Perl：安全评估？ [英] Perl: safe eval?

问题描述

我很好奇是否有任何关于进行限制性评估的好的信息。

I'm curious if there is any good information on performing restricted evals.

看一下文档，其中有一个 use Safe 具有 reval code>方法，但是我不确定它的安全性。

Looking at the docs, there is a use Safe that has a reval method, but I'm not sure how safe that is.

我想要做的是能够将各种条件语句作为字符串传递

What I want to do is to be able to pass various conditional statements as a string to a function w/o the source abusing the eval.

例如：

sub foo {
   my $stmt = shift;
   my $a    = 3;
   say eval($stmt)?"correct":"wrong") , "($stmt)";
}

foo( q{1  == $a} );
foo( q{$a =~ /3/ );
foo( q{(sub {return 3})->() eq 3}  );

使用保险柜可以吗？我所需要做的就是比较，没有磁盘访问权限或变量操作。

Would use Safe be good for this? All I need to be able to do is comparisons, no disk access, or variable manipulations.

推荐答案

为在文档中指示， eval（$ stmt）计算 $ stmt 在当前Perl程序的词法上下文中，以便以后保留所有变量设置或子例程以及格式定义。这对于将 $ stmt 的执行延迟到运行时很有用。

As indicated in the docs, eval($stmt) evaluates $stmt "in the lexical context of the current Perl program, so that any variable settings or subroutine and format definitions remain afterwards." This is useful for delaying execution of $stmt until runtime.

如果您 reval（ $ stmt）放在安全隔间中，基本上发生了相同的事情，该语句被评估，但是它被评估在一个新的词法上下文中，该上下文只能看到安全隔离专区的名称空间，并且可以在其中控制允许哪些类型的运算符。

If you reval($stmt) in a Safe compartment, essentially the same thing happens, the statement is eval'd, but it's eval'd in a new lexical context which can only see the Safe compartment's namespace, and in which you can control what sorts of operators are allowed.

因此，是的，如果您声明一个安全隔离区并在该隔离区中声明 reval（$ stmt），则（a）执行 $ stmt 未经您的同意将不会更改程序的功能（我想这就是您的意思，没有滥用源代码的源）。并且（b）是，如果您 reval（$ stmt） $ stmt 未经您的同意将无法访问磁盘。 c $ c>。在（a）中，您的同意要求显式地使用符号表，而在（b）中，您的同意将要求指定一组将允许磁盘访问的操作代码。

So, yes, if you declare a Safe compartment and reval($stmt) in that compartment, then (a) execution of $stmt won't change the functioning of your program without your consent (I guess this is what you mean by "w/o the source abusing the eval"). And, (b) yes, $stmt won't be able to access the disk without your consent if you reval($stmt). In (a) "your consent" requires explicitly playing with the symbol table, and in (b) "your consent" would require specifying a set of op codes that would allow disk access.

我不确定这有多安全要么。但是，如果将其设置并在调试器中逐步执行，则可以看到它的作用。

I'm not really sure how safe this is either. However, you can see it in action if you set it up and step through it in the debugger.

这篇关于Perl：安全评估？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！