The JRuby sandbox is a reimplementation of _why's freaky freaky sandbox in JRuby, and is heavily based on javasand by Ola Bini, but updated for JRuby 1.6.

This gem requires JRuby 1.6. You can install it with RVM:

rvm install jruby-1.6.1

To build the JRuby extension, run rake compile. This will build the lib/sandbox/sandbox.jar file, which lib/sandbox.rb loads.

Sandbox gives you a self-contained JRuby interpreter in which to eval code without polluting the host environment.

>> require "sandbox"
=> true
>> sand = Sandbox::Full.new
=> #<Sandbox::Full:0x46377e2a>
>> sand.eval("x = 1 + 2")
=> 3
>> sand.eval("x")
=> 3
>> x
NameError: undefined local variable or method `x' for #<Object:0x11cdc190>

There's also Sandbox::Full#require, which lets you invoke Kernel#require directly for the sandbox, so you can load any trusted core libraries. Note that this is a direct binding to Kernel#require, so it will only load ruby stdlib libraries (i.e. no rubygems support yet).

• Sandbox::Full#import is unfinished.
• Sandbox::Safe is currently just an alias for Sandbox::Full. The plan is to make it extend from Sandbox::Full and lock down the environment (using #keep_methods) in its initializer.
• It would be a good idea to integrate something like FakeFS to stub out the filesystem in the sandbox.
• There is currently no timeout support, so it's possible for a sandbox to loop indefinitely and block the host interpreter.