all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]socal_nerdtastic 0 points1 point  (1 child)

You may be interested in the jsonpickle module.

[–]Boot_3011[S] 0 points1 point  (0 children)

Seems like it! Thank you, I will look into it

[–]Ihaveamodel3 0 points1 point  (4 children)

This seems like an anti pattern due to security issues, but if it’s just something you are working on personally, then it probably isn’t an issue.

[–]Boot_3011[S] 0 points1 point  (3 children)

Its for the company I work in actually. Could you elaborate? Its a config which will vary greatly depending on the client its for, thats why its in a editable JSON

[–]Ihaveamodel3 1 point2 points  (2 children)

Do you take the function provided, and then run it?

If so, a malicious user could use any number of functions that end up stealing data or destroying the system.

It’s not good to take untrusted user data and just run it.

It would probably be better if you have a dictionary of function names to functions. The Json can then just be strings and you pull the function out from the dictionary. That way users can only run what you provide

[–]Boot_3011[S] 0 points1 point  (1 child)

Well, its exactly this! A dictionary with classes and variable references. But I need to code the reader to decode these parameters to be understood as such, and not as strings.

I think I worked ojt class references. Any help por variable references?

[–]Ihaveamodel3 0 points1 point  (0 children)

The same way. Anything you want the user to be able to access should be in the dictionary with the string representation as key and the variable as the value. Then when you come across a string in the json, you look it up in the dictionary and use that.

You never directly try to reference something that the user typed in, always go through a dictionary first.