I'm trying to use jruby as a script language (for writing quests for a game), but I need to prevent usage of potentially dangerous classes like Dir, Process or RubyVM.
I already found a cumbersome way to blacklist single methods and classes:
class Dir
def Dir.[]
end
def Dir.chdir
end
def Dir.chroot
end
def Dir.delete
end
def Dir.entries
end
def Dir.exist?
end
def Dir.exists?
end
def Dir.foreach
end
def Dir.getwd
end
def Dir.glob
end
def Dir.home
end
def Dir.mkdir
end
def Dir.initialitze
end
def Dir.open
end
def Dir.pwd
end
def Dir.rmdir
end
def Dir.unlink
end
def close
end
def each
end
def fileno
end
def inspect
end
def path
end
def pos
end
def read
end
def rewind
end
def seek
end
def tell
end
def to_path
end
end
But I really hope that there is a much easier way to perform this task or even better whitelist the classes that should be able to use.
You can just make specific methods private:
class Dir
private :close, :each ....
private_class_method :glob, :home ...
end
Or you can undefine whole class (bad idea as for me):
Object.send(:remove_const, :Dir)
Or remove methods (also bad idea to remove methods from Ruby core class):
class Dir
remove_method :close, :each ....
end