Safe Ruby provides a way to run untrusted ruby code outside of the current process in a safe environment. Creating this environment is largery based on jruby sandbox, whitelisting the methods one can use on potentially dangerous classes. Constants are also whitelisted, eliminating some core ruby functionality such as spawning another process.
Run gem install safe_ruby in your terminal, then require 'safe_ruby' in your app and you're ready to go.
Evaluating ruby code
SafeRuby.eval('[1,2,3].map{ |n| n + 1 }') #=> [2, 3, 4]
SafeRuby.eval('system("rm *")') #=> system is unavailable
SafeRuby.eval('Kernel.abort') #=> undefined method `abort' for Kernel:ModuleDefault timeout for evaluating is 5 seconds, but this can be specified.
SafeRuby.eval('loop{}') #<ChildProcess::TimeoutError: process still alive after 5 seconds>
SafeRuby.eval('loop{}', timeout: 1) #<ChildProcess::TimeoutError: process still alive after 1 seconds>This library was built for a codeacademy-style tutoring app, so checking answers is built into the SafeRuby class
SafeRuby.check('[1,2,3].map{ |n| n + 1 }', '[2,3,4]') #=> trueIn this example, the second argument(expected answer) can also be untrusted, it will be run safely.