in reply to Re: Extending a perl program with Scheme, Lua, or JS
in thread Extending a perl program with Scheme, Lua, or JS
Here is my glue code.use strict; package Extension; sub apply_scalar_function_of_x { my $f = shift; # lisp source code, with x as the input, e.g., "* x 0 +.1" # As a convenience feature, if $f is undefined or nul +l string, we return the input unaltered. my $x = shift; if (!defined $f) {return $x} my $lisp = "(display ((lambda (x) ($f)) $x))"; my $result = `guile -c '$lisp'`; if ($? == 0) { return $result; } else { print STDERR "Error executing scheme code $lisp using guile."; return undef; # occurs if guile is not installed or the guile code + dies with an error } # to do: # Escape single quotes inside the string. } 1;
Unfortunately, as discussed, this suffers from multiple potential injection and quoting issues. In this case, I would recommend either IPC::Run3 (libipc-run3-perl) or IPC::System::Simple (libipc-system-simple-perl) - the former is probably better if this software is supposed to run on Windows too. If you don't want to install an extra module, then you could use the piped open I show near the bottom of my post here.
use IPC::System::Simple qw/capturex/; sub apply_scalar_function_of_x { my $f = shift; my $x = shift; if (!defined $f) {return $x} my $lisp = "(display ((lambda (x) ($f)) $x))"; my $result; if (not eval { $result = capturex('guile','-c',$lisp); 1 }) { print STDERR "Error executing scheme code using guile.\n"; return; } return $result; }
I'm looking into how to sandbox Guile. ... if there's any way to prevent code from accessing the file system and such.
Yes, I would very strongly recommend not leaving an open source grading system open to attacks ;-)
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re^3: Extending a perl program with Scheme, Lua, or JS
by bcrowell2 (Friar) on Feb 12, 2019 at 23:47 UTC |