Interpret is great for parsing tokenised values like parmlibs, jcl etc..
(DSN=xxx for example. I use value when the right field contains special
characters or is lengthy.
ITscahk
בתאריך יום ו׳, 17 בספט׳ 2021 ב-16:54 מאת Brian Chapman <bchapma...@gmail.com
>:
> Years ago I used INTERPRET often, and I too switched to VALUE. There's
> still one use case that I still use INTERPRET, and that's for 'passing'
> many variables (most of which are stem) between programs.
>
> This program reads an input dataset that contains all of the variable names
> that should be passed. It then uses INTERPRET to append the variable names
> and values to the PARMS variable. It then performs the CALL. The calling
> subprogram performs an INTERPRET on ARG(1). Once the subprogram returns, it
> uses INTERPRET to receive the returned variables and values.
>
> *CALL DRAW_PARMS *
>
> *PARMS = PARMS"OBJPOS='"OBJPOS"';OBJLEN='"OBJLEN"';OBJINTS='"OBJINTS"';",*
>
> * "OBJHILT='"OBJHILT"';OBJCOLR='"OBJCOLR"';OBJVAL='"OBJVAL"'"*
>
>
>
> *CALL SCRNTXAT PARMS *
>
>
>
> *IF RESULT = 'RESULT' THEN *
>
> * NOP *
>
> *ELSE *
>
> * CALL PARSE_PARMS RESULT *
>
>
>
>
>
>
>
> *DRAW_PARMS: *
>
> * PARMS = '' *
>
>
>
> * ADDRESS TSO *
>
> * "ALLOC DATASET('"SYSPROC"("SCRNGLBL")') FILE(PARM) SHR" *
>
> * 'EXECIO * DISKR PARM (FINIS STEM PARMS.' *
>
> * 'FREE FILE(PARM)' *
>
>
>
> * DO I = 1 TO PARMS.0 *
>
> * PARM = SPACE(SUBSTR(PARMS.I,1,12)) *
>
>
>
> * IF PARM > '' THEN DO *
>
> * IF POS('.',PARM) = LENGTH(PARM) THEN DO *
>
> * INTERPRET "STEM_MAX = "PARM'0' *
>
>
>
> * DO J = 0 TO STEM_MAX *
>
> * INTERPRET "PARMS = PARMS||PARM||J'='''"PARM||J"''';'"*
>
> * END *
>
> * END *
>
> * ELSE *
>
> * INTERPRET "PARMS = PARMS||PARM'='''"PARM"''';'" *
>
> * END *
>
> * END *
>
>
>
> * DO I = 1 TO OBJ_CNT *
>
> * PARSE VAR OBJ_NDX.I DRAW_ROW_NUM '.' DRAW_FLD_CNT *
>
>
>
> * INTERPRET "PARMS = PARMS||"OBJ_NDX"'.'I'='||'''"OBJ_NDX.I"'''||';'"*
>
>
>
> * DO J = 1 TO ATTR_CNT *
>
> * PARM_VAL = OBJ.DRAW_ROW_NUM.DRAW_FLD_CNT.J *
>
>
>
> * IF POS("'",PARM_VAL) > 0 THEN DO *
>
> * CALL CHANGE_STR PARM_VAL,"'","''" *
>
> * PARM_VAL = STRING *
>
> * END *
>
>
>
> * INTERPRET "PARMS = PARMS||"OBJ.DRAW_ROW_NUM.DRAW_FLD_CNT||, *
>
> * "'.'J'='''PARM_VAL''';'" *
>
> * END *
>
> * END *
>
> *RETURN *
>
>
>
> *PARSE_PARMS: *
>
> * PARMS = ARG(1)*
>
>
>
> * INTERPRET PARMS*
>
> *RETURN *
>
>
>
>
> Thank you,
>
> Brian Chapman
>
>
> On Mon, Sep 13, 2021 at 10:19 AM Bob Bridges <robhbrid...@gmail.com>
> wrote:
>
> > I use INTERPRET here and there, but pretty rarely. About the only
> program
> > with it that I use all the time is something I call "EV" (for "evaluate),
> > that acts as a sort of ad-hoc calculator:
> >
> > parse arg v1
> > interpret 'v2='v1
> > say v1'='v2
> >
> > Thus I can say on any ISPF command line "tso ev 228/15" and learn how
> many
> > cylinders that dataset is. Or "tso ev mvsvar('SYSNAME')" to look at the
> > local node name. Or "tso ev xxx(45)" to test a new external REXX
> function.
> >
> > But I keep thinking about the possibilities for malice in any tool I
> write
> > for public use, and worry about it. I can't think of any examples,
> because
> > as Itschak points out below, it's always going to run under the
> > perpetrator's own ID, so INTERPRET isn't giving him any capabilities he
> > doesn't already have. Can anyone point me to an example of how this
> would
> > become a Bad Thing? I'm really curious.
> >
> > ---
> > Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
> >
> > /* Here is one of the great ironies of contemporary feminism: Elite young
> > women these days take their cues about how to behave primarily from
> > unmarried (and therefore adolescent) males. -Maggie Gallagher,
> 2002-05-20
> > */
> >
> > -----Original Message-----
> > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf
> > Of ITschak Mugzach
> > Sent: Monday, September 13, 2021 09:43
> >
> > Why hijack? Right your own code. Anyway, it runs under your user…
> >
> > We switched some of interpret commands to value since the sending field
> > was larger than 256 bytes. Value don’t care.
> >
> > --- בתאריך יום ב׳, 13 בספט׳ 2021 ב-16:35 מאת Gary Freestone <
> > maz...@iinet.net.au
> > > A few years back I switched from INTERPRET to VALUE due to concerns I
> > > had from a security perspective.
> > >
> > > Value only performs an evaluation and assigns it to a variable.
> > > Interpret lets you do any thing.
> > >
> > > Say for example in your sample code. If I could hijack you code and
> > > adding a single line to the REXX I could issue a JES2 command. The
> > > line is
> > >
> > > def=';x=isfcalls(on);address sdsf "isfexec /$DI";istr="DEF";say "DEF" '
> > >
> > > Sure this case its just a harmless $DI but it could be anything. The
> > > only difference in the output is an example blank line.
> > >
> > > Sent from Mail for Windows
> >
> > ----------------------------------------------------------------------
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon *
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
