shikashi
shikashi copied to clipboard
tario
Question about integration with DSL
Hello!
I tried to use shikashi for sandboxing my experimental dsl and got lost. I'm trying to do sandbox for user input text that is then processed by DSL.
class DSL
include Shikashi
attr_accessor :text, :sandbox, :priveleges
def initialize(text)
@text = text
end
def result
@sandbox = Sandbox.new
@priveleges = Privileges.new
@priveleges.object(self).allow :fill
@store = []
sandbox.run(priveleges, text)
@store
end
def fill(start_point, end_point, block_id, rotation = [0, 0, 0])
@store << {
start: start_point,
end: end_point,
block_id: block_id,
rotation: rotation
}
end
end
and test DSL for it
fill [0,400,0], [7800,8200,200], '100x200x200'
fill [800,0,0], [3800,400,200], '100x200x200'
I always get
NameError:
method `method_missing' for class `Module' is private
It looks like it cant find fill method somehow.
What is the proper way to use shikashi to secure user input of dsl commands?
I just checked the project code after several years, you should follow the structure of the examples (examples folder), The use you are giving to shikashi in your sample code is not supported, you should adjust your dsl/sandboxing according to that design , Believe me, I tried to make it use that way but I could not make it safe
Again, feel free to modify the code (But this feature would be difficult to implement)
I hope that was helpful
@arrowcircle Did you ever figure out how to use a DSL like this? I came across the exact same issue :)
I'm thinking that I could prepend some boilerplate code before the insecure code and then execute everything together - the boilerplate dsl functions would return a hash or something that I could sanitize.
