Re^2: using just variables in a regular exression

Thanks, but
Both of u coded the s// directly in perl source code. I only have two variables. One contains the data, the other contains the completely arbitrary expression. It could be a match m// expression, or a substitution s///, or some parsing expression. I have no idea.
I do not want parse the expression contents in my own code to get parts to put back into some other instruction format in source code. That was the whole point of supporting regex. This s in a tool used by my product support teams to gather diagnostic data from a users system. Sometimes the product install design team didn't think how hard it might be to find/use the product install path in their saved config data.
As an example, they recorded the direct path and name of the main install executable in single quotes, but we actually need the parent folder of the exe, with another subdirectory to get to the log files. 'C:/somedir/part2/part3/foobar.exe'
My app lets the script writer parse that out.
Path(str)='c:/somedir/part2/part3
Path(str)='c:/somedir/part2
Add /logs/*.log'
But the ' kills it all.

The s/'/\"/g would solve it. I don't have a built in replace function in my script handler.

Comment on Re^2: using just variables in a regular exression

Replies are listed 'Best First'.
Re^3: using just variables in a regular exression by davido (Cardinal) on Aug 31, 2012 at 00:52 UTC
Then what you're after, as I mentioned, is the string version of eval: `my $data = 'Just another Perl hacker,'; my $expression = 's/(another)/a/'; my $match_var; my $result = eval <<"END_EVAL"; my \$success = \$data =~ $expression; \$match_var = \$success ? \$1 : undef; \$success; END_EVAL if( $result ) { print "$match_var => $data\n"; }` [download] It would be better if instead of passing "`$match_var` out of the eval's scope you instead passed a reference to a copy of `@-` and `@+`; that way you could look at `scalar @-` to determine how many captures were produced, and then use `substr` on an original copy of the string to determine what those captures actually were. And while you're at it, you might also need to deal with named captures. But this opens your code to some serious problems. Consider the following: `my $data = 'Just another Perl hacker,'; my $expression = 's/(another)/a/; print "Hello world!\n";'; my $match_var; my $result = eval <<"END_EVAL"; my \$success = \$data =~ $expression; \$match_var = \$success ? \$1 : undef; \$success; END_EVAL if( $result ) { print "$match_var => $data\n"; }` [download] Now by supplying a semicolon in the appropriate place within the code string, the user was able to move on, executing arbitrary additional code (in this case, `print "Hello world!\n";`). That's possibly innocuous, but how about '`while ( my( $key, $value ) = each %ENV ) { ... }`', or how about backticks or a system call, or even unlink? Maybe you can trust your users. But I wouldn't even trust myself with code that exposes that sort of security flaw. No.....you're much better off staying away from the temptation to take the easy solution. It might save you an hour of coding now, but imagine how time consuming it will be when a user does something malicious because he felt snubbed by how you failed to notice him in the break room. The safest approach is to find a way to allow users to choose between different operations that you explicitly expose. Much less safe but still better than simple eval would be to use the Safe module's `reval` method. That will protect you against many malicious attacks, but won't protect from denial of service attacks. A user could still tie up a process forever and consume as much memory as you have available. Dave	[reply] [d/l] [select]
Re^4: using just variables in a regular exression by sdetweil (Sexton) on Aug 31, 2012 at 02:19 UTC
Ok, you've convinced me. if the expression starts with s or m then parse on the / otherwise its a parser. if s or m, handle as u suggest.. not a lot of code add. thanks Sam	[reply]
Re^5: using just variables in a regular exression by davido (Cardinal) on Aug 31, 2012 at 02:49 UTC
Good call, and it sounds quite reasonable. Maybe look for expressions that would match `m{^([sm])/}` and assume those are ones that need to be evaluated either as m/ or s/. All the rest, treat like m/. Dave	[reply] [d/l]
Re^4: using just variables in a regular exression by sdetweil (Sexton) on Aug 31, 2012 at 03:31 UTC
thought I had posted.. it was sitting on the ipad.. thanks, you've convinced me.. see the later post with the updated code and one remaining question sam weird.. it was there.. ah fun	[reply]