«

All,

I've got a module that will read an XML file that has code as the
contents of some elements. I'd like to be able to capture this code as a
code reference and pass that code reference to a function, without risking
any internals. The following code works, but doesn't seem foolproof:

# %code, $self, and $parse defined elsewhere
if (exists $code{$_}) {
my $c;
my $code = '$c = sub {' . $parse->{$_} . '}';

# Prevent $code from modifying in-scope variables we need to keep
{
local($self, $parse);
eval $code;
}

if ($@) {
err("Errors processing $_ : $@");
}
else {
$self->$_($c);
}
}

Suggestions very welcome.

--
Jesse S. Bangs
http://students.washington.edu/jaspax/
http://students.washington.edu/jaspax/blog

Jesus asked them, "Who do you say that I am?"

And they answered, "You are the eschatological manifestation of the ground
of our being, the kerygma in which we find the ultimate meaning of our
interpersonal relationship."

And Jesus said, "What?"

On Sun, 31 Aug 2003 21:55:49 -0700
JS Bangs <> wrote:
> I've got a module that will read an XML file that has code as the
> contents of some elements. I'd like to be able to capture this code
> as a code reference and pass that code reference to a function,
> without risking any internals.
<snip>
> Suggestions very welcome.

Correct me if I'm wrong, but you would like to do something like SAX?
If so, there are some modules to aid you in this on CPAN.

That's my two cents.

--
Jim
---
Copyright notice: all code written by the author in this post is
considered GPL. http://gnu.org for more information.
---
a real quote ...
Linus Torvalids: "They are somking crack ...."
(http://www.eweek.com/article2/0,3959,1227150,00.asp)
---
a fortune quote ...
"Right now I'm having amnesia and deja vu at the same time." --
Steven Wright

In article < ngton.edu>,
JS Bangs <> wrote:
>All,
>
>I've got a module that will read an XML file that has code as the
>contents of some elements. I'd like to be able to capture this code as a
>code reference and pass that code reference to a function, without risking
>any internals. The following code works, but doesn't seem foolproof:
>
># %code, $self, and $parse defined elsewhere
>if (exists $code{$_}) {
> my $c;
> my $code = '$c = sub {' . $parse->{$_} . '}';
>
> # Prevent $code from modifying in-scope variables we need to keep
> {
> local($self, $parse);
> eval $code;
> }
>
> if ($@) {
> err("Errors processing $_ : $@");
> }
> else {
> $self->$_($c);
> }
>}
>

Wouldn't you almost certainly want to use the core Safe module
in case other wickedness creeps into the code...

HTH,
--
Charles DeRykus

JS Bangs wrote:
>
> All,
>
> I've got a module that will read an XML file that has code as the
> contents of some elements. I'd like to be able to capture this code as a
> code reference and pass that code reference to a function, without risking
> any internals. The following code works, but doesn't seem foolproof:
>
> # %code, $self, and $parse defined elsewhere
> if (exists $code{$_}) {
> my $c;
> my $code = '$c = sub {' . $parse->{$_} . '}';
>
> # Prevent $code from modifying in-scope variables we need to keep
> {
> local($self, $parse);
> eval $code;
> }
>
> if ($@) {
> err("Errors processing $_ : $@");
> }
> else {
> $self->$_($c);
> }
> }
>
> Suggestions very welcome.

use Safe;
if( exists $code{$_} ) {
(my $safe = Safe->new)->permit_only(qw(:default));
my $c = $safe->reval("return sub { $parse->{$_} }");
if ($@) {
err("Errors processing $_ : $@");
} else {
$self->$_($c);
}
}

[untested; might not *really* be Safe]

Actually, I know for a fact that in some versions of perl, you can do some
really odd things in spite of being inside of a Safe object. For example,

[Windows 95] C:\WINDOWS>perl -MSafe -wle "LOOP: { print 1; Safe->new->reval('last LOOP'); print 2 } print 3"
1
Exiting eval via last at (eval 2) line 2.
Exiting subroutine via last at (eval 2) line 2.
Exiting eval via last at (eval 2) line 2.
Exiting subroutine via last at (eval 2) line 2.
3
Can't return outside a subroutine.

Of course, since you've been wholly trusting the contents of $parse->{$_}
so far (meaning, *anything* could have been done in it's code), you wouldn't
be doing any *worse* to eval the code inside of a Safe object.

--
$a=24;split//,240513;s/\B/ => /for@@=qw(ac ab bc ba cb ca
);{push(@b,$a),($a-=6)^=1 for 2..$a/6x--$|;print "$@[$a%6
]\n";((6<=($a-=6))?$a+=$_[$a%6]-$a%6$a=pop @b))&&redo;}

Benjamin Goldberg sikyal:

> use Safe;
> if( exists $code{$_} ) {
> (my $safe = Safe->new)->permit_only(qw(:default));
> my $c = $safe->reval("return sub { $parse->{$_} }");
> if ($@) {
> err("Errors processing $_ : $@");
> } else {
> $self->$_($c);
> }
> }
>
> [untested; might not *really* be Safe]

This works very well. Thank you! I hadn't ever heard of the Safe module
before, so thanks for pointing this out to me.

> Of course, since you've been wholly trusting the contents of $parse->{$_}
> so far (meaning, *anything* could have been done in it's code), you wouldn't
> be doing any *worse* to eval the code inside of a Safe object.

Right. I'm actually letting general security issues within the code in
$parse->{$_} be Somebody Else's Problem. As the module writer, I need to
make sure that the code doesn't alter the internals of my module, but
making sure that the code doesn't maliciously use system() calls or do
other insecure buggery will be the responsibility of the person using the
module and providing the XML to parse.

--
Jesse S. Bangs
http://students.washington.edu/jaspax/
http://students.washington.edu/jaspax/blog

Jesus asked them, "Who do you say that I am?"

And they answered, "You are the eschatological manifestation of the ground
of our being, the kerygma in which we find the ultimate meaning of our
interpersonal relationship."

And Jesus said, "What?"