Check out the Safe module, it does exactly what you want.

law4:

Because of the arguments suggested previously (security, DOS, etc.), you might want to consider putting your functionality in Javascript and let the code run in the browser. That way you can avoid many(?/most/all?) of the problems with letting the user specify code you'll execute on your server.

Just sayin'...

...roboticus

When your only tool is a hammer, all problems look like your thumb.

thanks, everyone. A sandbox alone is not trustworthy enough.

the problem is intrinsically pretty bad. public internet. And I want one user to make up a question for another anonymous user to answer. (this also means that 'javascript as sandbox' won't work.)

User 1 inputs something like

   $x=round(rand(),1);
   print "If x is $x, then what is x^2?";
[download]

User 2 may see

   if x is 0.5, then what is x^2?
[download]

The '0.5' is obviously computed, based on what user 1 provided. I need to avoid user 1 inputting mischief.

Finally, user 1 receives back what the answer was that user 2 gave and can check whether it was correct. because answers are not algorithms (the way questions are), I can easily sanitize what user 2 provides.

Do I really have to write my own language and parser for this? no one else has?

regards, /iaw

The little requirement that your project has to be multi-user may have merited mention in your OP.

And as to your associated new question -- writing your own language -- I don't see how an eviscerated Perl can still provide even the functionality you've described. So maybe a new language has potential; maybe you simply need to code up a better sandbox; or maybe you should reconsider the design, aiming for a Q&A thread relying on users' machines for the computations.

Well theoretically any Turing complete language is going to be a problem, as it cannot be proved to be secure.

There's a really interesting presentation about these issues here http://boingboing.net/2011/12/28/linguistics-turing-completene.html It's a keynote speech at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity". I highly recommend it, it's definitely worth watching.

So I think you have to write your own language, and only including the functionally that is needed, and keeping it as simple as possible. Parse::RecDescent is a good place to start, it makes working with grammars quite easy :)

The key issue is the complexity of the allowed expressions, if you can keep to a context-free grammar the you might get away with it. But my guess is that you will need to have a human in the loop to check and approve each submission before they go live.

And for your "spit back their input in HTML" problem, search for HTML escaping functions. It can be as simple as: sub escape { $_ = shift; s/&/&amp;/g; s/</&lt;/g; s/>/&gt;/g; s/"/&quot;/g; return $_; }

You do realize that even if you "safe" this, someone can easily DOS you using the right formulas?

In my opinion, the scope of the problem depends on your environment. Using such a thing on the public internet would be a bad idea.

If you have such a tool in your companies intranet (preferably only accessible via some form of authentification), the DOS problem is probably non-existent or at most a one-off thing (e.g. something that can be taken care of permanently by calling the human resources department).

BREW /very/strong/coffee HTTP/1.1
Host: goodmorning.example.com

418 I'm a teapot

This is what throttling is for, and virtual machiines