Writing an interpreter in Perl

jepri has asked for the wisdom of the Perl Monks concerning the following question:

I'm looking at writing a program in Perl to allow my users to write scripts to do things to a database through a web interface. I would also like to impose my own (arbitrary) restrictions on what they can and can't do - e.g. fine grained access control. I was thinking of implementing this by writing a simple little interpreter so they could write mini-scripts for my program to execute. I've had a bit of a look around and can't find anything even close. I'd be happy even with a basic interpreter written in perl. Can anyone point me in right direction?

PS even though I say 'simple' all the way through this, I'd still like to give them acess to some powerful functions like s///. The main thing I dread is writing conditional/case statements and the like.

____________________
Jeremy

Comment on Writing an interpreter in Perl

Replies are listed 'Best First'.
Re: Writing an interpreter in Perl by mirod (Canon) on Nov 09, 2000 at 14:12 UTC
You might want to look at Parse::RecDescent or at the various other Parse Modules, amongst which Parse::Yapp might be quite familiar to you if you are used to YACC. An alternate way is to use regexps but it becomes really complex if you want to have tests and complex expressions. One way, usually not bullet proof by a long shot, is to allow a subset (or a modified subset) of the Perl syntax so all you have to do is to check the syntax, maybe change a couple of items in the query and then `eval` it. If you sort of trust your users not to do anything too stupid and not to try to abuse the system then it might work. If you want to play it safe (and spend some more energy) you will have to write an interpreter though. Parse::RecDescent comes with a _huge_ doc though, so you might be able to find something close to what you want in there.	[reply]
Re: Writing an interpreter in Perl by chromatic (Archbishop) on Nov 09, 2000 at 20:57 UTC
You can use eval... if you also use Safe and even opcode to restrict the operations they can perform. In particular, I'd get rid of all system calls and eval() within the sandbox. For what it's worth, I'm doing a bit of research into the same thing.	[reply]
RE: Re: Writing an interpreter in Perl by jepri (Parson) on Nov 10, 2000 at 05:21 UTC
I'm constantly amazed by Perl. Everytime I hit a problem or a challenge I discover someone's already fixed up a solution. That was what I needed. Thx. ____________________ Jeremy	[reply]
Re: Writing an interpreter in Perl by elwarren (Priest) on Nov 10, 2000 at 01:51 UTC
I would build a list of actions or reports that you want your end users to run. Then build a list of objects that you want to allow them to run these against. This way you can give them a listing of stuff they can access and what they can do to it. Now you'll be able to tune the SQL to run the way you want and users are limited in the damage they can do. The orig point of SQL was to provide this exact service. Use simple words to ask questions and get results: `SELECT EMPLOYEE, PHONE_EXT FROM PHONE_LIST WHERE EMPLOYEE = 'PERL HACK +ER';` [download] Oracle has developed a tool called WebDB that will do something similar to what you're asking for. It's main target is workgroups that want to point and click write their own queires and reports and publish them on the web without having to actually code anything. (or maybe that's just the best use I've found for it :) You can read more about it and download a free trial over on the Oracle Technet site. Good luck. I'd be very interested to see what solution you come up with for this.	[reply] [d/l]
Re: Writing an interpreter in Perl by cianoz (Friar) on Nov 09, 2000 at 15:09 UTC
there is a lisp interpreter written on perl on CPAN (perl-lisp-0.05.tar.gz)...	[reply]
RE: Writing an interpreter in Perl by arturo (Vicar) on Nov 09, 2000 at 21:04 UTC
Hm, don't know if this is what you have in mind, but as far as fine-grained access control goes, you could do away with the need to do something fancy in Perl if you chose the right DBMS (assuming you have a choice). e.g. MySQL has decent permissions model (you can, for example, let user 'bob' have select and insert privileges when he connects from foo.com and give him all privileges if he connects from localhost. Just a thought. Philosophy can be made out of anything. Or less -- Jerry A. Fodor	[reply]
RE: Writing an interpreter in Perl by jepri (Parson) on Nov 09, 2000 at 18:54 UTC
Thanks for the help guys. I'm not at all familiar with YACC or Parse::RecDescent but it looks like I will be by the end of this project. This will at some point be exposed to the web so I can't rely on people behaving themselves using eval. ____________________ Jeremy	[reply]