Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: execute a string as a function

by sundialsvc4 (Abbot)
on Aug 06, 2013 at 17:29 UTC ( #1048153=note: print w/replies, xml ) Need Help??

in reply to execute a string as a function

Definitely dispatch .. avoids the Bobby Tables Problem, which has many manifestations.   You should also preface this with an explicit test to verify that a key does exist in the dispatch table, e.g.:

die "No key for '$foo!'" unless exists($dispatch->{$foo});
... making sure, of course, that this message (specifically, $foo), in un-sanitized form cannot by any means make its way into any user-delivered output, where it could conceivably be a vector for script-injection.   The message should appear only in unpublished log-files (STDERR).

As just one of its many advantages, this technique avoids the overhead of “compiling at runtime,” and it expressly indicates the full extent of what you, the designer, intended for the software to do in every case, “and here are all the cases.”   With a mere glance at the source code, anyone can plainly see what the software is to do given any possible input, malicious or otherwise, and can be certain that this is what will occur.

Replies are listed 'Best First'.
Re^2: execute a string as a function
by bioinformatics (Friar) on Aug 07, 2013 at 12:43 UTC
    This script is dealing with (if I'm guessing correctly) processing of biological sequences. It's doubtful that script injection would be a concern here...


      We could be looking at the first chemical to electronic host-jumping virus! Best to be safe.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1048153]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (7)
As of 2018-06-19 13:35 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (114 votes). Check out past polls.