CSC/ECE 517 Fall 2010/ch3 3e br: Difference between revisions
No edit summary |
No edit summary |
||
(32 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=eval() | <p style="font-size: 14pt">eval() [Computer Programming]</p> | ||
=Introduction= | |||
The eval facility is one of the most powerful features of Ruby (as well as other dynamic languages). | The eval facility is one of the most powerful features of Ruby (as well as other dynamic languages). | ||
Kernel.eval method will parse and execute an arbitrary string of legal Ruby source code. | Kernel.eval method will parse and execute an arbitrary string of legal Ruby source code. | ||
Line 8: | Line 8: | ||
and compare it with similar mechanisms in other languages. | and compare it with similar mechanisms in other languages. | ||
=Origin= | |||
[http://en.wikipedia.org/wiki/Lisp_%28programming_language%29 LISP] The first actual implementation of | |||
LISP was by Steve Russell. He realized that the Lisp ''eval'' function could be implemented in machine code.[3] The result was a working Lisp interpreter which could be used to run Lisp programs, or more properly, 'evaluate Lisp expressions.' | |||
[http://en.wikipedia.org/wiki/ | [[File:http://en.wikipedia.org/wiki/File:LISP_machine.jpg|<span title="Original LISP machine"></span>] | ||
=Security risks= | |||
[http://en.wikipedia.org/wiki/ | It may seem natural to perform <tt>eval()</tt> on user-supplied data, exposing the entire power of the underlying | ||
programming language with a single statement. For example, on a web site, the programmer might allow the user to | |||
enter an expression, and with trivial effort on the part of the programmer, the result of the expression is computed. | |||
However, a moment's thought reveals the grave security risk posed by such an approach. The user could intentionally | |||
or unintentionally delete files, corrupt files, transmit sensitive information, etc. | |||
=Context= | |||
=Implementation= | |||
==Dynamic Programming Languages== | |||
===Lisp=== | |||
[http://en.wikipedia.org/wiki/File:LISP_machine.jpg Lisp] is the second-oldest high-level programming language in common use | |||
today (after FORTRAN). Invented in 1958 by John McCarthy at Massachusetts Institute of Technology, LISP was first actually implemented | |||
in machine language by Steve Russell, who realized that by implementing the LISP <tt>eval()</tt> function in assembly language, | |||
he could create a working LISP interpreter. | |||
== | ===Perl=== | ||
== | ===Ruby=== | ||
= | |||
= | trane = %q{"John Coltrane".length} | ||
eval trane → 13 | |||
===JavaScript=== | |||
===PHP=== | |||
===Python=== | |||
===ColdFusion=== | |||
==Static Programming Languages== | |||
===Java=== | |||
GroovyShell | GroovyShell | ||
==Command Line interpreters== | |||
===Unix=== | |||
= References = | = References = | ||
[http://en.wikipedia.org/wiki/Eval] Eval, Retrieved October, 2010. | [http://en.wikipedia.org/wiki/Eval] Eval, Retrieved October, 2010. | ||
[http://en.wikipedia.org/wiki/Eval] Eval, Retrieved October, 2010. | |||
[http://www.amazon.com/Programming-Ruby-Pragmatic-Programmers-Second/dp/0974514055/ref=sr_1_2?s=books&ie=UTF8&qid=1286121051&sr=1-2] Programming Ruby: The Pragmatic Programmer's Guide |
Latest revision as of 20:59, 4 October 2010
eval() [Computer Programming]
Introduction
The eval facility is one of the most powerful features of Ruby (as well as other dynamic languages). Kernel.eval method will parse and execute an arbitrary string of legal Ruby source code. To put it plainly, if your Ruby program can generate a string of valid Ruby code, the Kernel.eval method can evaluate that code. The eval facility gives developers the ability to modify the runtime behavior of program. Illustrate the practical advantages of Ruby's eval(...) and compare it with similar mechanisms in other languages.
Origin
LISP The first actual implementation of LISP was by Steve Russell. He realized that the Lisp eval function could be implemented in machine code.[3] The result was a working Lisp interpreter which could be used to run Lisp programs, or more properly, 'evaluate Lisp expressions.'
[[File:http://en.wikipedia.org/wiki/File:LISP_machine.jpg%7C]
Security risks
It may seem natural to perform eval() on user-supplied data, exposing the entire power of the underlying programming language with a single statement. For example, on a web site, the programmer might allow the user to enter an expression, and with trivial effort on the part of the programmer, the result of the expression is computed. However, a moment's thought reveals the grave security risk posed by such an approach. The user could intentionally or unintentionally delete files, corrupt files, transmit sensitive information, etc.
Context
Implementation
Dynamic Programming Languages
Lisp
Lisp is the second-oldest high-level programming language in common use today (after FORTRAN). Invented in 1958 by John McCarthy at Massachusetts Institute of Technology, LISP was first actually implemented in machine language by Steve Russell, who realized that by implementing the LISP eval() function in assembly language, he could create a working LISP interpreter.
Perl
Ruby
trane = %q{"John Coltrane".length}
eval trane → 13
JavaScript
PHP
Python
ColdFusion
Static Programming Languages
Java
GroovyShell
Command Line interpreters
Unix
References
[1] Eval, Retrieved October, 2010.
[2] Eval, Retrieved October, 2010.
[3] Programming Ruby: The Pragmatic Programmer's Guide