#!/usr/bin/perl -w
use strict;
use Safe;

my $secret="my-password-should-never-be-shown\n";

## the following are lines that a web user could try to pass to my program
my $_ = <<HEREDOC;
sub round { return sprintf("%.\$_[1]f", \$_[0]); } ; my \$in=rand(); my \$answer=(\$in+log(10)); print "what is \$in+log(10)?\\n"; round(\$answer,3)  ## this should evaluate just fine
print \$secret;                                          ## yikes, should be an error
system("ls")                                             ## yikes, should be an error
`ls`                                                     ## yikes, should be an error
open(FIN, ">", "really-bad-to-write-to-fs")              ## yikes, should be an error
HEREDOC

foreach (split(/\n/, $_)) {
  print "\n----------------\nExecuting '$_'\n\n";

  # this executes everything blindly and is a really bad idea
  my $result=eval($_);
  print "UNSAFE '$_'\n\t\t-> ".($result||"undef")."\n\n\n";

  # this does not do what I had hoped it to do
  # I want the first line be executed, and all other lines to be trapped.
  my $compartment= new Safe;
  $result= $compartment->reval("$_");

  print "SAFE '$_'\n\t\t-> ".($result||"undef")."\n\n\n";
}