develooper Front page | perl.perl6.users | Postings from June 2018

Re: EVAL?

Thread Previous | Thread Next
From:
yary
Date:
June 13, 2018 22:24
Subject:
Re: EVAL?
Message ID:
CAG2CFAYXcUmvN_OGJ01xYoOs1TBq3KzCdM2OUGdG8=cw8N+h0g@mail.gmail.com
Pet peeve, "$RunSpecific" with the quotes on either side is exactly the
same as $RunSpecific without the quotes. Perl isn't shell.

-y

On Wed, Jun 13, 2018 at 12:27 PM, Brandon Allbery <allbery.b@gmail.com>
wrote:

> Exactly what it says: eval is a code injection attack waiting to happen.
> If you actually need it, you get to do your own data sanitization, and you
> tell Perl 6 you did so with "use MONKEY-SEE-NO-EVAL;".
>
> On Wed, Jun 13, 2018 at 3:22 PM ToddAndMargo <ToddAndMargo@zoho.com>
> wrote:
>
>> Hi All,
>>
>> I am converting a program from Perl5 to Perl 6.
>>
>> This line
>>
>>       else { eval "$RunSpecific"; }
>>
>> became this line
>>
>>       else { EVAL "$RunSpecific"; }
>>
>> And threw this error
>>
>> $ perl6 -c GetUpdates.pl6
>> ===SORRY!=== Error while compiling /home/linuxutil/GetUpdates.pl6
>> EVAL is a very dangerous function!!! (use the MONKEY-SEE-NO-EVAL pragma
>> to override this error,
>> but only if you're VERY sure your data contains no injection attacks)
>> at /home/linuxutil/GetUpdates.pl6:6016
>> ------> else { EVAL "$RunSpecific"⏏; }
>>
>>
>> Any words of wisdom?
>>
>>
>> Many thanks,
>> -T
>>
>>
>> --
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Serious error.
>> All shortcuts have disappeared.
>> Screen. Mind. Both are blank.
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>
>
> --
> brandon s allbery kf8nh                               sine nomine
> associates
> allbery.b@gmail.com
> ballbery@sinenomine.net
> unix, openafs, kerberos, infrastructure, xmonad
> http://sinenomine.net
>

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About