Project security
When you open a Ruby/Rails project, RubyMine runs gem executables that may contain harmful code from the project.
To prevent potential security risks, RubyMine lets you decide how to open a project if it doesn't recognize the project source. When opening a project, RubyMine notifies you about the first attempt to execute background tasks and lets you decide whether to trust this project or not.
Ruby/Rails projects security
When you open a Ruby/Rails project from an unknown source, RubyMine displays a notification and lets you decide how to proceed.
You can select one of the following actions:
Trust project: Select this option to open the project and allow RubyMine to check for missing gems, run RuboCop (if enabled), and load a list of available Rake tasks and Rails generators automatically.
Stay in safe mode: Select this option to prevent the silent execution of Ruby tools using the project code. In this case, RubyMine's functionality will be limited.
You can always switch to trusted mode using the notification panel in the editor.
RubyMine remembers when you trust a project on the current machine, but you will need to re-trust the project for each machine you open it on.
Until you trust the project, RubyMine will provide limited functionality. When trying to run Rake tasks or Rails generators, RubyMine won't suggest them in the Run Anything window, except for rake --tasks
and rails generate
.
However, you can still browse the project sources and open them in the editor. Code navigation and completion will be limited to project files and may not include sources of external libraries.
If you open a Ruby-related file (for example, Gemfile, .rb, .erb, and so on), RubyMine will display a notification panel in the editor stating that the project is untrusted. You can click the Trust project link to enable the full RubyMine functionality at any time. If you ignore the notification banner, RubyMine's functionality will still be limited.
You can add the project path to the trusted locations so that RubyMine will trust it implicitly.
Startup tasks
When you open a project created on a different machine, it might contain some scripts or tasks that are executed during the opening process. If such tasks are found, RubyMine displays a notification suggesting that the code you are about to execute might be harmful.
You can review what tasks will be executed and modify the settings.
Review the startup tasks
In the Settings/Preferences dialog Ctrl+Alt+S, go to .
On the Startup Tasks settings page, you can review and modify the startup tasks.
Trusted locations
You can configure what sources RubyMine should consider safe and trust implicitly. For example, you can add your home directory to the trusted locations. In this case, RubyMine will implicitly trust all projects located there.
Configure trusted locations
In the Settings/Preferences dialog Ctrl+Alt+S, go to .
On the Trusted Locations settings page, configure the local directories where the projects you consider trusted reside. Click OK to save the changes.
The next time you open a project from one of those locations, RubyMine will implicitly trust it.