TypeParsers.jl

Parse strings to Julia types securely.
Author Circo-dev
Github
Popularity
2 Stars
Updated Last
2 Years Ago
Started In
March 2020

TypeParsers

Build Status

Parse strings to Julia types securely (types only, not typed data!).

Motivation

Retrieving a type from a serialized string is a recurring task. Sometimes we can use Julia serialization, other times it is enough to store every serialized type in a dict, but if we want more flexibility, we need a parser. eval() solves the problem, but it has a huge cost: it is inherently insecure as it allows arbitrary code execution (ACE on wikipedia).

TypeParsers takes the easy route and internally uses eval(). To mitigate the security issue we validate the string before evaluation. Validation is based on Tom Short's work: https://gist.github.com/tshort/3835660 (check the validation tests)

Usage

julia> parsedtype = parsetype("Array{Int,1}")
Array{Int64,1}

julia> parsedtype === parsetype("Base.Array{Int,1}")
true

julia> array = parsedtype()
0-element Array{Int64,1}

You can also pass a module as the second argument.

Contributing

Contributions are welcome!

For security issues please use the security label, share your findings without the sensitive details and request to get in to contact! Thank you very much!

Required Packages

No packages found.

Used By Packages