RubyMine 2024.3 Help

Project security

When you open a Ruby/Rails project, RubyMine runs gem executables that may contain harmful code from the project.

To prevent potential security risks, RubyMine lets you decide how to open a project if it doesn't recognize the project source.

Ruby/Rails projects security

Every time you open a project for the first time, the IDE shows the Trust Project dialog. This helps to ensure that the project is safe to perform the following actions:

When you open a Ruby/Rails project from an unknown source, RubyMine displays a notification and lets you decide how to proceed.

Untrusted Project

You can select one of the following actions:

  • Trust Project: select this option to open the project and allow RubyMine to check for missing gems, run RuboCop (if enabled), and load a list of available Rake tasks and Rails generators automatically.

  • Preview in Safe Mode: select this option to prevent the silent execution of Ruby tools using the project code. In this case, RubyMine's functionality will be limited.

    You can always switch to trusted mode using the notification panel in the editor.

  • Don't Open: select this option to cancel opening the project.

RubyMine remembers when you trust a project on the current machine, but you will need to re-trust the project for each machine you open it on.

Until you trust the project, RubyMine will provide limited functionality. When trying to run Rake tasks or Rails generators, RubyMine won't suggest them in the Run Anything window, except for rake --tasks and rails generate.

However, you can still browse the project sources and open them in the editor. Code navigation and completion will be limited to project files and may not include sources of external libraries.

When you open a file in the project, RubyMine will display a notification panel in the editor stating that the project is untrusted. You can click the Trust project link to enable the full RubyMine functionality at any time. If you ignore the notification banner, RubyMine's functionality will still be limited.

The Trust project notification

Trusted locations

You can configure what sources RubyMine should consider safe and trust implicitly. For example, you can add your home directory to the trusted locations. In this case, RubyMine will implicitly trust all projects located there.

Configure trusted locations

  1. In the Settings dialog (Ctrl+Alt+S) , go to Build, Execution, Deployment | Trusted Locations.

  2. On the Trusted Locations settings page, specify the local directories that the IDE should trust. Click OK to save the changes.

    Trusted Locations

    The next time you open a project from one of those locations, RubyMine will implicitly trust it.

Last modified: 19 December 2024