Matlab EVAL – limit access scope to a selected subset of built-in functions / variables?

3 ビュー (過去 30 日間)
Sergey Miropolsky
Sergey Miropolsky 2020 年 11 月 15 日
編集済み: Sergey Miropolsky 2020 年 11 月 15 日
Dear Matlab Community,
There's a non-trivial issue in Matlab I'm currently being puzzled with. Perhaps someone has faced similar question before.
Imagine, there's some user input imported previously from an external ini-file, consisting of a list of variable names, variable values and an equation to evalute, e.g.
names = { 'var1', 'var2' };
values = { 1.23, 4.56 };
equation = 'db( var1 / var2 )';
Is there a clean way to evaluate such input to a result, limiting the access scope during the evaluation to user variables and built-in mathematical functions only?
The user variables can be assigned to a cleared workspace of a dedicated function, and the evaluation can be performed there, so that no other variables except for user ones will be accessible for the evaluation, e.g.:
% evaluate user function in a workspace containing user parameters only
function out = cleanEval( equation, names, values )
% descend into a subfunction to operate on this workspace
out = cleanEvalCore( equation, names, values );
function out = cleanEvalCore( equation, names, values )
% clear all variables from the caller workspace (we have them here)
evalin( 'caller', 'clear' );
% assign user variables from names/values to the caller workspace
for ii = 1 : numel( names )
assignin( 'caller', names{ ii }, values{ ii } );
end
% evaluate user function in the caller workspace
out = evalin( 'caller', equation );
However, as long as EVAL is used for evaluation, there's a possible misuse case to enter a third code into the user function, e.g.
names = { 'var1', 'var2' };
values = { 1.23, 4.56 };
equation = 'myGUI.closeWindow()';
or e.g.
equation = '!format C:\';
... which might lead to interesting consequences if evaluated as is.
Converting the equation string to a 'function handle of user variables' does not solve the issue, since any third command inside the equation will still be evaluated.
Is there a typical way to limit the scope for a single evaluation statement, so that it only can access the standard math functions (e.g. min/max/sin/cos/exp/log/db) or functions of a given list, but nothing else?
Or is there a way to evaluate the equation with some built-in math. engine instead of EVAL?
  2 件のコメント
Mario Malic
Mario Malic 2020 年 11 月 15 日
I might have misunderstood the whole question, but does str2func sound useful for your case?
Walter Roberson
Walter Roberson 2020 年 11 月 15 日
no, that does nothing to restrict which functions can be called, at least not without preprocessing to verify compliance.

サインインしてコメントする。

サインインしてこの質問に回答する。

採用された回答

Walter Roberson
Walter Roberson 2020 年 11 月 15 日
The way using eval involves manipulating the MATLAB path to expose only the functions you want to be accessible. As a lot of built-in functions do not appear on the path (the mechanism that the built-in libraries are linked in is unspecified) this can require implementing the built-in functions yourself.
This approach is risky, and if you have a pressing need for this then I recommend that you open a technical support case to consult with the Cody team about how they handle restrictions.
Or... you can take the much more secure route of designing a small "language" that only defines the features you want, and use parsing / interpreter techniques to execute it. Pattern match 'sin' and pull out the arguments and call sin yourself.
  3 件のコメント
1 件の古いコメントを表示
Stephen23
Stephen23 2020 年 11 月 15 日
編集済み: Stephen23 2020 年 11 月 15 日
Sergey Miropolsky
Sergey Miropolsky 2020 年 11 月 15 日
編集済み: Sergey Miropolsky 2020 年 11 月 15 日
@Stephen Cobeldick,
yes, this is exactly what I was looking for! Thanks!

サインインしてコメントする。

その他の回答 (0 件)

カテゴリ

Help Center および File ExchangeStartup and Shutdown についてさらに検索

タグ

製品

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by