制作IRC机器人-如何让人们！eval perl / javascript代码？

Question

I'm working on a bot in Perl (based on POE) and so far so good, but I can't figure out how can I add a !js or !perl command to evaluate respective code and return one line of output to be printed into the channel. I found App::EvalServer but I don't get how to use it.

Thanks for any help!

Answer 1

The App::EvalServer module comes with a binary to run as a standalone application . You do not put it in your program but rather run it on it's own. It opens a port where you can hand it code as a json string. This does not sound like a good idea to me either.

There is another module you might want to look at called Safe . I suggest you read through the complete documentation as well as the one to Opcode (linked in the doc) before you do anything with this. YOU CAN DO SERIOUS DAMAGE IF YOU EVALUATE ARBITRARY CODE! Never forget that.

---

UPDATE:

Here's an example of how to capture the output of print or say from your eval ed code. You can use open with a variable to make print ed output always go to that variable. If you switch back afterwards you can work with the captured output in your var. This is called an in-memory file .

use strict; use warnings;
use feature 'say'; 
use Safe;

# Put our STDOUT into a variable
my $printBuffer;
open(my $buffer, '>', \$printBuffer);
# Everything we say and print will go into $printBuffer until we change it back
my $stdout = select($buffer);

# Create a new Safe
my $compartment = new Safe;
$compartment->permit(qw(print)); # for testing

# This is where the external code comes in:
my $external_code = qq~print "Hello World!\n"~;

# Execute the code
my $ret = $compartment->reval($external_code, 1);

# Go back to STDOUT
select($stdout);

printf "The return value of the reval is: %d\n", $ret;
say "The reval's output is:";
say $printBuffer;

# Now you can do whatever you want with your output
$printBuffer =~ s/World/Earth/;
say "After I change it:";
say $printBuffer;

Disclaimer: Use this code at your own risk!

---

Update 2 : After a lengthy discussion in chat, here's what we came up with. It implements a kind of timeout to stop the execution if the reval is taking to long, eg because of an infinite loop.

#!/usr/bin/perl
use warnings;
use strict;
use Safe;
use Benchmark qw(:hireswallclock);

my ($t0, $t1); # Benchmark
my $timedOut = 0;
my $userError = 0;
my $printBuffer;
open (my $buffer, '>', \$printBuffer);
my $stdout = select($buffer);
my $cpmt = new Safe;
$cpmt->permit_only(qw(:default :base_io sleep));
eval
{
        local $SIG{'ALRM'} = sub { $timedOut = 1; die "alarm\n"};
        $t0 = Benchmark->new;
        alarm 2;
        $cpmt->reval('print "bla\n"; die "In the user-code!";');
#         $cpmt->reval('print "bla\n"; sleep 50;');
        alarm 0;
        $t1 = Benchmark->new;
        if ($@)
        {
                $userError = "The user-code died! $@\n";
        }
};
select($stdout);


if ($timedOut)
{
        print "Timeout!\n";
        my $td = timediff($t1, $t0);
        print timestr($td), "\n";
        print $printBuffer;
}
else
{
        print "There was no timeout...\n";
        if ($userError)
        {
                print "There was an error with your code!\n";
                print $userError;
                print "But here's your output anyway:\n";
                print $printBuffer;
        }
        else
        {
          print $printBuffer;
        }
}

Answer 2

Take a look at perl eval() , you can pass it variables/strings and it will evaluate it as if it's perl code. Likewise in javascript, there's also an eval() function that performs similarly.

However, DO NOT EVALUATE ARBITRARY CODE in either perl or javascript unless you can run it in a completely closed environment (and even then, it's still a bad idea). Lot's of people spend lots of time preventing just this from happening . So that's how you'd do it, but you don't want to do it, really at all.