of the clean room's binding, so that it can only see the methods and variables that the clean room can see (remember, though, that like any object, the clean room can see anything in global scape).

  result = proc do
    $SAFE = 4
    clean_room.instance_eval do
      binding
    end.eval(command)
  end.call

print the result:

  p result