kingdomcoder
Parsing a Struct String - Code.eval_string/3? Custom Parser? Other Options?
After a few (successful?) attempts at creating DSLs to get structured data from users, I realized that Elixir structs’ syntax fits perfectly what we’re looking for.
My idea is to allow users to type in text that’s valid Elixir for given structs (atom keys) and then read/parse that into internal data structures.
I’ve considered using Code.eval_string/3, a thin layer on Poison’s custom decoders, and building a parser combinator from scratch with NimbleParsec.
How would you suggest I proceed (and why, please)?
These are the factors I’m evaluating to choose what approach to take
- The security of the approach
- The time and effort required to implement the approach
- The work required for future maintenance and extensibility
Any help is greatly appreciated.
Marked As Solved
hst337
Just use Code.string_to_quoted and traverse the AST. It is very easy to do
Also Liked
dorgan
Keep in mind that Code.string_to_quoted is as unsafe as String.to_atom. A new atom will be created for each key, identifier, etc in your input, so it’s an invitation to denial of service. You can avoid this by using :static_atoms_encoder but never, ever parse user input without taking that into account.
D4no0
Code.eval_string/3 is not safe, as you have full access to the runtime system, you can read the warning in the documentation.
kingdomcoder
I’ll try this and get back to you.
Thank you
Popular in Questions
Other popular topics
Latest on Elixir Forum
Sponsor Spotlight
The deployment platform built for Elixir: PaaS ease, VPS control.
Categories:
Sub Categories:
Forums
Our Sponsors
Build Elixir applications with speed and confidence.
Supporting innovation across the BEAM ecosystem.
We build reliable cloud platforms for business-critical systems.
Catch errors, track performance, monitor hosts and more.
Practical resources that improve the lives of professional developers.
Develop your skills with books, videos, and courses.
The deployment platform built for Elixir: PaaS ease, VPS control.
Courses that'll move you from confusion to "Aha, now I get it!"