Parse strings to Julia types securely.
Author Circo-dev
2 Stars
Updated Last
2 Years Ago
Started In
March 2020


Build Status

Parse strings to Julia types securely (types only, not typed data!).


Retrieving a type from a serialized string is a recurring task. Sometimes we can use Julia serialization, other times it is enough to store every serialized type in a dict, but if we want more flexibility, we need a parser. eval() solves the problem, but it has a huge cost: it is inherently insecure as it allows arbitrary code execution (ACE on wikipedia).

TypeParsers takes the easy route and internally uses eval(). To mitigate the security issue we validate the string before evaluation. Validation is based on Tom Short's work: https://gist.github.com/tshort/3835660 (check the validation tests)


julia> parsedtype = parsetype("Array{Int,1}")

julia> parsedtype === parsetype("Base.Array{Int,1}")

julia> array = parsedtype()
0-element Array{Int64,1}

You can also pass a module as the second argument.


Contributions are welcome!

For security issues please use the security label, share your findings without the sensitive details and request to get in to contact! Thank you very much!

Required Packages

No packages found.

Used By Packages