How to safely read contents of mix.lock?

michaeljones · March 31, 2020, 6:40pm

I would like to read the contents of the mix.lock file. It seems to be valid Elixir syntax and so I can do a File.read and a Code.eval_string but eval_string is inherently unsafe and the contents of mix.lock should just be a data structure without any side-effecting code that might be dangerous.

Ideally I think I’m looking for equivalent of ast.literal_eval in Python: https://docs.python.org/3/library/ast.html#ast.literal_eval But I guess there might also be a official module somewhere that helps with this? I don’t know.

I’m playing around with nushell and trying to write a plugin that generates table data from the mix.lock contents. Just a bit of fun. Not going anywhere really.

NobbZ · March 31, 2020, 7:27pm

Take look at credos config loader.

github.com

rrrene/credo/blob/master/lib/credo/exs_loader.ex

defmodule Credo.ExsLoader do
  @moduledoc false

  def parse(exs_string, safe \\ false)

  def parse(exs_string, true) do
    case Code.string_to_quoted(exs_string) do
      {:ok, ast} ->
        {:ok, process_exs(ast)}

      {:error, value} ->
        {:error, value}
    end
  end

  def parse(exs_string, false) do
    {result, _binding} = Code.eval_string(exs_string)

    {:ok, result}
  rescue

This file has been truncated. show original

It’s safe variant basically does load the file and parses it into AST via elixir tooling, but then manually traverses the AST to get the actual value.

I really miss an elixir equivalent of erlangs :file.consult.

michaeljones · April 2, 2020, 11:03am

Thank you for sharing that. I’ll check it out.