Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
ekapro2015-10-14 22:32:46
PHP
ekapro, 2015-10-14 22:32:46

How to check the security of user code before executing in eval?

It is necessary to provide users of the online service with the ability to create formulas (arithmetic and logical operations, branching, variables are allowed).
To solve the problem, I suppose to run user code through eval, after checking for prohibited functions and expressions. We wrote the following regular expression to search for forbidden constructs in the code:
'/[^$\w]([a-zA-Z][\w_]+)|(\$this)/i'
Is such a check sufficient for the safety of running user code ? Maybe there are better solutions to the problem?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
Cat Anton, 2015-10-14
@ekapro

https://github.com/ziadoz/awesome-php#code-analysis

Report
E
evnuh, 2015-10-14
@evnuh

There is an option, of course. It's easier, but less correct. It is correct to write a parser for the syntax of your formulas, it should be primitive for you, judging by the conditions of the problem.

Similar questions
M
Max Ba2017-04-06 13:55:11
How to make a key for a TIN? 3Reply
A
Anholle2019-09-09 11:37:42
How to set up a filter in the feedback form? 0Reply
A
Andrei1penguin12021-04-01 00:37:45
Why don't losses decrease? 3Reply
M
Mylistryx2019-09-30 11:36:00
How to properly implement CRUD when working with DDD and Yii2? 2Reply
Y
Yaroslav2019-10-03 12:49:21
Where and how to find free labor for the for fun project and where to discuss ideas? 7Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question