有没有一种安全的方法可以在 Perl 中使用 eval 解冻 Data::Dumper 输出?

发布于 2024-08-17 20:23:08 字数 529 浏览 8 评论 0原文

我有一个使用冻结数据的对象:

sub frozen_data {
    my $self = shift;

    $Data::Dumper::Indent = 0;
    $Data::Dumper::Terse  = 1;
    return Data::Dumper->Dump( [ $self->{_DATA}, ] );
}

以及相应的解冻:

sub thaw_data {
    my ($self) = @_;

    $self->{_DATA} = eval $self->{DATA};
}

这似乎运行良好,有什么问题吗?我也尝试通过 perlcritic 运行这个,我得到了这个:

Expression form of "eval" at line 69, column 22.  See page 161 of PBP.  (Severity: 5)

写这个的更好方法是什么?

I have an object that uses freezes data as such:

sub frozen_data {
    my $self = shift;

    $Data::Dumper::Indent = 0;
    $Data::Dumper::Terse  = 1;
    return Data::Dumper->Dump( [ $self->{_DATA}, ] );
}

and a corresponding thaw:

sub thaw_data {
    my ($self) = @_;

    $self->{_DATA} = eval $self->{DATA};
}

this seems to work well, are there any issues with it? I also tried running this by perlcritic, and I get this:

Expression form of "eval" at line 69, column 22.  See page 161 of PBP.  (Severity: 5)

What's the better way to write this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

空心↖ 2024-08-24 20:23:08

你可以通过告诉 Perl Critic to STFU 来解决这个问题:)

 $self->{_DATA} = eval $self->{DATA}; ## no critic

有时你需要做的事情通常是一种不好的做法。

You get around it by telling Perl Critic to STFU :)

 $self->{_DATA} = eval $self->{DATA}; ## no critic

Sometimes you need to do the thing that is only generally a bad practice.

旧梦荧光笔 2024-08-24 20:23:08

决定您想要允许或禁止的内容,并设置一个 Safe 隔间并使用其 reval 方法。

Decide what you want to allow or forbid and set up a Safe compartment and use its reval method.

雨落星ぅ辰 2024-08-24 20:23:08

只要您知道该数据的唯一来源是您自己使用 Dumper 创建的冻结数据,就可以了。

另一种方法是使用 Dumper 之外的其他工具,例如 Storable

As long as you know the only source of that data is the frozen data you yourself have created using Dumper, you're fine.

The alternative is to use something other than Dumper, such as Storable.

Oo萌小芽oO 2024-08-24 20:23:08

如果您要解冻 Data::Dumper 的输出,就没有办法解决这个问题。另一种选择是可存储

如果您接受不受信任的输入并将其未经检查地交给 eval,您应该立即重新设计此机制,因为它让前门敞开。对于整理内部数据,我不会担心这个警告。

There's no way around it if you're thawing output from Data::Dumper. An alternative is Storable.

If you're accepting untrusted inputs and handing them unchecked to eval, you should immediately redesign this mechanism because it leaves the front door wide open. For marshalling internal data, I wouldn't sweat the warning.

婴鹅 2024-08-24 20:23:08

对于任何关注此问题并想知道是否要推出自己的序列化的人,通过查看这篇博客文章可能会有所裨益,该文章比较了几个现有序列化程序的列表,并给出了每个序列化程序的一些优点和缺点:

http://blogs.perl.org/users/steven_haryanto/2010/ 09/comparison-of-perl-serialization-modules.html

他提到了 Data::Dumper、Storable、YAML::XS、Data::Dump、XML::Dumper、JSON::XS、JSYNC 和 FreezeThaw 。他的结论是,所有这些都缺少一些功能:

总之,选择是好的,但我还没有找到我的完美将军
序列化模块还没有。我最喜欢的两个是 Storable 和 YAML::XS。
如果 JSYNC 更快并且支持正则表达式,或者如果 YAML::XS 或 YAML::Syck
[可以]输出内联/紧凑的 YAML,这将像我一样接近完美
想要它。

另请参阅人们在评论中提出的观点。获得以前遇到过问题的人的观点是件好事,等等。

如果您正在滚动自己的序列化,您可能想看看那里提到的优点和缺点(速度、处理正则表达式等问题的能力和循环引用等)。这可能会为您避免一些您没有意识到可能会遇到的问题。

另外,当您使用 Dumper 进行序列化时,最好了解 Data::Dumper 为您提供的所有输出选项。

是否会进入一个数据库,在未来的某个时间,有人会想要使用 LIKE 模式执行 SQL 查询?如果是这样,你会很高兴你使用了 Sortkeys,因为这样你就可以像 '%akey=front%ckey=front_of_c%' 那样做,并且你只需要担心一个排序而不是 n 阶乘。

作为一个例子,这是我的一个朋友使用 Dumper 进行序列化的内容:

my $deflated = Data::Dumper->new([$data])->Purity(1)->Terse(1)->Deepcopy(1)->Sortkeys(1)->Indent(1)->Dump;

我建议阅读 Dumper 的文档,以便您可以了解这些选项所做的修改。

For anyone looking at this and wondering whether to roll their own serialization, there might be some benefit gained by looking at this blog post that compares a list of several existing serializers and gives some advantages and disadvantages of each:

http://blogs.perl.org/users/steven_haryanto/2010/09/comparison-of-perl-serialization-modules.html

He mentions Data::Dumper, Storable, YAML::XS, Data::Dump, XML::Dumper, JSON::XS, JSYNC, and FreezeThaw. He concludes that there are features missing from all of them:

In conclusion, choice is good but I have not found my perfect general
serialization module yet. My two favorites are Storable and YAML::XS.
If JSYNC [was] faster and supported Regexp, or if YAML::XS or YAML::Syck
[could] output inline/compact YAML, that would be as near to perfect as I
would like it.

Also see the points people made in the comments. It's just good to get the perspective of people who've run into issues before, etc.

If you are rolling your own serialization, you might want to look at the pros and cons mentioned there (speed, ability to handle things like regular expressions and circular references, etc). This can possibly head off problems for you that you haven't realized you were likely to run into.

Also, when you are using Dumper for serialization, it's good to understand all the options Data::Dumper gives you for output.

Is it going into a database where, some time in the future, someone is going to want to do a SQL query with a LIKE pattern? If so, you'll be happy you used Sortkeys because then you can do LIKE '%akey=front%ckey=front_of_c%' and you only have one ordering to worry about instead of n factorial.

As an example, here's what a friend of mine uses for serialization with Dumper:

my $deflated = Data::Dumper->new([$data])->Purity(1)->Terse(1)->Deepcopy(1)->Sortkeys(1)->Indent(1)->Dump;

I would recommend reading the docs of Dumper so you can understand what modifications those options make.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文