in reply to Re: Is this code secure, can I test it on my machine?
in thread Is this code secure, can I test it on my machine?

string eval is already flagged as dangerous spot and "use" too. The new thing here is substitution with two "e"-s: 
s/.../.../ee

[download]

Do I understand correctly that a single e after the substitution would only be dangerous if the code inside is dangerous 

s/.../system($1)/e

[download]
but code like this 
s/.../$1/e

[download]
cannot be dangerous?

Replies are listed 'Best First'.
Re^3: Is this code secure, can I test it on my machine?
by ikegami (Patriarch) on May 23, 2010 at 19:25 UTC

    string eval is already flagged as dangerous spot and "use" too

    I missed the mention of string eval. As for the use re 'eval';, it's not prevented by preventing the use of use as I suspect you can achieve the same effect without actually using use.

    The new thing here is substitution with two "e"-s:

    It's really just another way of writing a string eval. 

    s/.../.../ee

    [download]
    is the same as 
    s/.../eval "..."/e

    [download]

    (without making '"' special).

    Do I understand correctly that a single e after the substitution would only be dangerous if the code inside is dangerous

    If you consider $1 safe in code, then s/.../$1/e is safe too.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom