I think that you should use the 2nd option, a Perl syntax with some limitations using a Safe compartment.

I have worked a lot with Safe, and created the module Safe::World, where all the resources needed to create a internal representation of a Perl interpreter is implemented over Safe.

Here's a simple example of how to create a compartment that only enables the use of variables, branch (if, elsif, else), loops (while, for), and IO (print, warn, die):

use Safe::World ; ####### # OPS # ####### my @OPS_BASICS = qw( :base_loop rv2sv sassign rv2av aassign aelem aelemfast aslice av2arylen rv2hv helem hslice each values keys exists delete list lslice splice push pop shift unshift reverse lineseq nextstate scope enter leave setstate rv2cv anoncode prototype entersub leavesub leavesublv return method method_named leaveeval ) ; my @OPS_VARIABLES_AND_VALUES = qw( :base_mem :base_math scalar null stub pushmark const defined undef preinc i_preinc predec i_predec postinc i_postinc postdec i_postde +c int hex oct abs pow multiply i_multiply divide i_divide modulo i_modulo add i_add subtract i_subtract left_shift right_shift bit_and bit_xor bit_or negate i_negate not complement lt i_lt gt i_gt le i_le ge i_ge eq i_eq ne i_ne ncmp i_ncmp slt sgt sle sge seq sne scmp substr stringify length ord chr ucfirst lcfirst uc lc quotemeta trans chop schop chomp schomp match split qr list lslice reverse cond_expr flip flop andassign orassign and or xor lineseq scope enter leave setstate rv2cv leaveeval gvsv gv gelem padsv padav padhv padany refgen srefgen ref ) ; my @OPS_SIMPLE_FUNCTIONS = qw( time sort pack unpack print warn die ) ; ######### # WORLD # ######### my ( $stdout , $stderr ) ; my $world = Safe::World->new( stdout => \$stdout , stderr => \$stderr , flush => 1 , env => { %ENV } , no_set_safeworld => 1 , ) ; $world->op_permit_only(@OPS_BASICS , @OPS_VARIABLES_AND_VALUES , @OP +S_SIMPLE_FUNCTIONS) ; my @ret = $world->eval(' $foo = 2**10 ; print "FOO: $foo\n" if $foo +== 1024 ; warn "Just an alert!\n" ') ; $world->close ; print ">>> STDOUT <<<\n$stdout\n" ; print ">>> ERRORS <<<\n$stderr\n" if $stderr ;
One good thing of Safe::World is that if the user uses exit(), die(), any IO output or load a module, this will exists only inside the Safe::World compartment, making your outside safer. But you will need to play with the operators that you want to just enable what is really needed. Take a look in the module Opcode for the list.

Graciliano M. P.
"Creativity is the expression of the liberty".

20040907 Edit by ysth: readmore tags


In reply to Re: Embedded perl or mini-language translator to perl by gmpassos
in thread Embedded perl or mini-language translator to perl by mp

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":