Borrar filtros
Borrar filtros

Matlab EVAL – limit access scope to a selected subset of built-in functions / variables?

4 visualizaciones (últimos 30 días)
Sergey Miropolsky
Sergey Miropolsky el 15 de Nov. de 2020
Editada: Sergey Miropolsky el 15 de Nov. de 2020
Dear Matlab Community,
There's a non-trivial issue in Matlab I'm currently being puzzled with. Perhaps someone has faced similar question before.
Imagine, there's some user input imported previously from an external ini-file, consisting of a list of variable names, variable values and an equation to evalute, e.g.
names = { 'var1', 'var2' };
values = { 1.23, 4.56 };
equation = 'db( var1 / var2 )';
Is there a clean way to evaluate such input to a result, limiting the access scope during the evaluation to user variables and built-in mathematical functions only?
The user variables can be assigned to a cleared workspace of a dedicated function, and the evaluation can be performed there, so that no other variables except for user ones will be accessible for the evaluation, e.g.:
% evaluate user function in a workspace containing user parameters only
function out = cleanEval( equation, names, values )
% descend into a subfunction to operate on this workspace
out = cleanEvalCore( equation, names, values );
function out = cleanEvalCore( equation, names, values )
% clear all variables from the caller workspace (we have them here)
evalin( 'caller', 'clear' );
% assign user variables from names/values to the caller workspace
for ii = 1 : numel( names )
assignin( 'caller', names{ ii }, values{ ii } );
end
% evaluate user function in the caller workspace
out = evalin( 'caller', equation );
However, as long as EVAL is used for evaluation, there's a possible misuse case to enter a third code into the user function, e.g.
names = { 'var1', 'var2' };
values = { 1.23, 4.56 };
equation = 'myGUI.closeWindow()';
or e.g.
equation = '!format C:\';
... which might lead to interesting consequences if evaluated as is.
Converting the equation string to a 'function handle of user variables' does not solve the issue, since any third command inside the equation will still be evaluated.
Is there a typical way to limit the scope for a single evaluation statement, so that it only can access the standard math functions (e.g. min/max/sin/cos/exp/log/db) or functions of a given list, but nothing else?
Or is there a way to evaluate the equation with some built-in math. engine instead of EVAL?
  2 comentarios
Mario Malic
Mario Malic el 15 de Nov. de 2020
I might have misunderstood the whole question, but does str2func sound useful for your case?
Walter Roberson
Walter Roberson el 15 de Nov. de 2020
no, that does nothing to restrict which functions can be called, at least not without preprocessing to verify compliance.

Iniciar sesión para comentar.

Iniciar sesión para responder a esta pregunta.

Respuesta aceptada

Walter Roberson
Walter Roberson el 15 de Nov. de 2020
The way using eval involves manipulating the MATLAB path to expose only the functions you want to be accessible. As a lot of built-in functions do not appear on the path (the mechanism that the built-in libraries are linked in is unspecified) this can require implementing the built-in functions yourself.
This approach is risky, and if you have a pressing need for this then I recommend that you open a technical support case to consult with the Cody team about how they handle restrictions.
Or... you can take the much more secure route of designing a small "language" that only defines the features you want, and use parsing / interpreter techniques to execute it. Pattern match 'sin' and pull out the arguments and call sin yourself.
  3 comentarios
Mostrar 1 comentario más antiguo
Sergey Miropolsky
Sergey Miropolsky el 15 de Nov. de 2020
Editada: Sergey Miropolsky el 15 de Nov. de 2020
@Stephen Cobeldick,
yes, this is exactly what I was looking for! Thanks!

Iniciar sesión para comentar.

Más respuestas (0)

Categorías

Más información sobre Manage Products en Help Center y File Exchange.

Etiquetas

Productos

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by