develooper Front page | perl.perl6.users | Postings from June 2018

Re: EVAL?

Thread Previous | Thread Next
From:
Brandon Allbery
Date:
June 13, 2018 19:27
Subject:
Re: EVAL?
Message ID:
CAKFCL4XWNgDrYgX+CQj7g8vPZqgfCuQaZKv76os2yNrwZEOZWg@mail.gmail.com
Exactly what it says: eval is a code injection attack waiting to happen. If
you actually need it, you get to do your own data sanitization, and you
tell Perl 6 you did so with "use MONKEY-SEE-NO-EVAL;".

On Wed, Jun 13, 2018 at 3:22 PM ToddAndMargo <ToddAndMargo@zoho.com> wrote:

> Hi All,
>
> I am converting a program from Perl5 to Perl 6.
>
> This line
>
>       else { eval "$RunSpecific"; }
>
> became this line
>
>       else { EVAL "$RunSpecific"; }
>
> And threw this error
>
> $ perl6 -c GetUpdates.pl6
> ===SORRY!=== Error while compiling /home/linuxutil/GetUpdates.pl6
> EVAL is a very dangerous function!!! (use the MONKEY-SEE-NO-EVAL pragma
> to override this error,
> but only if you're VERY sure your data contains no injection attacks)
> at /home/linuxutil/GetUpdates.pl6:6016
> ------> else { EVAL "$RunSpecific"⏏; }
>
>
> Any words of wisdom?
>
>
> Many thanks,
> -T
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Serious error.
> All shortcuts have disappeared.
> Screen. Mind. Both are blank.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>


-- 
brandon s allbery kf8nh                               sine nomine associates
allbery.b@gmail.com                                  ballbery@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About