Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)

by rdm (Hermit)
on Mar 15, 2004 at 00:54 UTC ( [id://336574]=note: print w/replies, xml ) Need Help??


in reply to Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)
in thread List Values As Multidimensional Hash Keys

Being of the ornery sort, this (to me) begs the following question:
Efficiency aside, is there a *safe* way to utilise eval as a solution to this problem? Not a "good" way, or even a "mediocre" way, just safe?

The intrinsic problem with eval is the possibility of hostile data being introduced into to evaluated string. So, is there a way of rendering the data safe?
The obvious way is via taint checking, and string sanitising with tr or s, but is there a better way?

Not that this should be construed as approval of the idea - the process startup overheads alone should be reason enough to do it any other way!
-R
  • Comment on Re: Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)

Replies are listed 'Best First'.
Re: Re: Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)
by ysth (Canon) on Mar 15, 2004 at 01:07 UTC
    Taking tachyon's sample code: 
    use strict;
use warnings;
my %hash;
my $a = '1};print "You have just been cracked!\n";#a1:a2:a3=foo';
my ($key, $val) = split /=/, $a, 2;
$key =~ s/:/}{/g;
eval "\$hash{$key}=\"$val\"";
__END__
You have just been cracked!

    [download]
    You would replace the $key =~ s/:/... line with 
    use Data::Dumper;
$Data::Dumper::Terse = 1;
$Data::Dumper::Useqq = 1;

$key = join '}{', Dumper split /:/, $key, -1;

    [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://336574]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2024-04-25 05:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found