Beefy Boxes and Bandwidth Generously Provided by pair Networks Cowboy Neal with Hat
Think about Loose Coupling
 
PerlMonks  

Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)

by merlyn (Sage)
on Mar 14, 2004 at 18:43 UTC ( [id://336567]=note: print w/replies, xml ) Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.


in reply to List Values As Multidimensional Hash Keys

As usual, this topic comes up every three to six months, and the same "eval" solutions get posted. As usual, I've downvoted any solution I've seen (or will see) in this thread that uses "eval". It's both unnecessarily inefficient, and a big security hole as well. Please use any other solution as a starter.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

  • Comment on Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)

Replies are listed 'Best First'.
Re: Please don't use eval for this! (was Re: List Values As Multidimensional Hash Keys)
by rdm (Hermit) on Mar 14, 2004 at 19:54 UTC
    Being of the ornery sort, this (to me) begs the following question:
    Efficiency aside, is there a *safe* way to utilise eval as a solution to this problem? Not a "good" way, or even a "mediocre" way, just safe?

    The intrinsic problem with eval is the possibility of hostile data being introduced into to evaluated string. So, is there a way of rendering the data safe?
    The obvious way is via taint checking, and string sanitising with tr or s, but is there a better way?

    Not that this should be construed as approval of the idea - the process startup overheads alone should be reason enough to do it any other way!
    -R
[reply]
      Taking tachyon's sample code: 
      use strict;
use warnings;
my %hash;
my $a = '1};print "You have just been cracked!\n";#a1:a2:a3=foo';
my ($key, $val) = split /=/, $a, 2;
$key =~ s/:/}{/g;
eval "\$hash{$key}=\"$val\"";
__END__
You have just been cracked!

      [download]
      You would replace the $key =~ s/:/... line with 
      use Data::Dumper;
$Data::Dumper::Terse = 1;
$Data::Dumper::Useqq = 1;

$key = join '}{', Dumper split /:/, $key, -1;

      [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://336567]
help
Sections?
Information?
Find Nodes?
Leftovers?
    Notices?
    hippoepoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
    erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.