I'm using the Ruby 1.9 Ripper library to analyze specific parts of a source code by building it's sexp tree. From what I know, Ripper just uses a lexer / parser to do this.
Is it safe to run Ripper on a user submitted code?
Asked
Active
Viewed 133 times
1 Answers
1
Since it does not actually evaluate any code, yes it is safe.
If you are talking about taking those s-expressions and evaluating them, then most certainly the answer seems to be: Not without cleaning it first. That cleaning process could be especially tricky though.
jer
- 20,094
- 5
- 45
- 69
-
Just wanted to make sure, thanks! And no, I'm not evaluating them in any way. – Dogbert May 28 '11 at 20:02