dtreder has asked for the wisdom of the Perl Monks concerning the following question:

We all know "eval" is actually two completely different operations. eval "" (string) parses perl, whereas eval {} just catches exceptions.

I'm trying to use Safe to protect against eval of strings, but allow the use of eval for catching exceptions (in other words, allow "entertry" and forbid "entereval").

By default, Safe protects you from "entereval" (eval of a string). However this script breaks on eval {} - which is for catching exceptions.

Why does Safe think the use of eval {} is actually eval of string? Is there a way I can use safe while permitting catching of exceptions? 

use strict;
use Safe;

my $SafeCompartment = new Safe;
$SafeCompartment->permit(qw(entertry));

my $evalbrace ='
 eval { 1 } ;
';

$SafeCompartment->reval($evalbrace, 1);
if ($@) {
  die "WARNING!: evalbrace failed: $@";
}

./testsafeexecute
WARNING!: evalbrace failed: eval "string" trapped by operation mask at
+ (eval 2) line 2.

[download]
Basically I want reval(' eval "code"; ') to fail and I want reval(' eval { 1 }; ') to succeed.

Replies are listed 'Best First'.
Re: Safe.pm is broken - entertry fails
by waswas-fng (Curate) on Dec 18, 2003 at 20:08 UTC
    reval acts as eval does and can be used as a try with the added benefit of catching non-allowed ops. it sets $@ on a error just like the eval try. I do not understand what you are trying to do here? a nested eval try?


    -Waswas
[reply]
      I'm using Safe to evaluate some untrusted code, basically to protect a developer from doing something stupid. One of the dumb things he might try to do is eval "", i.e. evaluating any input as perl code would not be smart. However I still want to let him catch exceptions, i.e. use eval {}.

      So my little sample code has reval(" eval {1}; "). Basically I want reval(' eval "code"; ') to fail and I want reval(' eval { 1 }; ') to succeed.

[reply]

Back to Seekers of Perl Wisdom