Advice appreciated.
Um, you never permit anything, did you see the synopsis ?
#!/usr/bin/perl --
use strict; use warnings;
use Safe;
my $secret = "my-password-should-never-be-shown\n";
local $ENV{secret} = $secret ;
my @commands = (
q{sub round { return sprintf( "%.$_[1]f", $_[0] ); }
my $in = rand();
my $answer = ( $in + log(10) );
print "what is $in+log(10)?\n";
round( $answer, 3 ); ## this should evaluate just fine
},
q{ print $secret; ## yikes, should be an error },
q{ $secret },
q{ $ENV{secret} },
q{ $$ },
q{ system("ls") ## yikes, should be an error },
q{ `ls` ## yikes, should be an error },
q{ open( FIN, ">", "really-bad-to-write-to-fs" ) ## yikes, shou
+ld be an error },
);
for my $command ( @commands ){
print "\n#### code start \n$command\n#### code end\n";
{
my $compartment = new Safe;
#~ $compartment->permit(qw/ :base_core :base_mem :base_io /);
+ #no
#~ $compartment->permit(qw/ :base_math sprintf print /); # yes
$compartment->permit(qw/ :base_math :base_core :base_mem :base
+_io /); # ues
my $result = $compartment->reval( $command );
print " $compartment => ".($result||"undef")."\n############\n
+\n";
}
}
__END__
#### code start
sub round { return sprintf( "%.$_[1]f", $_[0] ); }
my $in = rand();
my $answer = ( $in + log(10) );
print "what is $in+log(10)?\n";
round( $answer, 3 ); ## this should evaluate just fine
#### code end
what is 0.5277099609375+log(10)?
Safe=HASH(0x99a4ac) => 2.830
############
#### code start
print $secret; ## yikes, should be an error
#### code end
Safe=HASH(0x99a48c) => 1
############
#### code start
$secret
#### code end
Safe=HASH(0xa2ad64) => undef
############
#### code start
$ENV{secret}
#### code end
Safe=HASH(0xb10754) => undef
############
#### code start
$$
#### code end
Safe=HASH(0xb16374) => undef
############
#### code start
system("ls") ## yikes, should be an error
#### code end
Safe=HASH(0xb105f4) => undef
############
#### code start
`ls` ## yikes, should be an error
#### code end
Safe=HASH(0xb10114) => undef
############
#### code start
open( FIN, ">", "really-bad-to-write-to-fs" ) ## yikes, should be
+an error
#### code end
Safe=HASH(0xa628f4) => undef
############
|