Module: Rubel::Core
- Included in:
- Runtime::Console, Runtime::Sandbox
- Defined in:
- lib/rubel/core.rb
Instance Method Summary collapse
-
#execute(q = nil) ⇒ Object
(also: #query)
q - The String or Proc to be executed.
-
#method_missing(name, *args) ⇒ Proc, Symbol
Returns method name as a Symbol if args are empty or a Proc calling method_name with (evaluated) args [1].
-
#sanitize!(string) ⇒ Object
Sanitize a string from Ruby injection.
-
#sanitized_proc(string) ⇒ Object
Sanitizes a string from Ruby injection and *instance_eval*s it into a lambda.
Dynamic Method Handling
This class handles dynamic methods through the method_missing method
#method_missing(name, *args) ⇒ Proc, Symbol
Returns method name as a Symbol if args are empty or a Proc calling method_name with (evaluated) args [1].
59 60 61 62 63 64 65 |
# File 'lib/rubel/core.rb', line 59 def method_missing(name, *args) if !(args.nil? || args.length == 0) ::Proc.new { self.send(name, *args) } else name end end |
Instance Method Details
#execute(q = nil) ⇒ Object Also known as: query
q - The String or Proc to be executed
4 5 6 7 8 9 10 11 12 |
# File 'lib/rubel/core.rb', line 4 def execute(q = nil) if q.is_a?(::String) q = sanitized_proc(q) end instance_exec(&q) rescue => e ::Rubel::ErrorReporter.new(e, q) end |
#sanitize!(string) ⇒ Object
Sanitize a string from Ruby injection.
It removes “::” from the string to prevent people to access classes outside Runtime::Sandbox
20 21 22 |
# File 'lib/rubel/core.rb', line 20 def sanitize!(string) string.gsub!('::', '') end |
#sanitized_proc(string) ⇒ Object
Sanitizes a string from Ruby injection and *instance_eval*s it into a lambda. This is used internally by #execute
If you execute lots of queries it is recommended to memoize the results somewhere in your application.
The sanitation removes “::” from the string to prevent people to access classes outside Runtime::Sandbox. This has no effect in other runtimes.
33 34 35 36 |
# File 'lib/rubel/core.rb', line 33 def sanitized_proc(string) sanitize!(string) instance_eval("lambda { #{string} }") end |