Programming With Ruby Episode 17, Getting Advanced

Covered In This Episode:

  • Symbols
  • eval
  • Bindings
  • Running Other Programs
  • Safe Levels

Transcript:

Hello Everybody and welcome to Programming With Ruby Episode 17,
Getting Advanced. I’m Tyler, and this video is brought to you by
manwithcode.com.

By now, you know a large amount about Ruby, so in this episode we will
be going over some advanced features that Ruby has.

More specifically I will be teaching you what Symbols are, and when to
use them. I will be showing you how to use eval, and how to use
bindings with eval. You will learn how to run other programs from
Ruby. Finally I will show you what safe levels are.

Lets get started!

Symbols

Symbols are a type of variable that are very much like strings, but
more lightweight. Symbols look like this:

:variable

Symbols can’t be manipulated like strings can, which seems like a huge
drawback, but they do have a couple benefits.

Each time you use a string, to say access a hash. Ruby creates an
instance of that string. Where if you use a symbol, it is only ever
instanced once. Meaning that the use of symbols will take up less
memory than strings will, if you are, say accessing a hash many times.

Symbols are also slightly easier to type since the colon is on the
home row on US keyboards.

eval

eval is a way of running Ruby code that is contained in a string. For
example, lets say you have a string that looks like this:

"puts 'Hello World'"

It is just a simple string, so it does nothing. But, if you use the
method eval on that string it will execute the code inside. So this
will print Hello World! on to the screen:

eval "puts 'Hello World!'"

This isn’t always useful, but you can use it if you want your users to
be able to enter Ruby code into your program.

You can also pass bindings to eval. So if we had this method

def my_method my_binding
    eval "puts x", my_binding
end

x = 5
my_method binding

This outputs:

5

Some of you may notice that the variable x isn’t defined in the method my_method. By using the binding method, we can make variable scopes portable!

Running Other Programs

There comes a time when you will want to be able to run a program from
Ruby, maybe you want to automate something, or simply get the output
from an external program.

There are a few ways of doing this.

The first is with the method exec, which runs an external programs,
and quits the Ruby script at the same time:

exec('ls') # dir on windows
# Program never gets here

There is also system, which does the same thing, but doesn’t quit the
Ruby script, and returns true or false if the program was successful:

system('ls') # dir on windows
# we do get this far

Finally we have the “back-tick” `. Which looks like a sideways single
quote. On my keyboard it is above the tab key. You surround your
command in the back-ticks, like you would for a sting. Unlike the other
two methods of running a program, this method also returns the output
of the program you run.

variable = `ls`

Safe Levels

If you are running a Ruby interpreter online or in another environment
where users can enter in and run Ruby code. They hold the ability to
wreak havoc on your system.

The way to prevent this from happening is by using safe levels. Safe
levels are a way of preventing the user from getting access to the
file system, or changing any variables that the program has.

You set safe levels by setting the $SAFE variable. By default it is
set to zero.

$SAFE = 4

Ruby “taints” objects that could be dangerous.

There are five different safe levels.
0 => The default, you can do anything
1 => Can’t use environment variable, eval, load, require, and more.
2 => Same as above and also can’t use files
3 => All objects created are tainted, can’t be untainted
4 => You can do almost nothing… Can’t modify the untainted, can’t
use exit. Basically completely safe and sand-boxed.

That brings us to the end of the episode. If you liked these videos,
please donate. It costs me in both money and time to make them.

If you have any questions, comments, or suggestions please don’t
hesitate to leave a comment on this page or email me at
tyler@manwithcode.com

Thanks for watching, goodbye!