# New Ticket Created by Zoffix Znet
# Please include the string: [perl #128283]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/Ticket/Display.html?id=128283 >
The operators for `cmp-ok` subroutine can be given as strings or as Callables.
The problem with strings is the subroutine evals them as EVAL "&infix:<$op>"
and the current implementation makes it impossible to use, say '<' as an
operator:
<Zoffix> m: use Test; cmp-ok 2, '<', 5, 'seems sane';
<camelia> rakudo-moar beb3c9: OUTPUT«not ok 1 - seems sane# Failed test
'seems sane'# at /tmp/kqui3siS7u line 1# Could not use '<' as a comparator»
It does work with &[<] instead of '<' and considering that's only 1 character
longer and there's no 100% clean way to allow any op in a string, I propose we
ditch the string version entirely.
While I don't know anything about SETTINGS, the current implementation also has
a security hole, at least in camelia where `run`, while restricted in general
code, is given a free pass when injected inside the string comparator passed to
cmp-ok:
<Zoffix> m: run "ls"
<camelia> rakudo-moar beb3c9: OUTPUT«run is disallowed in restricted
setting in sub restricted at src/RESTRICTED.setting line 1 in sub run at
src/RESTRICTED.setting line 14 in block <unit> at /tmp/wWcCMBi30n line 1»
<Zoffix> m: use Test; cmp-ok '', '~~>;warn run "ls"; <z', '', '';
<camelia> rakudo-moar beb3c9:
OUTPUT«Perlitodalek-queueevalbotevalbot.logfooliblogmboxnqp-jsp1p2p6eval-tokenperl5rakudo-j-1rakudo-j-2rakudo-j-instrakudo-j-inst-1rakudo-j-inst-2rakudo-m-1rakudo-m-2rakudo-m-instrakudo-m-inst-1rak…»
