1

ok I searched the net for an hour now trying to find if there is even a solution for my question. The question is: Is there a way to inject a string that will be parsed into the statement you put into an if clause?

The scenario: I'm building a small software that parses information from a browser. Each browser represent the data differently and because of that I want the IF statement I have to ask a different question depending on the browser, but I don't want to ask all the questions with IF ..... ELSE IF.... and all that because it'll be wrong.

If the user comes from FF the question will be if the page contains a certain string. If the user comes from IE the question will be if there are 100 rows of text.

The questions are different and I want to know if I can send the statement from outside the function I'm coding to parse the information from all the browsers or will I have to ask the question depends on the browser?

Sagi Rokach
  • 147
  • 1
  • 2
  • 13
  • 1
    DANGER WILL ROBINSON! Be careful about any solution that involves "injection" whether that is C# injection or SQL Injection. It has been the top of the OWASP List of vulnerabilities for quite a while now. – Colin Mackay Jun 28 '13 at 08:39
  • The only way to perform an `if` on an expression that is a *string* would be to use a tool that parses it, or use an engine that runs it (regex, or maybe one of the iron languages, etc) – Marc Gravell Jun 28 '13 at 08:39
  • 1
    I don't understand your question. "parses information from a browser" means that your software runs a browser as client? Or are you parsing server-side some content that users POSTed through a browser? And "the question" you refer to... who's asking it? To whom? Can you try to be more precise in describing your issue? And possibly add some code that you've tried writing and pointing out why it does not do what you expect? – Paolo Falabella Jun 28 '13 at 08:43
  • Google *c# eval*. You'll get a number of links including these: http://stackoverflow.com/questions/4629/how-can-i-read-the-properties-of-a-c-sharp-class-dynamically http://stackoverflow.com/questions/7307556/eval-in-c-sharp-asp-net http://stackoverflow.com/questions/1024070/c-sharp-eval-support http://www.codeproject.com/Articles/11939/Evaluate-C-Code-Eval-Function – Andrew Savinykh Jun 28 '13 at 08:46

2 Answers2

4

You can encapsulate the condition that must hold true in a predicate that you will then pass to the method that performs the actual test.

For example, suppose this method does something with a string if a certain condition holds, but you don't want to hardcode exactly what that condition is. You can write it like this:

void PerhapsDoSomething(string input, Func<string, bool> predicate)
{
    if (predicate(input))
    {
        Console.WriteLine("I did something.");
    }
}

And use it like this:

// Do something if input length > 2
PerhapsDoSomething("foo", s => s.Length > 2);

Or like this:

// Do something if input ends with "bar"
PerhapsDoSomething("foo", s => s.EndsWith("bar"));

The predicate (this is a logical term, do not confuse with the delegate type Predicate<T> although of course Predicate<T> is a predicate) can also utilize other information in scope when it is defined by capturing variables -- read up on anonymous methods.

Of course that will not allow you to get rid of the conditional selection of the predicate, because you still have to do that somewhere:

Func<string, bool> predicate;
if (/* is Firefox */)     predicate = s => s.Length > 2;
else if (/* is Chrome */) predicate = s => s.EndsWith("bar");

However, it allows you to move the conditional outside of your general-purpose function that does not need to know anything about browsers and their differences and into a more appropriate location.

Jon
  • 428,835
  • 81
  • 738
  • 806
1

You can use a Func<> predicate to send a part of the code into a method:

private void Parse(string data, Func<string, bool> question) {
  if (question(data)) {
    // go on
  }
}

You can call it with anything that is a function that matches the signature, like:

private bool CheckFx(string data) {
  return data.IndexOf("Hello") != -1;
}

Parse(data, CheckFx);

or:

Parse(data, s => s.Split(Environment.Newline).Length >= 100);

You can also keep the predicate in a variable while choosing what to use:

Func<string, bool> question;
switch (browser) {
  case Browser.IE: question = CheckIE; break;
  case Browser.Fx: question = CheckFx; break;
  default: question = CheckOther; break;
}
Parse(data, question);
Guffa
  • 687,336
  • 108
  • 737
  • 1,005