Math-Expression
3 results

 view release on metacpan or  search on metacpan

Expression.pm  view on Meta::CPAN 

The program may set initial values for variables and obtain their values once the expression
has been evaluated.

The name-space is managed (for security), user provided functions may be specified to set/get
variable values.
Error messages may be via a user provided function.
This is not designed for high computation use.

=head1 EXAMPLE

Shipping cost depends on item price by some arbitrary formula. The VAT amount can also
vary depending on political edict. Rather than nail these formula into the application code the
formula are obtained at run time from some configuration source. These formula are
entered by a non technical manager and are thus not to be trusted.

    use Math::Expression;
    my $ArithEnv = new Math::Expression;

# Obtain from a configuration source:
    my $ShippingFormula = 'Price >= 100 ? Price * 0.1 : (Price >= 50 ? Price * 0.15 : Price * 0.2)';
    my $VatFormula = 'VatTax := Price * 0.2';

# Price of what you are selling, set the price variable:
    my $price = 100;
    $ArithEnv->VarSetScalar('Price', $price);

# Obtain VAT & Shipping using the configured formula:
    my $VatTax = $ArithEnv->ParseToScalar($VatFormula);
    my $Shipping  = $ArithEnv->ParseToScalar($ShippingFormula);

    say "Price=$price VatTax=$VatTax Shipping=$Shipping";

# If these will be run many times, parse the formula once:

    my $VatExpr = $ArithEnv->Parse($VatFormula);
    my $ShipExpr = $ArithEnv->Parse($ShippingFormula);

# Evaluate it with the current price many times:

    $ArithEnv->VarSetScalar('Price', $price);
    $VatTax = $ArithEnv->EvalToScalar($VatExpr);
    $Shipping = $ArithEnv->EvalToScalar($ShipExpr);

README  view on Meta::CPAN 


Evaluating an expression from an untrusted source can result in security or denial of service attacks.
Sometimes this needs to be done to do what the user wants, ie you have to allow a user
to enter an expression that is evaluated.

This module solves the problem of evaluating expressions read from sources such as config/...
files and user web forms without the use of C<eval>.
String and arithmetic operators are supported (as in C/Perl),
as are: variables, loops, conditions, arrays and be functions (inbuilt & user defined).

For instance, shipping cost depends on item price by some arbitrary formula. The VAT amount can also
vary depending on political edict. Rather than nail these formula into the application code the
formula are obtained at run time from some configuration source. These formula are probably
entered by a non technical manager and are thus not to be trusted.

	use Math::Expression;
	my $ae = new Math::Expression;

# Obtain from a configuration source:
	my $ShippingFormula = 'Price >= 100 ? Price * 0.1 : (Price >= 50 ? Price * 0.15 : Price * 0.2)';
	my $VatFormula = 'VatTax := Price * 0.2';

# Price of what you are selling, set the price variable:
	my $price = 100;
	$ae->VarSetScalar('Price', $price);

# Obtain VAT & Shipping using the configured formula:
	my $VatTax = $ae->ParseToScalar($VatFormula);
	my $Shipping  = $ae->ParseToScalar($ShippingFormula);

	say "Price=$price VatTax=$VatTax Shipping=$Shipping";

# If these will be run many times, parse the formula once:

	my $VatExpr = $ae->Parse($VatFormula);
	my $ShipExpr = $ae->Parse($ShippingFormula);

# Evaluate it with the current price many times:

	$ae->VarSetScalar('Price', $price);
	$VatTax = $ae->EvalToScalar($VatExpr);
	$Shipping = $ae->EvalToScalar($ShipExpr);


If there is a typeo in the formula, the program will continue to run since it is not in
the program source code. Math::Expression returns an error that can be logged.

If the formula code was malicious then no harm will be done to the computing system,
the code is parsed and interpretted by this modle, what it can do is limited. Ie the code
is not run using perl's eval.

String and arithmetic operators are supported, as are: variables, loops, conditions, arrays
and functions.

The program may set initial values for variables and obtain their values once the expression
has been evaluated.

The name-space is managed (forsecurity), user provided functions may be specified to set/get variable values.

README.in  view on Meta::CPAN 


Evaluating an expression from an untrusted source can result in security or denial of service attacks.
Sometimes this needs to be done to do what the user wants, ie you have to allow a user
to enter an expression that is evaluated.

This module solves the problem of evaluating expressions read from sources such as config/...
files and user web forms without the use of C<eval>.
String and arithmetic operators are supported (as in C/Perl),
as are: variables, loops, conditions, arrays and be functions (inbuilt & user defined).

For instance, shipping cost depends on item price by some arbitrary formula. The VAT amount can also
vary depending on political edict. Rather than nail these formula into the application code the
formula are obtained at run time from some configuration source. These formula are probably
entered by a non technical manager and are thus not to be trusted.

	use Math::Expression;
	my $ae = new Math::Expression;

# Obtain from a configuration source:
	my $ShippingFormula = 'Price >= 100 ? Price * 0.1 : (Price >= 50 ? Price * 0.15 : Price * 0.2)';
	my $VatFormula = 'VatTax := Price * 0.2';

# Price of what you are selling, set the price variable:
	my $price = 100;
	$ae->VarSetScalar('Price', $price);

# Obtain VAT & Shipping using the configured formula:
	my $VatTax = $ae->ParseToScalar($VatFormula);
	my $Shipping  = $ae->ParseToScalar($ShippingFormula);

	say "Price=$price VatTax=$VatTax Shipping=$Shipping";

# If these will be run many times, parse the formula once:

	my $VatExpr = $ae->Parse($VatFormula);
	my $ShipExpr = $ae->Parse($ShippingFormula);

# Evaluate it with the current price many times:

	$ae->VarSetScalar('Price', $price);
	$VatTax = $ae->EvalToScalar($VatExpr);
	$Shipping = $ae->EvalToScalar($ShipExpr);


If there is a typeo in the formula, the program will continue to run since it is not in
the program source code. Math::Expression returns an error that can be logged.

If the formula code was malicious then no harm will be done to the computing system,
the code is parsed and interpretted by this modle, what it can do is limited. Ie the code
is not run using perl's eval.

String and arithmetic operators are supported, as are: variables, loops, conditions, arrays
and functions.

The program may set initial values for variables and obtain their values once the expression
has been evaluated.

The name-space is managed (forsecurity), user provided functions may be specified to set/get variable values.



( run in 0.279 second using v1.01-cache-2.11-cpan-26ccb49234f )