trusted-sandbox 0.0.10.pre → 0.0.11.pre

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 087e7a3db62be30fbceb951541f60d39185fd272
-  data.tar.gz: 470126d53f50f5f75a8a6210c6205169ad3102fa
+  metadata.gz: cc841b00560c9a8bd0b26bcc9ce940b095fed242
+  data.tar.gz: 7bd8e5c072575fea41bda718a32a99a6015d4d46
 SHA512:
-  metadata.gz: 1acd7ef23ac33477479793c38ae674cd62284e8e60e1f186ed2cd375c5bcccd2482861ab3c948fbad9454f8905cb9b9c9fe4a18b27ec30ffca5f04194f4d3546
-  data.tar.gz: fac057c808f1bf3da35f30432b4125783099358bca06b196bcfbd88edd0f29b96fbb33f7d9552af3739b71551595ab6f24bbdc87c773b04ddccf888e59d15ac8
+  metadata.gz: b2b63ac24b3daa49808d3ede5cef2fe21fbd7f0adf109412d06c91d5c77b78c2260d897af2ad292ccebccaea02937904e6209ff5bedbadef8b6e546512046617
+  data.tar.gz: 3acab287609c12d11a6b7e1c4635b41ea5afb94a1c2f4babb5cc43b6edbd9c2f38004d78bc4018aa68976d10c7f47f7080a1a9603bbbca9f85c9001c7431a313

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    trusted-sandbox (0.0.9.pre)
+    trusted-sandbox (0.0.11.pre)
       docker-api (~> 1.13)
       thor (~> 0.19)
 
@@ -9,6 +9,7 @@ GEM
   remote: https://rubygems.org/
   specs:
     archive-tar-minitar (0.5.2)
+    diff-lcs (1.2.5)
     docker-api (1.13.6)
       archive-tar-minitar
       excon (>= 0.38.0)
@@ -16,6 +17,19 @@ GEM
     excon (0.40.0)
     json (1.8.1)
     rake (10.1.0)
+    rr (1.1.2)
+    rspec (3.1.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+    rspec-core (3.1.7)
+      rspec-support (~> 3.1.0)
+    rspec-expectations (3.1.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.1.0)
+    rspec-mocks (3.1.3)
+      rspec-support (~> 3.1.0)
+    rspec-support (3.1.2)
     thor (0.19.1)
 
 PLATFORMS
@@ -24,4 +38,6 @@ PLATFORMS
 DEPENDENCIES
   bundler (~> 1.3)
   rake
+  rr
+  rspec
   trusted-sandbox!

data/README.md

@@ -1,10 +1,31 @@
 # Trusted Sandbox
 
-Run untrusted ruby code in a contained sandbox, using Docker. This gem was inspired by [Harry Marr's work][1].
+Run untrusted code in a contained sandbox, using Docker. This gem was inspired by [Harry Marr's work][1].
 
 ## Instant gratification
 
-Trusted Sandbox makes it simple to execute Ruby classes that `eval` untrusted code in a resource-controlled docker container.
+Trusted Sandbox makes it simple to execute classes that `eval` untrusted code in a resource-controlled docker
+container.
+
+The simplest way to get started is run "inline" code within a container:
+
+```ruby
+require 'trusted_sandbox'
+
+untrusted_code = "input[:number] ** 2"
+
+# The following will run inside a Docker container
+output = TrustedSandbox.run_code! untrusted_code, input: {number: 10}
+# => 100
+```
+
+`run_code!` receives user code and an arguments hash. Any key in the arguments hash is available when the user code
+executes.
+
+In addition, you can send any class to execute within a Docker container. All you need is to have the class respond to
+`initialize` and `run`. Trusted Sandbox loads the container, copies the class file to the container, serializes the
+arguments sent to `initialize`, instantiates an object, calls `run`, and serializes its return value back to the host.
+
 ```ruby
 # lib/my_function.rb
 
@@ -33,9 +54,6 @@ output = TrustedSandbox.run! MyFunction, untrusted_code, {number: 10}
 # => 100
 ```
 
-Classes you want to run in a container need to respond to #initialize and #run. Trusted Sandbox serializes the
-arguments sent to #initialize, loads the container, instantiates an object, and calls #run.
-
 ## Installing
 
 ### Step 1
@@ -89,7 +107,7 @@ $ trusted_sandbox test
 Install the image. This step is optional, as Docker automatically installs images when you first run them. However,
 since it takes a few minutes we suggest you do this in advance.
 ```
-$ docker run --rm vaharoni/trusted_sandbox:2.1.2.v1
+$ docker run --rm vaharoni/trusted_sandbox:ruby-2.1.2.v1
 ```
 If you see the message "you must provide a uid", then you are set.
 
@@ -115,7 +133,7 @@ environment variables.
 
 ### Docker connection
 
-Trusted Sandbox uses the `docker-api` gem to communicate with docker. `docker-api`'s default work quite well for a
+Trusted Sandbox uses the `docker-api` gem to communicate with docker. `docker-api`'s defaults work quite well for a
 Linux host, and you should be good by omitting `docker_url` and `docker_cert_path` all together.
 
 ```ruby
@@ -130,7 +148,7 @@ YAML file which will override any configuration and passed through to `Docker.op
 
 In addition, these docker-related configuration parameters can be used:
 ```ruby
-docker_image_name: vaharoni/trusted_sandbox:2.1.2.v1
+docker_image_name: vaharoni/trusted_sandbox:ruby-2.1.2.v1
 
 # Optional authentication
 docker_login:
@@ -182,6 +200,11 @@ host_code_root_path: tmp/code_dirs
 # to the container to troubleshoot issues as explained in the "Troubleshooting" section.
 keep_code_folders: false
 
+# When set to true, containers will not be erased after they finish running. This allows you
+# to troubleshoot issues by viewing container parameters and logs as explained in the
+# "Troubleshooting" section.
+keep_containers: false
+
 # A folder used by the UID-pool to handle locks.
 host_uid_pool_lock_path: tmp/uid_pool_lock
 ```
@@ -218,7 +241,9 @@ In order to enable quotas do the following on the server:
 ```
 $ sudo apt-get install quota
 ```
-And follow [these instructions][4], which are also brought here for completeness:
+And follow [these instructions][4] as well as [this resource][6], which we bring here for completeness. Note that these
+may vary for your distro.
+
 ```
 $ sudo vim /etc/fstab
 ```
@@ -228,9 +253,21 @@ LABEL=cloudimg-rootfs   /        ext4   defaults,discard,usrquota       0 0
 ```
 Then do:
 ```
-$ mount -o remount
+$ sudo touch /aquota.user
+$ sudo chmod 600 /aquota.*
+$ sudo mount -o remount /
+```
+and **reboot the server**. Then do:
+```
+$ sudo quotacheck -avum
+$ sudo quotaon -avu
 ```
-and reboot the server. Finally, run the following (quota is in KB):
+You should see something like this:
+```
+/dev/disk/by-uuid/d36a9e2f-dae9-477f-8aea-29f1bdd1c04e [/]: user quotas turned on
+```
+
+To actually set the quotas, run the following (quota is in KB):
 ```
 $ sudo trusted_sandbox set_quotas 10000
 ```
@@ -239,7 +276,10 @@ change these configuration parameters you must rerun the `set_quotas` command.
 
 Remember to set `enable_quotas: true` in the YAML file.
 
-Note: At this time, there is no way to assign different quotas to different users.
+To get a quota report, do:
+```
+$ sudo repquota -a
+```
 
 ### Limiting network
 
@@ -380,20 +420,23 @@ You should not override user quota related parameters, as they must be prepared
 ## Using custom docker images
 
 Trusted Sandbox comes with one ready-to-use image that includes Ruby 2.1.2. It is hosted on Docker Hub under
-`vaharoni/trusted_sandbox:2.1.2.v1`.
+`vaharoni/trusted_sandbox:ruby-2.1.2.v1`.
+
+We are actively looking for contributors who are willing to help expand the library of Docker images to support other
+languages and environments.
 
 To use a different image from your Docker Hub account simply change the configuration parameters in the YAML file.
 
 To customize the provided images, run the following. It will copy the image definition to your current directory under
-`trusted_sandbox_images/2.1.2`.
+`trusted_sandbox_images/ruby-2.1.2`.
 ```
 $ trusted_sandbox generate_image
 ```
 
 After modifying the files to your satisfaction, you can either push it to your Docker Hub account, or build directly
-on the server. Assuming you kept the image under trusted_sandbox_images/2.1.2:
+on the server. Assuming you kept the image under trusted_sandbox_images/ruby-2.1.2:
 ```
-$ docker build -t "your_user/your_image_name:your_image_version" trusted_sandbox_images/2.1.2
+$ docker build -t "your_user/your_image_name:your_image_version" trusted_sandbox_images/ruby-2.1.2
 ```
 
 ## Troubleshooting
@@ -421,7 +464,7 @@ $ trusted_sandbox reset_uid_pool
 
 To avoid containers from being deleted after they finish running, set:
 ```ruby
-keep_container: true
+keep_containers: true
 ```
 This will allow you to view containers by running `docker ps -a` and then check out container logs
 `docker logs CONTAINER_ID` or container parameters `docker inspect CONTAINER_ID`.
@@ -443,7 +486,8 @@ $ docker ps -aq | xargs docker rm
 Licensed under the [MIT license](http://opensource.org/licenses/MIT).
 
 [1]: http://hmarr.com/2013/oct/16/codecube-runnable-gists/
-[2]: https://www.digitalocean.com/community/articles/how-to-enable-user-quotas
+[2]: https://www.digitalocean.com/community/tutorials/how-to-enable-user-and-group-quotas
 [3]: http://hmarr.com/2013/oct/16/codecube-runnable-gists/
 [4]: https://www.digitalocean.com/community/tutorials/how-to-enable-user-quotas
-[5]: http://askubuntu.com/questions/477551/how-can-i-use-docker-without-sudo
+[5]: http://askubuntu.com/questions/477551/how-can-i-use-docker-without-sudo
+[6]: http://www.howtoforge.com/how-to-set-up-journaled-quota-on-debian-lenny

data/lib/trusted_sandbox/cli.rb

@@ -30,20 +30,31 @@ module TrustedSandbox
       `docker run -it -v #{local_code_dir}:/home/sandbox/src --entrypoint="/bin/bash" #{TrustedSandbox.config.docker_image_name} -s`
     end
 
-    desc 'generate_image VERSION', 'Creates the Docker image files and places them into the `trusted_sandbox_images` directory. Default version is 2.1.2'
-    def generate_image(image_version = '2.1.2')
+    desc 'generate_image IMAGE_NAME', 'Creates the Docker image files and places them into the `trusted_sandbox_images` directory. Default name is ruby-2.1.2'
+    def generate_image(image_name = 'ruby-2.1.2')
       target_dir = 'trusted_sandbox_images'
-      target_image_path = "#{target_dir}/#{image_version}"
-      gem_image_path = File.expand_path("../server_images/#{image_version}", __FILE__)
+      target_image_path = "#{target_dir}/#{image_name}"
+      gem_image_path = File.expand_path("../server_images/#{image_name}", __FILE__)
 
-      puts "Image #{image_version} does not exist" unless Dir.exist?(gem_image_path)
+      puts "Image #{image_name} does not exist" or return unless Dir.exist?(gem_image_path)
       puts "Directory #{target_image_path} already exists" or return if Dir.exist?(target_image_path)
 
-      puts "Copying #{image_version} into #{target_image_path}"
+      puts "Copying #{image_name} into #{target_image_path}"
       FileUtils.mkdir_p target_dir
       FileUtils.cp_r gem_image_path, target_image_path
     end
 
+    desc 'generate_images', 'Copies all Docker images files into `trusted_sandbox_images` directory'
+    def generate_images
+      target_dir = 'trusted_sandbox_images'
+      source_dir = File.expand_path("../server_images", __FILE__)
+
+      puts "Directory #{target_dir} already exists" or return if Dir.exist?(target_dir)
+      puts "Copying images into #{target_dir}"
+
+      FileUtils.cp_r source_dir, target_dir
+    end
+
     desc 'set_quotas QUOTA_KB', 'Sets the quota for all the UIDs in the pool. This requires additional installation. Refer to the README file.'
     def set_quotas(quota_kb)
       from = TrustedSandbox.config.pool_min_uid

data/lib/trusted_sandbox/config/trusted_sandbox.yml

@@ -9,7 +9,7 @@ development:
   # docker_url:                   https://192.168.59.103:2376
   # docker_cert_path:             ~/.boot2docker/certs/boot2docker-vm
 
-  docker_image_name:            vaharoni/trusted_sandbox:2.1.2.v1
+  docker_image_name:            vaharoni/trusted_sandbox:ruby-2.1.2.v1
 
   cpu_shares:                   1
 
@@ -28,6 +28,10 @@ development:
   keep_code_folders:            false
   keep_containers:              false
 
+  # When this is set to false and keep_code_folders is true, you'll
+  # receive helpful messages about how to connect to your containers
+  quiet_mode:                   false
+
   # # It's very unlikely you'll need to change these
   #  pool_size:                    5000
   #  pool_min_uid:                 20000

data/lib/trusted_sandbox/config.rb

@@ -6,19 +6,38 @@ module TrustedSandbox
   #   specific_invocation = general_config.override(memory_limit: 200)
   #
   class Config
-    attr_reader :other_config
-
+    attr_reader :fallback_config
+
+    # = Class macros
+
+    # Usage:
+    #   attr_reader_with_fallback :my_attribute
+    #
+    # Equivalent to:
+    #   def my_attribute
+    #     return @my_attribute if @my_attribute
+    #     return fallback_config.my_attribute if @my_attribute.nil? and fallback_config.respond_to?(:my_attribute)
+    #     nil
+    #   end
+    #
     def self.attr_reader_with_fallback(*names)
       names.each do |name|
         define_method name do
           value = instance_variable_get("@#{name}")
           return value unless value.nil?
-          return other_config.send(name) if other_config.respond_to?(name)
+          return fallback_config.send(name) if fallback_config.respond_to?(name)
           nil
         end
       end
     end
 
+    # Usage:
+    #   attr_accessor_with_fallback :my_attribute
+    #
+    # Equivalent to:
+    #   attr_reader_with_fallback :my_attribute
+    #   attr_writer :my_attribute
+    #
     def self.attr_accessor_with_fallback(*names)
       names.each do |name|
         attr_reader_with_fallback(name)
@@ -30,28 +49,36 @@ module TrustedSandbox
                                 :memory_limit, :memory_swap_limit, :cpu_shares, :docker_image_name,
                                 :execution_timeout, :network_access, :enable_swap_limit, :enable_quotas,
                                 :container_code_path, :container_input_filename, :container_output_filename,
-                                :keep_code_folders, :keep_containers
+                                :keep_code_folders, :keep_containers, :quiet_mode
 
     attr_reader_with_fallback :host_code_root_path, :host_uid_pool_lock_path
 
     attr_reader :docker_url, :docker_cert_path, :docker_auth_email, :docker_auth_user, :docker_auth_password,
                 :docker_auth_needed
 
+    # @param params [Hash] hash of parameters used to override the existing config object's attributes
+    # @return [Config] a new object with the fallback object set to self
     def override(params={})
       Config.send :new, self, params
     end
 
+    # @return [Integer] the upper boundary of the uid pool based on pool_min_uid and pool_size
     def pool_max_uid
       pool_min_uid + pool_size - 1
     end
 
-    def docker_url=(value)
-      @docker_url = value
-      Docker.url = value
+    # @param url [String] URL for Docker daemon. Will be sent to the Docker class
+    # @return [String] the URL
+    def docker_url=(url)
+      @docker_url = url
+      Docker.url = url
     end
 
-    def docker_cert_path=(value)
-      @docker_cert_path = File.expand_path(value)
+    # Prepare to set Docker.options appropriately given a path to the cert directory.
+    # @param path [String] path to the certificate directory
+    # @return [Hash] of docker options that will be set
+    def docker_cert_path=(path)
+      @docker_cert_path = File.expand_path(path)
       @docker_options_for_cert = {
           private_key_path: "#{@docker_cert_path}/key.pem",
           certificate_path: "#{@docker_cert_path}/cert.pem",
@@ -59,14 +86,19 @@ module TrustedSandbox
       }
     end
 
+    # @param path [String] shorthand version of the path. E.g.: '~/tmp'
+    # @return [String] the full path that was set. E.g.: '/home/user/tmp'
     def host_code_root_path=(path)
       @host_code_root_path = File.expand_path(path)
     end
 
+    # @param path [String] shorthand version of the path
+    # @return [String] the full path that was set
     def host_uid_pool_lock_path=(path)
       @host_uid_pool_lock_path = File.expand_path(path)
     end
 
+    # Set hash used to authenticate with Docker
     # All keys are mandatory
     # @option :user [String]
     # @option :password [String]
@@ -78,7 +110,9 @@ module TrustedSandbox
       @docker_auth_email = options[:email] || options['email']
     end
 
-    # Called to do any necessary setup to allow staged configuration
+    # Called to do any necessary setup to allow staged configuration. These involve:
+    # - Setting Docker.options based on the cert path
+    # - Calling Docker.authenticate! with the login parameters, if these were entered
     # @return [Config] self for chaining
     def finished_configuring
       Docker.options = @docker_options_for_cert.merge(docker_options)
@@ -91,12 +125,12 @@ module TrustedSandbox
 
     private_class_method :new
 
-    # @params other_config [Config] config object that will be deferred to if the current config object does not
+    # @params fallback_config [Config] config object that will be deferred to if the current config object does not
     #   contain a value for the requested configuration options
     # @params params [Hash] hash containing configuration options
-    def initialize(other_config, params={})
+    def initialize(fallback_config, params={})
       @docker_options_for_cert = {}
-      @other_config = other_config
+      @fallback_config = fallback_config
       params.each do |key, value|
         send "#{key}=", value
       end

data/lib/trusted_sandbox/defaults.rb

@@ -3,7 +3,7 @@ module TrustedSandbox
 
     def initialize
       self.docker_options = {}
-      self.docker_image_name = 'vaharoni/trusted_sandbox:2.1.2.v1'
+      self.docker_image_name = 'vaharoni/trusted_sandbox:ruby-2.1.2.v1'
       self.memory_limit = 50 * 1024 * 1024
       self.memory_swap_limit = 50 * 1024 * 1024
       self.cpu_shares = 1
@@ -27,6 +27,9 @@ module TrustedSandbox
       self.pool_size = 5000
 
       self.keep_code_folders = false
+      self.keep_containers = false
+
+      self.quiet_mode = false
     end
 
   end

data/lib/trusted_sandbox/general_purpose.rb

@@ -0,0 +1,26 @@
+module TrustedSandbox
+
+  # This is a general purpose class that can be used to run untrusted code in a container using TrustedSandbox.
+  # Usage:
+  #
+  #   TrustedSandbox.run! TrustedSandbox::GeneralPurpose, "1 + 1"
+  #   # => 2
+  #
+  #   TrustedSandbox.run! TrustedSandbox::GeneralPurpose, "input[:a] + input[:b]", input: {a: 1, b: 2}
+  #   # => 3
+  #
+  class GeneralPurpose
+    def initialize(code, args={})
+      @code = code
+      args.each do |name, value|
+        singleton_klass = class << self; self; end
+        singleton_klass.class_eval { attr_reader name }
+        instance_variable_set "@#{name}", value
+      end
+    end
+
+    def run
+      eval @code
+    end
+  end
+end

data/lib/trusted_sandbox/response.rb

@@ -4,32 +4,44 @@ module TrustedSandbox
     attr_reader :host_code_dir_path, :output_file_name, :stdout, :stderr,
                 :raw_response, :status, :error, :error_to_raise, :output
 
+    # @param stdout [String, Array] response of stdout from the container
+    # @param stderr [String, Array] response of stderr from the container
     # @param host_code_dir_path [String] path to the folder where the argument value needs to be stored
     # @param output_file_name [String] name of output file inside the host_code_dir_path
-    def initialize(host_code_dir_path, output_file_name, stdout, stderr)
-      @host_code_dir_path = host_code_dir_path
-      @output_file_name = output_file_name
+    def initialize(stdout = nil, stderr = nil, host_code_dir_path = nil, output_file_name = nil)
       @stdout = stdout
       @stderr = stderr
-      parse_output_file
+      @host_code_dir_path = host_code_dir_path
+      @output_file_name = output_file_name
+    end
+
+    # @return [Response] object initialized with timeout error details
+    def self.timeout_error(err, logs)
+      obj = new(logs)
+      obj.instance_eval do
+        @status = 'error'
+        @error = err
+        @error_to_raise = TrustedSandbox::ExecutionTimeoutError.new(err)
+      end
+      obj
     end
 
+    # @return [Boolean]
     def valid?
       status == 'success'
     end
 
+    # @return [Object] the output returned by the container. Raises errors if encountered.
+    # @raise [ContainerError, UserCodeError, InternalError] if errors were raised by the container, they are bubbled
+    #   as UserCodeError
     def output!
       propagate_errors!
       output
     end
 
-    private
-
-    def output_file_path
-      File.join(host_code_dir_path, output_file_name)
-    end
-
-    def parse_output_file
+    # Parses the output file and stores the values in the appropriate ivars
+    # @return [nil]
+    def parse!
       begin
         data = File.binread output_file_path
         @raw_response = Marshal.load(data)
@@ -51,6 +63,13 @@ module TrustedSandbox
       @output = @raw_response[:output]
       @error = @raw_response[:error]
       @error_to_raise = UserCodeError.new(@error) if @error
+      nil
+    end
+
+    private
+
+    def output_file_path
+      File.join(host_code_dir_path, output_file_name)
     end
 
     def propagate_errors!

data/lib/trusted_sandbox/runner.rb

@@ -27,12 +27,27 @@ module TrustedSandbox
 
     # @param klass [Class] the class object that should be run
     # @param *args [Array] arguments to send to klass#initialize
-    # @return [Response]
+    # @return [Object] return value from the #eval method
     # @raise [InternalError, UserCodeError, ContainerError]
     def run!(klass, *args)
       run(klass, *args).output!
     end
 
+    # @param code [String] code to be evaluated
+    # @param args [Hash] hash to send to GeneralPurpose
+    # @return [Response]
+    def run_code(code, args={})
+      run(GeneralPurpose, code, args)
+    end
+
+    # @param code [String] code to be evaluated
+    # @param args [Hash] hash to send to GeneralPurpose
+    # @return [Object] return value from the #eval method
+    # @raise [InternalError, UserCodeError, ContainerError]
+    def run_code!(code, args={})
+      run!(GeneralPurpose, code, args)
+    end
+
     private
 
     def obtain_uid
@@ -52,8 +67,7 @@ module TrustedSandbox
     end
 
     def create_code_dir
-      if config.keep_code_folders
-
+      if config.keep_code_folders and !config.quiet_mode
         puts "Creating #{code_dir_path}"
         puts nil
         puts 'To launch and ssh into a new docker container with this directory mounted, run:'
@@ -80,9 +94,12 @@ module TrustedSandbox
       Timeout.timeout(config.execution_timeout) do
         stdout, stderr = @container.attach(stream: true, stdin: nil, stdout: true, stderr: true, logs: true, tty: false)
       end
-      TrustedSandbox::Response.new code_dir_path, config.container_output_filename, stdout, stderr
+      response = TrustedSandbox::Response.new stdout, stderr, code_dir_path, config.container_output_filename
+      response.parse!
+      response
     rescue Timeout::Error => e
-      raise TrustedSandbox::ExecutionTimeoutError.new(e)
+      logs = @container.logs(stdout: true, stderr: true)
+      TrustedSandbox::Response.timeout_error(e, logs)
     end
 
     def remove_container

data/lib/trusted_sandbox/uid_pool.rb

@@ -50,7 +50,9 @@ module TrustedSandbox
       "#<TrustedSandbox::UidPool used: #{used}, available: #{available}, used_uids: #{used_uids}>"
     end
 
+    # Locks one UID from the pool, in a cross-process atomic manner
     # @return [Integer]
+    # @raise [PoolTimeoutError] if no ID is available after retries
     def lock
       retries.times do
         atomically(timeout) do
@@ -74,7 +76,9 @@ module TrustedSandbox
       self
     end
 
+    # Releases one UID
     # @param uid [Integer]
+    # @return [Integer] UID removed
     def release(uid)
       atomically(timeout) do
         release_uid uid

data/lib/trusted_sandbox/version.rb

@@ -1,3 +1,3 @@
 module TrustedSandbox
-  VERSION = '0.0.10.pre'
+  VERSION = '0.0.11.pre'
 end

data/lib/trusted_sandbox.rb

@@ -5,6 +5,7 @@ module TrustedSandbox
   require 'trusted_sandbox/config'
   require 'trusted_sandbox/defaults'
   require 'trusted_sandbox/errors'
+  require 'trusted_sandbox/general_purpose'
   require 'trusted_sandbox/request_serializer'
   require 'trusted_sandbox/response'
   require 'trusted_sandbox/runner'
@@ -55,6 +56,14 @@ module TrustedSandbox
     new_runner.run!(klass, *args)
   end
 
+  def self.run_code(code, args={})
+    new_runner.run_code(code, args)
+  end
+
+  def self.run_code!(code, args={})
+    new_runner.run_code!(code, args)
+  end
+
   def self.new_runner(config_override = {})
     Runner.new(config, uid_pool, config_override)
   end