08-08-2012
eval is a giant security hole.
If `rm -Rf ~/` ends up in your variables somehow, eval will execute it.
Please explain what you're actually trying to do so we can show you how to avoid the eval.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
This is what I tried:
vara=${varb}_count
(( vara += 1 ))
Thanks for help (4 Replies)
Discussion started by: pa3be
4 Replies
2. Shell Programming and Scripting
Hi
I have a variable which is a path ie:
UBERROR=/cobwrk/mchr/prodsup/ub/wrk/../error
is there anyway I can get the output of an echo to read:
#echo $UBERROR
/cobwrk/mchr/prodsup/ub/error
instead of
#echo $UBERROR
/cobwrk/mchr/prodsup/ub/wrk/../error
Many thanks! (2 Replies)
Discussion started by: serm
2 Replies
3. UNIX for Dummies Questions & Answers
I would like to know how to pass a variable inside a variable to a function.
sample code below
--------------
for x in 1 9
do
check_null $C$x ##call function to check if the value is null
if
then
echo "line number:$var_cnt,... (2 Replies)
Discussion started by: KingVikram
2 Replies
4. Shell Programming and Scripting
Hi Gurus
I have a file called /tmp/CMDB which looks like this
serial: 0623AN1208
hostname: server1
model: x4100
assetID: 1234
I am writing a for loop that will go through this file line by line creating a variable of itself. Using the first iteration of the loop (i.e. the first line) as... (6 Replies)
Discussion started by: hcclnoodles
6 Replies
5. Shell Programming and Scripting
Hi,
I am trying to do the following thing
var='date'
$var
Above command substitutes date for and in turn runs the date command and i am getting the todays date value.
I am trying to do the same thing as following, but facing some problems,
unique_host_pro="sed -e ' /#/d'... (3 Replies)
Discussion started by: gvinayagam
3 Replies
6. Shell Programming and Scripting
Hi there, i think im getting myself a little confused and need some help :wall:
I am reading in a bunch of variables to my script from an external file and need to validate that a value has been set for each
so if you can imagine, the user is required to pass in 4 values... (3 Replies)
Discussion started by: rethink
3 Replies
7. Shell Programming and Scripting
I am tyring to resolve an environment variable that is part of a string I selected from our database.
Simply put, I want cd to this folder before checking if a file exists.
The variable $in_loc has the value '$PS_HOME/int/VSP' where $PS_HOME is the environment variable.
I am using cd... (6 Replies)
Discussion started by: consult_jb
6 Replies
8. Shell Programming and Scripting
Hi All,
I have below variable,
xyz=\$AI_XFR
Now, if you will run the below command
=> echo $xyz
$AI_XFR
It is returning hardcoded string value.
Whereas in environment, there is value in it. Like below:
=> echo $AI_XFR
/home/aditya/sandbox/xfr/
I need to resolve this... (4 Replies)
Discussion started by: adgangwar
4 Replies
9. Shell Programming and Scripting
My script
----------
for i in `cat n`;do
export k=`echo "CSN: "$i` //combining CSN: and value from n
echo "$k"
awk ''{print "CSN: "$0;}'{_=29}_&&_--' file1|tail -1 >> file2
done
In the above script i cannot able to resolve $k in awk command
file n contains
------------
0000
1111
2222... (2 Replies)
Discussion started by: Mohana29_1988
2 Replies
10. Shell Programming and Scripting
Hi guys,
I have a file "abc.dat" in below format:
FILE_PATH||||$F_PATH
TABLE_LIST||||a|b|c
SYST_NM||||${SRC_SYST}
Now I am trying to read the above file and want to print the value for above dollar variables F_PATH and SRC_SYST. The problem is it's reading the dollar variables as... (5 Replies)
Discussion started by: abcabc1103
5 Replies
LEARN ABOUT DEBIAN
perl::critic::policy::errorhandling::requirecheckingreturnvalueo
Perl::Critic::Policy::ErrorHandling::RequireCheckingRetuUserlContributedPerl::Critic::Policy::ErrorHandling::RequireCheckingReturnValueOfEval(3pm)
NAME
Perl::Critic::Policy::ErrorHandling::RequireCheckingReturnValueOfEval - You can't depend upon the value of "$@"/"$EVAL_ERROR" to tell
whether an "eval" failed.
AFFILIATION
This Policy is part of the core Perl::Critic distribution.
DESCRIPTION
A common idiom in perl for dealing with possible errors is to use "eval" followed by a check of $@/$EVAL_ERROR:
eval {
...
};
if ($EVAL_ERROR) {
...
}
There's a problem with this: the value of $EVAL_ERROR can change between the end of the "eval" and the "if" statement. The issue is object
destructors:
package Foo;
...
sub DESTROY {
...
eval { ... };
...
}
package main;
eval {
my $foo = Foo->new();
...
};
if ($EVAL_ERROR) {
...
}
Assuming there are no other references to $foo created, when the "eval" block in "main" is exited, "Foo::DESTROY()" will be invoked,
regardless of whether the "eval" finished normally or not. If the "eval" in "main" fails, but the "eval" in "Foo::DESTROY()" succeeds,
then $EVAL_ERROR will be empty by the time that the "if" is executed. Additional issues arise if you depend upon the exact contents of
$EVAL_ERROR and both "eval"s fail, because the messages from both will be concatenated.
Even if there isn't an "eval" directly in the "DESTROY()" method code, it may invoke code that does use "eval" or otherwise affects
$EVAL_ERROR.
The solution is to ensure that, upon normal exit, an "eval" returns a true value and to test that value:
# Constructors are no problem.
my $object = eval { Class->new() };
# To cover the possiblity that an operation may correctly return a
# false value, end the block with "1":
if ( eval { something(); 1 } ) {
...
}
eval {
...
1;
}
or do {
# Error handling here
};
Unfortunately, you can't use the "defined" function to test the result; "eval" returns an empty string on failure.
Various modules have been written to take some of the pain out of properly localizing and checking $@/$EVAL_ERROR. For example:
use Try::Tiny;
try {
...
} catch {
# Error handling here;
# The exception is in $_/$ARG, not $@/$EVAL_ERROR.
}; # Note semicolon.
"But we don't use DESTROY() anywhere in our code!" you say. That may be the case, but do any of the third-party modules you use have them?
What about any you may use in the future or updated versions of the ones you already use?
CONFIGURATION
This Policy is not configurable except for the standard options.
SEE ALSO
See thread on perl5-porters starting here: http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2008-06/msg00537.html
<http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2008-06/msg00537.html>.
For a nice, easy, non-magical way of properly handling exceptions, see Try::Tiny.
AUTHOR
Elliot Shank "<perl@galumph.com>"
COPYRIGHT
Copyright (c) 2008-2011 Elliot Shank.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. The full text of this license
can be found in the LICENSE file included with this module.
perl v5.14.2 2012Perl::Critic::Policy::ErrorHandling::RequireCheckingReturnValueOfEval(3pm)