Safely parsing cards in clojure

Question

Safely parsing cards in clojure

I am looking for a simple and safe way to parse a card and only a card from a string provided by an unreliable source. The map contains keywords and numbers. What are the security concerns when using readthis?

+3

clojure

Arthur ulfeldt Jan 22 '10 at 18:57

source share

2 answers

, , , eval. :

(apply hash-map 

   (map #(%1 %2) 

        (cycle [#(keyword (apply str (drop 1 %))) 

                #(Integer/parseInt %)]) 

        (string/split ":a 23 :b 32 :c 32" #" ")))

, , , , , .

+2

rosejn 26 . '10 10:52

Alex Osborne · Accepted Answer · 2010-01-25T04:51:13+0000

readby default it is completely unsafe, it allows the execution of arbitrary code. Try (read-string "#=(println \"hello\")")as an example.

You can make it more secure by binding *read-eval*to false. This will throw an exception if notation is used #=. For example:

(binding [*read-eval* false] (read-string "#=(println \"hello\")"))

, , , , (: foo,: bar). , , , . clojure -dev.

Safely parsing cards in clojure

More articles: