Bas-i has asked for the wisdom of the Perl Monks concerning the following question:

Hi all,

I have a bunch of applications using the following construct to import variables and their names into their namespaces: 

package Somepackage;

use Exporter;
our @ISA = qw(Exporter);

our @EXPORT_OK = qw($SOME_VAR);

our $SOME_VAR = 123;

1;

use Somepackage qw($SOME_VAR);

print "It is: $SOME_VAR\n";

[download]

Now I want to generate the Somepackage class dynamically as the variables and their values will be stored in a database table from now on.

That's all easy, just generate the appropriate code in a variable and eval the generated code using eval.

This boils down to the following example: 


##
## BEGIN makes available the variable $SOME_VAR, these declarations ar
+e
## read from a database in reality.
##

sub BEGIN
{
    my $varName  = 'SOME_VAR';
    my $varValue = 123;

    ##
    ## Dynamically create the package
    ##

    my $code = qq/
package Somepackage;

use Exporter;
our \@ISA = qw(Exporter);

our \@EXPORT_OK = qw(\$$varName);

our \$$varName = $varValue;

1;
/;

    print $code, "\n";

    eval $code;

    ##
    ## Leaving out this line makes the "use Somepackage qw($SOME_VAR) 
+fail (Can't locate package
    ## Somepackage.pm in @INC ...).
    ##

    $INC{"Somepackage.pm"} = 'abc';
}


##
## Let's use it.
##

use Somepackage qw($SOME_VAR);

##
## And see if it's defined.
##

print "Var is $SOME_VAR\n";

[download]

The thing I somewhat worry about is that if I don't put the generated package in %INC, it doesn't work, it says: Can't locate package Somepackage.pm. If I put the package name into %INC, all is well.

However, what do I put as the value in %INC? Normally, these are filenames pointing back to the original source file. In this case, there is no physical file.

Putting some random value in it ('abc') works fine and I should be ok. Does perl ever use the actual value, expecting it to be a file and thus possibly causing havoc in my application?

Thanks, Bas.

Replies are listed 'Best First'.
Re: Dynamic USE and %INC
by tlm (Prior) on Mar 17, 2005 at 10:53 UTC

    No need to load the package. Replace 

    use Somepackage qw($SOME_VAR);

    [download]
    with 
    Somepackage->import(qw($SOME_VAR));

    [download]
    and get rid of the %INC line.

    the lowliest monk

[reply]
[d/l]
[select]
Re: Dynamic USE and %INC
by nobull (Friar) on Mar 17, 2005 at 12:31 UTC 
    BEGIN {
    my $varName  = 'SOME_VAR';
    my $varValue = 123;

    ##
    ## Dynamically create the package
    ##

    my $code = qq/
package Somepackage;

use Exporter;
our \@ISA = qw(Exporter);

our \@EXPORT_OK = qw(\$$varName);

our \$$varName = $varValue;

1;
/;

    print $code, "\n";

    eval $code;
    $INC{"Somepackage.pm"} = 'abc';
}

    [download]

    eval(STRING) should be a tool of last resort - it should certainly come after symrefs on your list of things to try. 

    BEGIN {
    my $varName  = 'SOME_VAR';
    my $varValue = 123;

    require Exporter;
    $INC{"Somepackage.pm"} = 1;
    package Somepackage;

    our @ISA = qw(Exporter);
    our @EXPORT_OK = $varName;
 
    no strict 'refs';
    $$varName = $varValue;
}

    [download]
[reply]
[d/l]
[select]
      Care to explain why I wouldn't want to use eval in this case?

      The example doesn't show but I use eval's result to see if all went well (the variable names and values come from a db that might have garbage in them, causing compilation errors).

      Then again, your example could be nested in an eval {} block as well to check for this.

[reply]
        Care to explain why I wouldn't want to use eval in this case?

        Mostly it's instinct. Using eval mixes up program space a dataspace even more than symrefs. Where there are two solutions of equal complexity one using eval(STRING) and the other not then use the one without.

        The other nasty thing about eval is that unless you use a #line directive the errors you get just say "in eval 666" or something equally unhelpful.

        The example doesn't show but I use eval's result to see if all went well (the variable names and values come from a db that might have garbage in them, causing compilation errors).
        But if you didn't constuct a string as pass it to the compiler then there wouldn't be any errors! Why should garbage in the values cause errors? As it happens garbage in the names won't throw any errors either since symbols defined with symrefs can have any name.

        Anyhow if the database is not trusted to be valid you definitely should not be passing it to eval() in case it decides to reformat your disk.

        You are praising eval(STRING) because it provides you with a solution that it caused.

        With my solution all you need to add is a check that $varName !~ /\W/. Actually if there's a chance that the database is truely malicious and not just erroneous then you really should check $varName is not null or one of the special globally global variables. 

          $varName &&
  $varName !~ /\W/ &&
  \*$varName != \*{"::$varName"}

        [download]
[reply]
[d/l]
[select]
Re: Dynamic USE and %INC
by nobull (Friar) on Mar 17, 2005 at 12:20 UTC

    The thing I somewhat worry about is that if I don't put the generated package in %INC, it doesn't work, it says: Can't locate package Somepackage.pm. If I put the package name into %INC, all is well.

    However, what do I put as the value in %INC? Normally, these are filenames pointing back to the original source file. In this case, there is no physical file.

    Putting some random value in it ('abc') works fine and I should be ok. Does perl ever use the actual value, expecting it to be a file and thus possibly causing havoc in my application?

    Perl itself does not use it so I think I'd just put in a 1 to make it true - in case there is code out there testing $INC{$filename} rather than exists($INC{$filename}).

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom