Re: String#de_inspect (and Kernel#suspicious)

< ^ > P N |<>|^_>< --- | ~ ...Help
On Wed, Jan 25, 2006 at 07:23:12PM +0900, Erik Veenstra wrote:
> So I've written this String#de_inspect, which uses
> Kernel#suspicious (slow!) to avoid any malicious code from
> being evaluated.
[...]


### code by Mr. Evil 

File.open("journal", "w") do |f|
  f.puts <<-EOF.gsub("\n", ";")
    def (o=Object.new).inspect
      puts "gotcha! I'm running in $SAFE=\#{$SAFE}" 
      puts "Fear my rm -rf"
      '"Just an innocent little string"'
    end
    o
  EOF
end

# back to your code
module Kernel
  def suspicious(*parms, &block) # Just forget about the parms...
    Thread.new(*parms) do |*parms|
      $SAFE = 5

      block.call(*parms)
    end.value
  end
end

class String
  def de_inspect
    suspicious do
      eval(self, Module.new.module_eval{binding})
    end
  end
end

def journal(file)
  File.open(file) do |f|
    while (line = f.gets)
      yield(line.de_inspect)
    end
  end
end

journal("journal") do |x|
  p x
end
# >> gotcha! I'm running in $SAFE=0
# >> Fear my rm -rf
# >> "Just an innocent little string"

-- 
Mauricio Fernandez