Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: variable subroutine call

by meraxes (Friar)
on Dec 12, 2007 at 01:15 UTC ( #656527=note: print w/ replies, xml ) Need Help??


in reply to variable subroutine call

In a word: yup.

#!/usr/bin/perl use strict; use warnings; sub say_whoops { print "whoops\n"; } my %functions = ( 'hi' => sub {print "hi\n";}, 'bye' => sub {print "bye\n";}, 'whoops' => \&say_whoops, ); foreach my $key ( keys %functions ) { $functions{$key}(); }

The "hi" and "bye" are anonymous subroutines whereas whoops is executing via a reference to say_whoops(). I've stored the references in a hash simply because it's quick and easy though there are other ways. You can even pass them arguments! Take a look at perlsub for all the specifics.

HOWEVER, it's exceedingly dangerous to take arguments from STDIN to run a routine unless ya know where they're coming from. Potential security hazard. Striken as per shmem's comment. Guess I'm a worry wart really.

--
meraxes


Comment on Re: variable subroutine call
Select or Download Code
Re^2: variable subroutine call
by shmem (Canon) on Dec 12, 2007 at 01:27 UTC
    HOWEVER, it's exceedingly dangerous to take arguments from STDIN to run a routine unless ya know where they're coming from. Potential security hazard.

    Care to elaborate a bit? I am running it, and it is my input, so I know where it is coming from: from me. And if I am not trustworthy for myself, who is?

    What you say only applies (sometimes) when the program is running on behalf of somebody else (e.g. setuid).

    --shmem

    _($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                                  /\_¯/(q    /
    ----------------------------  \__(m.====·.(_("always off the crowd"))."·
    ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

      Sorry. I guess I should have said it can be dangerous if others have access to it. Perhaps my own prejudices. I tend to be wary of things that execute code (or in this case, arbitrary subroutines) without any checking of the input other than "does the function exist". That's all.

      --
      meraxes
        The security issue is "not validating user input" (under certain circumstances) and not "making a string into a subroutine call". If the subroutine cannot be resolved, perl will complain (i.e. die), and done. So "validating user input" doesn't apply in the OP's context.

        It is just what your shell is doing, day in, day out.

        --shmem

        _($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                                      /\_¯/(q    /
        ----------------------------  \__(m.====·.(_("always off the crowd"))."·
        ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}
      I am running it, and it is my input, so I know where it is coming from: from me. And if I am not trustworthy for myself, who is?
      That sums up the situation nicely. Often times it is precisely because I am running it and it is my input that problems occur. I'm the last person I would trust.

      I'm with meraxes on this one but of course ymmv. :-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://656527]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (6)
As of 2014-12-20 03:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (95 votes), past polls