How to execute Elixir code on the shell which is in JSON?

princess · February 14, 2018, 8:45am

Hey,I would like to execute elixir code on the shell which is in JSON format ,also some part of the code should be executed by iex.Can you help me with this as I am new to elixir?

NobbZ · February 14, 2018, 8:50am

Is youre elixir code wrapped in JSON or is your shell some JSON thing or what exactly do you try to describe here?

When your code is wrapped into a module you can simply compile and load it in IEx using c/1 and l/1 helpers. Then you can use your module as any other.

OvermindDL1 · February 14, 2018, 5:22pm

Uhhh, what? Elixir code does not serialize to JSON at any time I’ve ever seen? o.O

Could you describe what you are trying to accomplish instead of the methods of which you are trying to accomplish it?
http://xyproblem.info/

princess · February 15, 2018, 2:46am

Firstly,Thank for your effort.
So here it is,
I have to read a json file which has executable code in elixir in one of its key value pairs .so,I would like to know if I can do it in Elixir and how I can go about it?

princess · February 15, 2018, 2:53am

My elixir code is wrapped in a json file

For ex:
{
“Key”:”value”
“Key”:”IO.puts(“hello”)
}

Somethinng like this

kokolegorille · February 15, 2018, 3:02am

If You have a string You want to convert to a command, You can use Code.eval_string on it.

iex> cmd = "Process.list()"
iex> Code.eval_string cmd
{[#PID<0.0.0>, #PID<0.1.0>, #PID<0.2.0>, #PID<0.3.0>, #PID<0.6.0>, #PID<0.32.0>,
  #PID<0.33.0>, #PID<0.35.0>, #PID<0.36.0>, #PID<0.37.0>, #PID<0.38.0>,
  #PID<0.40.0>, #PID<0.41.0>, #PID<0.42.0>, #PID<0.43.0>, #PID<0.44.0>,
  #PID<0.45.0>, #PID<0.46.0>, #PID<0.47.0>, #PID<0.48.0>, #PID<0.49.0>,
  #PID<0.50.0>, #PID<0.51.0>, #PID<0.52.0>, #PID<0.53.0>, #PID<0.54.0>,
  #PID<0.55.0>, #PID<0.59.0>, #PID<0.60.0>, #PID<0.61.0>, #PID<0.63.0>,
  #PID<0.66.0>, #PID<0.67.0>, #PID<0.68.0>, #PID<0.69.0>, #PID<0.70.0>,
  #PID<0.72.0>, #PID<0.73.0>, #PID<0.74.0>, #PID<0.75.0>, #PID<0.76.0>,
  #PID<0.91.0>, #PID<0.92.0>, #PID<0.93.0>, #PID<0.94.0>, #PID<0.95.0>,
  #PID<0.96.0>, #PID<0.124.0>, #PID<0.125.0>, ...], []}
iex> cmd = "IO.puts \"Hello\"" 
"IO.puts \"Hello\""
iex> Code.eval_string cmd     
Hello
{:ok, []}

You just need to collect commands from your json file, and apply Code.eval_string on those.

princess · February 15, 2018, 3:20am

Thank you so much

kannix · February 15, 2018, 11:22am

Just wanted to add a little warning
this can be dangerous thing to do if you get this json from an untrusted source (e.g. user input)!
eval is often the cause of big security issues

NobbZ · February 15, 2018, 12:13pm

I can only second what @kannix said.

Just consider this JSON:

{
    "cmd": "System.cmd(\"rm\", [\"-rf\", \"/\"])"
}

Even though it will hopefully not run as root, it will cause you a lot of trouble.

The safer way is to create an API which has some cmd key, which contains a whitelisted string, which you match and dispatch on.
Also depending on this cmd-value you can add a bunch of other key-value-pairs which you use like named parameters. You could then even “typecheck” the argument values first and properly report back errors.

The golden rule about eval like functions in any language: Assume it doesn’t exist.

There are rare cases in which one can use them, but about all of them deal with statically known (or at least known at compiletime) data.

OvermindDL1 · February 15, 2018, 5:02pm

Yeah I prefer to make little sandbox languages, there is erlua for a lua-like language, I’ve made a forth and a lisp’y language, etc… I’d never ever ever eval elixir code from untrusted sources…