coingaming / ex_env

8 stars 0 forks source link

Accept pure functions application #1

Open tim2CF opened 4 years ago

tim2CF commented 4 years ago

Atm ExEnv does not allow any function application in configs for security reasons. But it actually can safely accept any pure function application. For example

foo: -36

will not be accepted now because of &Kernel.-/1 function application. But it make sense to accept pure expressions like this.

hypno2000 commented 4 years ago

how do we distinguish pure functions, by whitelisting?

tim2CF commented 4 years ago

It might be easiest way. In Erlang/Elixir actually there is white list of these functions. Functions which are allowed in guards are pure for sure. If we can introspect them somehow and get list of them in compile-time, will be super cool. But not big deal to copy this list manually as well. https://hexdocs.pm/elixir/guards.html If we do any of these options - we also should implement additional checks of AST or some introspection of currenct namespacing to not allow something like this

import Kernel, except: [{:'-', 1}]
import UnpureOverride, only: [{:'-', 1}]

It definitely can be done, but it's already a lot of job. Issue is not ungrent, it can be worked around with strings + String.to_integer in runtime

foo: "-36"
tim2CF commented 4 years ago

The most short and awesome solution there - just reuse some parts of Erlang/Elixir compiler which are doing validity checks for guard expressions. Something like

valid_guard?(ast) :: boolean

It probably exists somewhere, and already doing all smart checks

tim2CF commented 4 years ago

erl_internal:guard_bif/2 or erl_lint:is_guard_test/1