in reply to Accessing variables in an external hash without eval
Consider using a different storage format. I would choose JSON:
Format | Human readable | Arbitary structures (See update below) | 8-bit clean | Version independant | Cross language | May execute code from file | Unexpected network access | Memory usage attack | Comments |
---|---|---|---|---|---|---|---|---|---|
Perl source code (generated manually or by tools like Data::Dumper) | kind of | yes | yes | mostly | no (only perl can parse Perl) | yes | by executable code | by executable code | yes |
Storable | no | yes | yes | no (depends on Perl version, limited compatibility with other versions) | no | no | no | no | no |
XML | yes | yes | no
| yes | yes | no | yes | yes | yes |
YAML | yes (but with strange rules) | yes | yes | yes | yes | yes (may be disabled) | by executabe code | by executabe code | yes |
JSON | yes | yes | yes | yes | yes | no | no | no | no (but some parsers allow Javascript or shell comments) |
INI | yes | no, only HoH | no (escaping rules depend on reader and writer) | yes | yes | no | no | no | yes |
CSV | yes | no, only 2D-Array (AoA) | no (escaping rules depend on reader and writer) | yes | yes | no | no | no | no |
See also Re^4: The safety of string eval and block eval. and Re^2: Storing state of execution
Updates:
"Arbitary structures" was not meant as arbitary as I wrote, thanks tobyink++. It should read something like "any mix of scalars, arrays, and hashes, without circular references, handles, code references, globs".
"Memory usage attack" means that either the parsed file uses significantly more memory (several orders of magnitute) than the file size, or parsing the file may execute code that allocates much memory.
"Unexpected network access" means either that parsing the file completely and correctly may require reading additional data from the internet, or parsing the file may execute code that accesses the network.
"8 bit clean" means that any binary data may be stored and fetched.
Added comments column
Added Data::Dumper
Alexander
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: Accessing variables in an external hash without eval
by tobyink (Canon) on May 17, 2017 at 08:46 UTC | |
by afoken (Chancellor) on May 17, 2017 at 19:55 UTC |