Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Re: Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)

by rdm (Hermit)
on Mar 15, 2004 at 00:54 UTC ( [id://336574] : note . print w/replies, xml ) Need Help??


in reply to Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)
in thread List Values As Multidimensional Hash Keys

Being of the ornery sort, this (to me) begs the following question:
Efficiency aside, is there a *safe* way to utilise eval as a solution to this problem? Not a "good" way, or even a "mediocre" way, just safe?

The intrinsic problem with eval is the possibility of hostile data being introduced into to evaluated string. So, is there a way of rendering the data safe?
The obvious way is via taint checking, and string sanitising with tr or s, but is there a better way?

Not that this should be construed as approval of the idea - the process startup overheads alone should be reason enough to do it any other way!
-R
  • Comment on Re: Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)

Replies are listed 'Best First'.
Re: Re: Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)
by ysth (Canon) on Mar 15, 2004 at 01:07 UTC
    Taking tachyon's sample code:
    use strict; use warnings; my %hash; my $a = '1};print "You have just been cracked!\n";#a1:a2:a3=foo'; my ($key, $val) = split /=/, $a, 2; $key =~ s/:/}{/g; eval "\$hash{$key}=\"$val\""; __END__ You have just been cracked!
    You would replace the $key =~ s/:/... line with
    use Data::Dumper; $Data::Dumper::Terse = 1; $Data::Dumper::Useqq = 1; $key = join '}{', Dumper split /:/, $key, -1;