Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Very simple rules implementation

by oniric (Initiate)
on May 17, 2012 at 21:28 UTC ( #971181=perlquestion: print w/replies, xml ) Need Help??
oniric has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks, I would like to implement a system where users can enter code in a configuration file (in the form of if/else) with a single parameter (like $_). Something like that
if($_ > 10){return 1} elsif($_>3){return 2 } else {return 1 }
Then this code should be called when needed and maybe 'eval'ed as a sub reference. I'm not totally satisfied by this solution however, first because of security problems, I don't want my user to possibly launch system programs (ok, they won't, but they could..) second because I think eval could take some time and slow down my system. What do you think? I'm seeking your wisdom.

Replies are listed 'Best First'.
Re: Very simple rules implementation
by Eliya (Vicar) on May 17, 2012 at 22:14 UTC

    As for eval slowing down your system, don't worry — unless you're eval'ing those config snippets millions of times... (on my system, the given piece of code wrapped in a sub can be eval'ed and executed roughly 50000 times per second).

    The security worries, OTOH, are justified, presuming you can't trust your users, and the code isn't being run under their own user ID anyway (in which case I wouldn't worry too much...)   You might want to look into Safe to restrict the opcodes that can be used.

      You can't trust your users, and you shouldn't even trust yourself.

      Without protection, one little typo or context failure and you're overwriting your backups with the corrupt version, or perhaps deleting your entire harddrive.

      Yeah, I really should have set the physical write-protect on that final backup...

Re: Very simple rules implementation
by Anonymous Monk on May 18, 2012 at 03:18 UTC

    See Safe, Safe::World, the default rules prohibit system commands

    #!/usr/bin/perl -- use Safe; my $safe = Safe->new; for my $val ( qw/ bye hi / ){ local $_ = $val; my $ret = $safe->reval(q{ return 1 if /bye/; return 0 if /hi/; }); print "$val => $ret\n"; } $safe->reval(q{ system(); }) or die $@; __END__ bye => 1 hi => 0 'system' trapped by operation mask at (eval 9) line 1.

    See also (i'm guessing) workflow implementation with perl

      This seems reasonable, thank you! Do you think my choice of 'eval' for this task could be changed with something even simpler in my case?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://971181]
Approved by Perlbotics
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (4)
As of 2018-04-26 04:04 GMT
Find Nodes?
    Voting Booth?