Execute from var?

[topten]

@mpower 

 

I think that such a feature would open up a massive security vulnerability within any application written with this type of function. What you're talking about is some kind of simulator or with a lot more complexity a more-or-less  rudimentary compiler.

 

These are just functions.

Believe me- If somebody wants to find vulnerability or a hole in a system he will do it  even with the help of tin-opener 

[spudw2k]

If anything Execute() may be slightly more secure than /AutoIt3ExecuteScript and /AutoIt3ExecuteLine because Execute() relies on the code for it function would already be embedded whereas the /...Execute... params could be run dynamically outside of a scripts scope. 

However as stated from the help file, "the executable must have been compiled with the #pragma compile(AutoItExecuteAllowed, True) directive as the default setting does not permit use of the /AutoItExecuteScript or /AutoItExecuteLine parameters."  So unless the pragma directive is set /...Execute... params are disabled by default.

It would be the script authors responsibility to decide what level security risks they want to adopt.

Now of course, someone could employ advanced techniques to inject code / debug / reverse engineer and what not, but there's nothing you can do to stop them from trying when the code reaches their hands.

[Malkey]

I tell you what would be ace, a way to run dynamically created code within the current process.

 

Pseudo 

$str = "For $i = 0 To 10" & @CRLF
$str &= "   ConsoleWrite($i & @LF)" & @CRLF
$str &= "Next"

Execute($str)

If the objective was to write 0 to 10 to the SciTE's output window using Execute(a string), when this should do it.

;$str = 'ConsoleWrite(StringTrimLeft(Assign("i", "-1"), 1) & ' & StringTrimRight(StringReplace(StringFormat("%" & 11 & "s", " "), " ", 'Assign("i", $i + 1) * $i & @CRLF & '), 3) & ')'
;Or
$str = 'ConsoleWrite(Assign("i", "0") * Eval("i") &  @CRLF & ' & StringTrimRight(StringReplace(StringFormat("%" & 10 & "s", " "), " ", 'Assign("i", Eval("i") + 1) * Eval("i") & @CRLF & '), 3) & ')'

Execute($str)

Edited March 27, 2015 by Malkey

[Funtime60]

On 3/24/2015 at 7:17 AM, JohnOne said:

So to be a little clearer, I think Multi line Execute would be a fabulous addition to the AutoIt arsenal.

@JohnOne I have good news for you! execute() already supports multi-line commands! it simply need to know where carriage-return line-feeds need to go by replacing carriage-return line-feeds with the autoit syntax for such. A simple stringreplace($string,@CRLF,' @CRLF ') applied to an .au3 makes it executable using execute().

Here is a proof of concept converter that converts an .au3 to something that can be run using an execute()

Local $filepath = FileOpenDialog("Open File",@ScriptDir,"AutoIt Source (*.au3)|Plain Text (*.txt)|All Files (*.*)")
Local $filehand = FileOpen($filepath)
Local $filedata = FileRead($filehand)
MsgBox(0,"Init",$filedata)
Local $savedata = StringReplace($filedata,@CRLF,' @CRLF ')
MsgBox(0,"Done",$savedata)
Local $savepath = FileSaveDialog("Save File",@ScriptDir,"Plain Text (*.txt)|All Files (*.*)")
Local $savehand = FileOpen($savepath,2)
FileWrite($savehand,$savedata)

Apologies if I said something previously mentioned, I missed that this thread was two pages. I hope my post is still relevant.

Edited April 16, 2019 by Funtime60
Apologies