A
Ara.T.Howard
i have a project i'm working on where i'd like to support complex
boolean/relational requests, where those requests must be satisfied on the
context of defined objects... i'm loath to create an entire parser/scanner
just to evaluate these expression when ruby's own is already written but also
don't want to risk using eval for the obvious reason. so, for example, i'll
have a command line option for a request:
prog.rb --request='a < 42 and b == true'
i can think of three approaches for evaluating such requests:
1) eval
request = 'a < 42 and b == true'
a = 42
b = true
eval request
2) code generation using ruby to evaluate (this protects against evil evals)
request = 'a < 42 and b == true'
a = 42
b = true
code = <<-code
a = #{ a }
b = #{ b }
p(#{ request })
code
res = `ruby -e '#{ code }'`
case res
when /true/o
when /false/o
else
end
3) full blown racc parser with associated context/evaluation logic...
* eval is attractive because i'd be done today, but it'd be too easy for someone
to do
prog.rb --request='a < 42 and b == true; raise "ha ha"'
* code generation is attractive for the same reason but feels hackish and slow
* the full blown racc parser just seems like alot of work to accomplish such a
small thing... then again perhaps it wouldn't be that bad...
can someone think of alternatives or variations that are simple and safe?
-a
--
===============================================================================
| EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
| PHONE :: 303.497.6469
| ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
| URL :: http://www.ngdc.noaa.gov/stp/
| TRY :: for l in ruby perl;do $l -e "print \"\x3a\x2d\x29\x0a\"";done
===============================================================================
boolean/relational requests, where those requests must be satisfied on the
context of defined objects... i'm loath to create an entire parser/scanner
just to evaluate these expression when ruby's own is already written but also
don't want to risk using eval for the obvious reason. so, for example, i'll
have a command line option for a request:
prog.rb --request='a < 42 and b == true'
i can think of three approaches for evaluating such requests:
1) eval
request = 'a < 42 and b == true'
a = 42
b = true
eval request
2) code generation using ruby to evaluate (this protects against evil evals)
request = 'a < 42 and b == true'
a = 42
b = true
code = <<-code
a = #{ a }
b = #{ b }
p(#{ request })
code
res = `ruby -e '#{ code }'`
case res
when /true/o
when /false/o
else
end
3) full blown racc parser with associated context/evaluation logic...
* eval is attractive because i'd be done today, but it'd be too easy for someone
to do
prog.rb --request='a < 42 and b == true; raise "ha ha"'
* code generation is attractive for the same reason but feels hackish and slow
* the full blown racc parser just seems like alot of work to accomplish such a
small thing... then again perhaps it wouldn't be that bad...
can someone think of alternatives or variations that are simple and safe?
-a
--
===============================================================================
| EMAIL :: Ara [dot] T [dot] Howard [at] noaa [dot] gov
| PHONE :: 303.497.6469
| ADDRESS :: E/GC2 325 Broadway, Boulder, CO 80305-3328
| URL :: http://www.ngdc.noaa.gov/stp/
| TRY :: for l in ruby perl;do $l -e "print \"\x3a\x2d\x29\x0a\"";done
===============================================================================