CSC/ECE 517 Fall 2010/ch3 3e br: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
No edit summary
 
(29 intermediate revisions by the same user not shown)
Line 1: Line 1:
=eval() [Computer Programming]=
<p style="font-size: 14pt">eval() [Computer Programming]</p>
==Introduction==
=Introduction=
The eval facility is one of the most powerful features of Ruby (as well as other dynamic languages).  
The eval facility is one of the most powerful features of Ruby (as well as other dynamic languages).  
Kernel.eval method will parse and execute an arbitrary string of legal Ruby source code.  
Kernel.eval method will parse and execute an arbitrary string of legal Ruby source code.  
Line 8: Line 8:
and compare it with similar mechanisms in other languages.
and compare it with similar mechanisms in other languages.


==Origin==
=Origin=
[http://en.wikipedia.org/wiki/Lisp_%28programming_language%29 LISP] The first actual implementation of  
[http://en.wikipedia.org/wiki/Lisp_%28programming_language%29 LISP] The first actual implementation of  
LISP was by Steve Russell.  He realized that the Lisp ''eval'' function could be implemented in machine code.[3]  The result was a working Lisp interpreter which could be used to run Lisp programs, or more properly, 'evaluate Lisp expressions.'
LISP was by Steve Russell.  He realized that the Lisp ''eval'' function could be implemented in machine code.[3]  The result was a working Lisp interpreter which could be used to run Lisp programs, or more properly, 'evaluate Lisp expressions.'
[[Image:http://en.wikipedia.org/wiki/File:LISP_machine.jpg]]


==Security risks==
[[File:http://en.wikipedia.org/wiki/File:LISP_machine.jpg|<span title="Original LISP machine"></span>]
[http://en.wikipedia.org/wiki/Eval] Eval, Retrieved October, 2010.
 
=Security risks=
It may seem natural to perform <tt>eval()</tt> on user-supplied data, exposing the entire power of the underlying
programming language with a single statement.  For example, on a web site, the programmer might allow the user to
enter an expression, and with trivial effort on the part of the programmer, the result of the expression is computed. 
However, a moment's thought reveals the grave security risk posed by such an approach.  The user could intentionally
or unintentionally delete files, corrupt files, transmit sensitive information, etc.


==Context==
=Context=


==Implementation==
=Implementation=
===Dynamic Programming Languages===
==Dynamic Programming Languages==
====Lisp====
===Lisp===


[http://en.wikipedia.org/wiki/File:LISP_machine.jpg Lisp] is the second-oldest high-level programming language in common use
[http://en.wikipedia.org/wiki/File:LISP_machine.jpg Lisp] is the second-oldest high-level programming language in common use
today (after FORTRAN).  Invented in 1958 by John McCarthy at Massachusetts Institute of Technology, LISP was first actually implemented  
today (after FORTRAN).  Invented in 1958 by John McCarthy at Massachusetts Institute of Technology, LISP was first actually implemented  
[[Image:http://en.wikipedia.org/wiki/File:LISP_machine.jpg]]
in machine language by Steve Russell, who realized that by implementing the LISP <tt>eval()</tt> function in assembly language,
he could create a working LISP interpreter.
 
===Perl===


====Perl====
===Ruby===
 


====Ruby====
  trane = %q{"John Coltrane".length}


====JavaScript====
  eval trane &rarr; 13


====PHP====
===JavaScript===


====Python====
===PHP===


====ColdFusion====
===Python===


===Static Programming Languages===
===ColdFusion===
====Java====
 
==Static Programming Languages==
===Java===
GroovyShell
GroovyShell


===Command Line interpreters===
==Command Line interpreters==


====Unix====
===Unix===


= References =
= References =
[http://en.wikipedia.org/wiki/Eval] Eval, Retrieved October, 2010.
[http://en.wikipedia.org/wiki/Eval] Eval, Retrieved October, 2010.
[http://en.wikipedia.org/wiki/Eval] Eval, Retrieved October, 2010.
[http://www.amazon.com/Programming-Ruby-Pragmatic-Programmers-Second/dp/0974514055/ref=sr_1_2?s=books&ie=UTF8&qid=1286121051&sr=1-2] Programming Ruby: The Pragmatic Programmer's Guide

Latest revision as of 20:59, 4 October 2010

eval() [Computer Programming]

Introduction

The eval facility is one of the most powerful features of Ruby (as well as other dynamic languages). Kernel.eval method will parse and execute an arbitrary string of legal Ruby source code. To put it plainly, if your Ruby program can generate a string of valid Ruby code, the Kernel.eval method can evaluate that code. The eval facility gives developers the ability to modify the runtime behavior of program. Illustrate the practical advantages of Ruby's eval(...) and compare it with similar mechanisms in other languages.

Origin

LISP The first actual implementation of LISP was by Steve Russell. He realized that the Lisp eval function could be implemented in machine code.[3] The result was a working Lisp interpreter which could be used to run Lisp programs, or more properly, 'evaluate Lisp expressions.'

[[File:http://en.wikipedia.org/wiki/File:LISP_machine.jpg%7C]

Security risks

It may seem natural to perform eval() on user-supplied data, exposing the entire power of the underlying programming language with a single statement. For example, on a web site, the programmer might allow the user to enter an expression, and with trivial effort on the part of the programmer, the result of the expression is computed. However, a moment's thought reveals the grave security risk posed by such an approach. The user could intentionally or unintentionally delete files, corrupt files, transmit sensitive information, etc.

Context

Implementation

Dynamic Programming Languages

Lisp

Lisp is the second-oldest high-level programming language in common use today (after FORTRAN). Invented in 1958 by John McCarthy at Massachusetts Institute of Technology, LISP was first actually implemented in machine language by Steve Russell, who realized that by implementing the LISP eval() function in assembly language, he could create a working LISP interpreter.

Perl

Ruby

 trane = %q{"John Coltrane".length}
 eval trane → 13

JavaScript

PHP

Python

ColdFusion

Static Programming Languages

Java

GroovyShell

Command Line interpreters

Unix

References

[1] Eval, Retrieved October, 2010.

[2] Eval, Retrieved October, 2010.

[3] Programming Ruby: The Pragmatic Programmer's Guide