What's the safest @*ARGS form? (...was Re: Any other way to do this)

--00000000000073a09a05ae436d34
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 1, 2020 at 8:27 AM Brian Duggan <bduggan@matatu.org> wrote:
>
> On Monday, August 31, Bruce Gray wrote:
> > I finally settled on using `try` instead of numeric coercion, because
> > if I am not golfing, I think `try` makes the grep look more like
> > =E2=80=9Cfilter out the non-numbers=E2=80=9D instead of =E2=80=9Cget ri=
d of the zero values=E2=80=9D.
>
> Another option is to use 'val' -- which parses it as a literal --
>
>   $ raku -e 'say @*ARGS.map: { val($_) ~~ Numeric }' 1 2 3 a 1e10
>    (True True True False True)
>
> Brian
>

I just wanted to point out to Radhakrishnan that Raku appears to do a good
job of weeding out erroneous "number-like" input, but using the approach
below Raku (as a feature) will accept "1_000" or "1_000_000" etc. as valid
numeric input:

~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  0 100 200 300 apples 400oranges
2kilos 18.7876
618.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  0-0 100 200 300 apples 400oranges
2kilos 18.7876
618.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  0/0 100 200 300 apples 400oranges
2kilos 18.7876
618.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  10/0 100 200 300 apples
400oranges 2kilos 18.7876
Attempt to divide by zero when coercing Rational to Str
  in block <unit> at -e line 1

~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  5-0 100 200 300 apples 400oranges
2kilos 18.7876
618.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  100 200 300 apples 400oranges
2kilos 18.7876
618.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  -100 200 300 apples 400oranges
2kilos 18.7876
418.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  --100 200 300 apples 400oranges
2kilos 18.7876
518.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  1_000 200 300 apples 400oranges
2kilos 18.7876
1518.7876
~$


So, this all brings up the question of @*ARGS safety. Bruce said that the
shell (bash, ksh, whatever) is responsible for feeding arguments to Raku.
Are there any safety-traps lurking with one @*ARGS approach versus another?
I'm sifting through two articles right now, one by brian d foy entitled
"Quoting the Shell" and another by the author of a new shell called "Oil
shell", which (I presume) will be more secure than existing shells:

"Quoting the Shell"
https://www.perl.com/article/quoting-the-shell/

"Why Create a New Unix Shell?"
https://www.oilshell.org/blog/2018/01/28.html
https://www.oilshell.org/

Also, a little more reference/best-practices here:

"Filenames and Pathnames in Shell: How to do it Correctly"
https://dwheeler.com/essays/filenames-in-shell.html

"Bash Pitfalls"
https://mywiki.wooledge.org/BashPitfalls

"Writing Safe Shell Scripts"
https://sipb.mit.edu/doc/safe-shell/

"Shell Style Guide"
https://google.github.io/styleguide/shellguide.html

"Tips on Good Shell Programming Practices"
https://www.computerworld.com/article/2794462/tips-on-good-shell-programmin=
g-practices.html

Best, Bill.

--00000000000073a09a05ae436d34
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Tue, Sep 1, 2020 at 8:27 AM Brian Duggan &lt;<a href=3D=
"mailto:bduggan@matatu.org" target=3D"_blank">bduggan@matatu.org</a>&gt; wr=
ote:<br>&gt;<br>&gt; On Monday, August 31, Bruce Gray wrote:<br>&gt; &gt; I=
 finally settled on using `try` instead of numeric coercion, because<br>&gt=
; &gt; if I am not golfing, I think `try` makes the grep look more like<br>=
&gt; &gt; =E2=80=9Cfilter out the non-numbers=E2=80=9D instead of =E2=80=9C=
get rid of the zero values=E2=80=9D.<br>&gt;<br>&gt; Another option is to u=
se &#39;val&#39; -- which parses it as a literal --<br>&gt;<br>&gt; =C2=A0 =
$ raku -e &#39;say @*ARGS.map: { val($_) ~~ Numeric }&#39; 1 2 3 a 1e10<br>=
&gt; =C2=A0 =C2=A0(True True True False True)<br>&gt;<br>&gt; Brian<br>&gt;=
<br><br>I just wanted to point out to Radhakrishnan that Raku appears to do=
 a good job of weeding out erroneous &quot;number-like&quot; input, but usi=
ng the approach below Raku (as a feature) will accept &quot;1_000&quot; or =
&quot;1_000_000&quot; etc. as valid numeric input:<br><br>~$ raku -e &#39;s=
ay @*ARGS.grep(*.Rat).sum;&#39; =C2=A00 100 200 300 apples 400oranges 2kilo=
s 18.7876<br>618.7876<br>~$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =
=C2=A00-0 100 200 300 apples 400oranges 2kilos 18.7876<br>618.7876<br>~$ ra=
ku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A00/0 100 200 300 apples 40=
0oranges 2kilos 18.7876<br>618.7876<br>~$ raku -e &#39;say @*ARGS.grep(*.Ra=
t).sum;&#39; =C2=A010/0 100 200 300 apples 400oranges 2kilos 18.7876<br>Att=
empt to divide by zero when coercing Rational to Str<br>=C2=A0 in block &lt=
;unit&gt; at -e line 1<br><br>~$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#=
39; =C2=A05-0 100 200 300 apples 400oranges 2kilos 18.7876<br>618.7876<br>~=
$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A0100 200 300 apples 40=
0oranges 2kilos 18.7876<br>618.7876<br>~$ raku -e &#39;say @*ARGS.grep(*.Ra=
t).sum;&#39; =C2=A0-100 200 300 apples 400oranges 2kilos 18.7876<br>418.787=
6<br>~$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A0--100 200 300 a=
pples 400oranges 2kilos 18.7876<br>518.7876<br>~$ raku -e &#39;say @*ARGS.g=
rep(*.Rat).sum;&#39; =C2=A01_000 200 300 apples 400oranges 2kilos 18.7876<b=
r>1518.7876<br>~$<br><br><br>So, this all brings up the question of @*ARGS =
safety. Bruce said that the shell (bash, ksh, whatever) is responsible for =
feeding arguments to Raku. Are there any safety-traps lurking with one @*AR=
GS approach versus another? I&#39;m sifting through two articles right now,=
 one by brian d foy entitled &quot;Quoting the Shell&quot; and another by t=
he author of a new shell called &quot;Oil shell&quot;, which (I presume) wi=
ll be more secure than existing shells:<br><br>&quot;Quoting the Shell&quot=
;<br><a href=3D"https://www.perl.com/article/quoting-the-shell/" target=3D"=
_blank">https://www.perl.com/article/quoting-the-shell/</a><br><br>&quot;Wh=
y Create a New Unix Shell?&quot;<br><a href=3D"https://www.oilshell.org/blo=
g/2018/01/28.html" target=3D"_blank">https://www.oilshell.org/blog/2018/01/=
28.html</a><br><a href=3D"https://www.oilshell.org/" target=3D"_blank">http=
s://www.oilshell.org/</a><br><br>Also, a little more reference/best-practic=
es here:<br><br>&quot;Filenames and Pathnames in Shell: How to do it Correc=
tly&quot;<br><a href=3D"https://dwheeler.com/essays/filenames-in-shell.html=
" target=3D"_blank">https://dwheeler.com/essays/filenames-in-shell.html</a>=
<br><br>&quot;Bash Pitfalls&quot;<br><a href=3D"https://mywiki.wooledge.org=
/BashPitfalls" target=3D"_blank">https://mywiki.wooledge.org/BashPitfalls</=
a><br><br>&quot;Writing Safe Shell Scripts&quot;<br><a href=3D"https://sipb=
..mit.edu/doc/safe-shell/" target=3D"_blank">https://sipb.mit.edu/doc/safe-s=
hell/</a><br><br>&quot;Shell Style Guide&quot;<br><a href=3D"https://google=
..github.io/styleguide/shellguide.html" target=3D"_blank">https://google.git=
hub.io/styleguide/shellguide.html</a><br><br>&quot;Tips on Good Shell Progr=
amming Practices&quot;<br><a href=3D"https://www.computerworld.com/article/=
2794462/tips-on-good-shell-programming-practices.html" target=3D"_blank">ht=
tps://www.computerworld.com/article/2794462/tips-on-good-shell-programming-=
practices.html</a><br><br>Best, Bill.</div>

--00000000000073a09a05ae436d34--
0
perl6
9/1/2020 4:57:49 PM
perl.perl6.users 1473 articles. 0 followers. Follow

1 Replies
14 Views

Similar Articles

[PageSpeed] 37

--000000000000fc8ed205aee6e60a
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Replying to my own question here,

The feedback I received at our latest Raku Meetup suggested that pulling in
numeric data off the bash command line is okay--just as long as you know
what you're doing. In the second example below, Raku will convert "1_000"
to Rat 1000 (previously mentioned in last email).

In the fourth, fifth, and sixth examples below, bash will perform 'brace
expansion' before sending arguments onto Raku:

~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  200 300 apples 400oranges 2kilos
18.7876
518.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  1_000 200 300 apples 400oranges
2kilos 18.7876
1518.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  {1000} 200 300 apples 400oranges
2kilos 18.7876
518.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  1{10,20,30}0 200 300 apples
400oranges 2kilos 18.7876
4118.7876
~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  1{10,20,30}0
3600
~$ raku -e 'say @*ARGS.grep(*.Rat);'  1{10,20,30}0
(1100 1200 1300)

Note, pulling the same data into Raku via a literal will simply delete the
curly braces in the last two lines above. Nonetheless, it might be better
to feed data to Raku via a file (or via a literal), rather than let bash
muck with it:

~$ raku -e 'say "1{10,20,30}0".words.grep(*.Rat).sum;'
430
~$ raku -e 'say "1{10,20,30}0".words.grep(*.Rat);'
(110 20 300)

HTH, Bill.

https://www.linux.com/topic/desktop/all-about-curly-braces-bash/




On Tue, Sep 1, 2020 at 9:57 AM William Michels <wjm1@caa.columbia.edu>
wrote:

> On Tue, Sep 1, 2020 at 8:27 AM Brian Duggan <bduggan@matatu.org> wrote:
> >
> > On Monday, August 31, Bruce Gray wrote:
> > > I finally settled on using `try` instead of numeric coercion, because
> > > if I am not golfing, I think `try` makes the grep look more like
> > > =E2=80=9Cfilter out the non-numbers=E2=80=9D instead of =E2=80=9Cget =
rid of the zero values=E2=80=9D.
> >
> > Another option is to use 'val' -- which parses it as a literal --
> >
> >   $ raku -e 'say @*ARGS.map: { val($_) ~~ Numeric }' 1 2 3 a 1e10
> >    (True True True False True)
> >
> > Brian
> >
>
> I just wanted to point out to Radhakrishnan that Raku appears to do a goo=
d
> job of weeding out erroneous "number-like" input, but using the approach
> below Raku (as a feature) will accept "1_000" or "1_000_000" etc. as vali=
d
> numeric input:
>
> ~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  0 100 200 300 apples 400oranges
> 2kilos 18.7876
> 618.7876
> ~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  0-0 100 200 300 apples
> 400oranges 2kilos 18.7876
> 618.7876
> ~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  0/0 100 200 300 apples
> 400oranges 2kilos 18.7876
> 618.7876
> ~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  10/0 100 200 300 apples
> 400oranges 2kilos 18.7876
> Attempt to divide by zero when coercing Rational to Str
>   in block <unit> at -e line 1
>
> ~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  5-0 100 200 300 apples
> 400oranges 2kilos 18.7876
> 618.7876
> ~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  100 200 300 apples 400oranges
> 2kilos 18.7876
> 618.7876
> ~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  -100 200 300 apples 400oranges
> 2kilos 18.7876
> 418.7876
> ~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  --100 200 300 apples 400oranges
> 2kilos 18.7876
> 518.7876
> ~$ raku -e 'say @*ARGS.grep(*.Rat).sum;'  1_000 200 300 apples 400oranges
> 2kilos 18.7876
> 1518.7876
> ~$
>
>
> So, this all brings up the question of @*ARGS safety. Bruce said that the
> shell (bash, ksh, whatever) is responsible for feeding arguments to Raku.
> Are there any safety-traps lurking with one @*ARGS approach versus anothe=
r?
> I'm sifting through two articles right now, one by brian d foy entitled
> "Quoting the Shell" and another by the author of a new shell called "Oil
> shell", which (I presume) will be more secure than existing shells:
>
> "Quoting the Shell"
> https://www.perl.com/article/quoting-the-shell/
>
> "Why Create a New Unix Shell?"
> https://www.oilshell.org/blog/2018/01/28.html
> https://www.oilshell.org/
>
> Also, a little more reference/best-practices here:
>
> "Filenames and Pathnames in Shell: How to do it Correctly"
> https://dwheeler.com/essays/filenames-in-shell.html
>
> "Bash Pitfalls"
> https://mywiki.wooledge.org/BashPitfalls
>
> "Writing Safe Shell Scripts"
> https://sipb.mit.edu/doc/safe-shell/
>
> "Shell Style Guide"
> https://google.github.io/styleguide/shellguide.html
>
> "Tips on Good Shell Programming Practices"
>
> https://www.computerworld.com/article/2794462/tips-on-good-shell-programm=
ing-practices.html
>
> Best, Bill.
>

--000000000000fc8ed205aee6e60a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Replying to my own question here,<br><br>The feedback I re=
ceived at our latest Raku Meetup suggested that pulling in numeric data off=
 the bash command line is okay--just as long as you know what you&#39;re do=
ing. In the second example below, Raku will convert &quot;1_000&quot; to Ra=
t 1000 (previously mentioned in last email).<br><br>In the fourth, fifth, a=
nd sixth examples below, bash will perform &#39;brace expansion&#39; before=
 sending arguments onto Raku:<br><br>~$ raku -e &#39;say @*ARGS.grep(*.Rat)=
..sum;&#39; =C2=A0200 300 apples 400oranges 2kilos 18.7876<br>518.7876<br>~$=
 raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A01_000 200 300 apples 4=
00oranges 2kilos 18.7876<br>1518.7876<br>~$ raku -e &#39;say @*ARGS.grep(*.=
Rat).sum;&#39; =C2=A0{1000} 200 300 apples 400oranges 2kilos 18.7876<br>518=
..7876<br>~$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A01{10,20,30}=
0 200 300 apples 400oranges 2kilos 18.7876<br>4118.7876<br>~$ raku -e &#39;=
say @*ARGS.grep(*.Rat).sum;&#39; =C2=A01{10,20,30}0<br>3600<br>~$ raku -e &=
#39;say @*ARGS.grep(*.Rat);&#39; =C2=A01{10,20,30}0<br>(1100 1200 1300)<br>=
<br>Note, pulling the same data into Raku via a literal will simply delete =
the curly braces in the last two lines above. Nonetheless, it might be bett=
er to feed data to Raku via a file (or via a literal), rather than let bash=
 muck with it:<br><br>~$ raku -e &#39;say &quot;1{10,20,30}0&quot;.words.gr=
ep(*.Rat).sum;&#39;<br>430<br>~$ raku -e &#39;say &quot;1{10,20,30}0&quot;.=
words.grep(*.Rat);&#39;<br><div>(110 20 300)</div><div><br></div><div>HTH, =
Bill.</div><div><br></div><div><a href=3D"https://www.linux.com/topic/deskt=
op/all-about-curly-braces-bash/">https://www.linux.com/topic/desktop/all-ab=
out-curly-braces-bash/</a></div><div><br></div><div><br></div></div><br><br=
><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, S=
ep 1, 2020 at 9:57 AM William Michels &lt;<a href=3D"mailto:wjm1@caa.columb=
ia.edu" target=3D"_blank">wjm1@caa.columbia.edu</a>&gt; wrote:<br></div><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-lef=
t:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">On Tue, Sep=
 1, 2020 at 8:27 AM Brian Duggan &lt;<a href=3D"mailto:bduggan@matatu.org" =
target=3D"_blank">bduggan@matatu.org</a>&gt; wrote:<br>&gt;<br>&gt; On Mond=
ay, August 31, Bruce Gray wrote:<br>&gt; &gt; I finally settled on using `t=
ry` instead of numeric coercion, because<br>&gt; &gt; if I am not golfing, =
I think `try` makes the grep look more like<br>&gt; &gt; =E2=80=9Cfilter ou=
t the non-numbers=E2=80=9D instead of =E2=80=9Cget rid of the zero values=
=E2=80=9D.<br>&gt;<br>&gt; Another option is to use &#39;val&#39; -- which =
parses it as a literal --<br>&gt;<br>&gt; =C2=A0 $ raku -e &#39;say @*ARGS.=
map: { val($_) ~~ Numeric }&#39; 1 2 3 a 1e10<br>&gt; =C2=A0 =C2=A0(True Tr=
ue True False True)<br>&gt;<br>&gt; Brian<br>&gt;<br><br>I just wanted to p=
oint out to Radhakrishnan that Raku appears to do a good job of weeding out=
 erroneous &quot;number-like&quot; input, but using the approach below Raku=
 (as a feature) will accept &quot;1_000&quot; or &quot;1_000_000&quot; etc.=
 as valid numeric input:<br><br>~$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;=
&#39; =C2=A00 100 200 300 apples 400oranges 2kilos 18.7876<br>618.7876<br>~=
$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A00-0 100 200 300 apple=
s 400oranges 2kilos 18.7876<br>618.7876<br>~$ raku -e &#39;say @*ARGS.grep(=
*.Rat).sum;&#39; =C2=A00/0 100 200 300 apples 400oranges 2kilos 18.7876<br>=
618.7876<br>~$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A010/0 100=
 200 300 apples 400oranges 2kilos 18.7876<br>Attempt to divide by zero when=
 coercing Rational to Str<br>=C2=A0 in block &lt;unit&gt; at -e line 1<br><=
br>~$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A05-0 100 200 300 a=
pples 400oranges 2kilos 18.7876<br>618.7876<br>~$ raku -e &#39;say @*ARGS.g=
rep(*.Rat).sum;&#39; =C2=A0100 200 300 apples 400oranges 2kilos 18.7876<br>=
618.7876<br>~$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A0-100 200=
 300 apples 400oranges 2kilos 18.7876<br>418.7876<br>~$ raku -e &#39;say @*=
ARGS.grep(*.Rat).sum;&#39; =C2=A0--100 200 300 apples 400oranges 2kilos 18.=
7876<br>518.7876<br>~$ raku -e &#39;say @*ARGS.grep(*.Rat).sum;&#39; =C2=A0=
1_000 200 300 apples 400oranges 2kilos 18.7876<br>1518.7876<br>~$<br><br><b=
r>So, this all brings up the question of @*ARGS safety. Bruce said that the=
 shell (bash, ksh, whatever) is responsible for feeding arguments to Raku. =
Are there any safety-traps lurking with one @*ARGS approach versus another?=
 I&#39;m sifting through two articles right now, one by brian d foy entitle=
d &quot;Quoting the Shell&quot; and another by the author of a new shell ca=
lled &quot;Oil shell&quot;, which (I presume) will be more secure than exis=
ting shells:<br><br>&quot;Quoting the Shell&quot;<br><a href=3D"https://www=
..perl.com/article/quoting-the-shell/" target=3D"_blank">https://www.perl.co=
m/article/quoting-the-shell/</a><br><br>&quot;Why Create a New Unix Shell?&=
quot;<br><a href=3D"https://www.oilshell.org/blog/2018/01/28.html" target=
=3D"_blank">https://www.oilshell.org/blog/2018/01/28.html</a><br><a href=3D=
"https://www.oilshell.org/" target=3D"_blank">https://www.oilshell.org/</a>=
<br><br>Also, a little more reference/best-practices here:<br><br>&quot;Fil=
enames and Pathnames in Shell: How to do it Correctly&quot;<br><a href=3D"h=
ttps://dwheeler.com/essays/filenames-in-shell.html" target=3D"_blank">https=
://dwheeler.com/essays/filenames-in-shell.html</a><br><br>&quot;Bash Pitfal=
ls&quot;<br><a href=3D"https://mywiki.wooledge.org/BashPitfalls" target=3D"=
_blank">https://mywiki.wooledge.org/BashPitfalls</a><br><br>&quot;Writing S=
afe Shell Scripts&quot;<br><a href=3D"https://sipb.mit.edu/doc/safe-shell/"=
 target=3D"_blank">https://sipb.mit.edu/doc/safe-shell/</a><br><br>&quot;Sh=
ell Style Guide&quot;<br><a href=3D"https://google.github.io/styleguide/she=
llguide.html" target=3D"_blank">https://google.github.io/styleguide/shellgu=
ide.html</a><br><br>&quot;Tips on Good Shell Programming Practices&quot;<br=
><a href=3D"https://www.computerworld.com/article/2794462/tips-on-good-shel=
l-programming-practices.html" target=3D"_blank">https://www.computerworld.c=
om/article/2794462/tips-on-good-shell-programming-practices.html</a><br><br=
>Best, Bill.</div>
</blockquote></div>

--000000000000fc8ed205aee6e60a--
0
perl6
9/9/2020 7:59:48 PM
Reply: