Interpret is great for parsing tokenised values like parmlibs, jcl etc.. (DSN=xxx for example. I use value when the right field contains special characters or is lengthy.
ITscahk בתאריך יום ו׳, 17 בספט׳ 2021 ב-16:54 מאת Brian Chapman <bchapma...@gmail.com >: > Years ago I used INTERPRET often, and I too switched to VALUE. There's > still one use case that I still use INTERPRET, and that's for 'passing' > many variables (most of which are stem) between programs. > > This program reads an input dataset that contains all of the variable names > that should be passed. It then uses INTERPRET to append the variable names > and values to the PARMS variable. It then performs the CALL. The calling > subprogram performs an INTERPRET on ARG(1). Once the subprogram returns, it > uses INTERPRET to receive the returned variables and values. > > *CALL DRAW_PARMS * > > *PARMS = PARMS"OBJPOS='"OBJPOS"';OBJLEN='"OBJLEN"';OBJINTS='"OBJINTS"';",* > > * "OBJHILT='"OBJHILT"';OBJCOLR='"OBJCOLR"';OBJVAL='"OBJVAL"'"* > > > > *CALL SCRNTXAT PARMS * > > > > *IF RESULT = 'RESULT' THEN * > > * NOP * > > *ELSE * > > * CALL PARSE_PARMS RESULT * > > > > > > > > *DRAW_PARMS: * > > * PARMS = '' * > > > > * ADDRESS TSO * > > * "ALLOC DATASET('"SYSPROC"("SCRNGLBL")') FILE(PARM) SHR" * > > * 'EXECIO * DISKR PARM (FINIS STEM PARMS.' * > > * 'FREE FILE(PARM)' * > > > > * DO I = 1 TO PARMS.0 * > > * PARM = SPACE(SUBSTR(PARMS.I,1,12)) * > > > > * IF PARM > '' THEN DO * > > * IF POS('.',PARM) = LENGTH(PARM) THEN DO * > > * INTERPRET "STEM_MAX = "PARM'0' * > > > > * DO J = 0 TO STEM_MAX * > > * INTERPRET "PARMS = PARMS||PARM||J'='''"PARM||J"''';'"* > > * END * > > * END * > > * ELSE * > > * INTERPRET "PARMS = PARMS||PARM'='''"PARM"''';'" * > > * END * > > * END * > > > > * DO I = 1 TO OBJ_CNT * > > * PARSE VAR OBJ_NDX.I DRAW_ROW_NUM '.' DRAW_FLD_CNT * > > > > * INTERPRET "PARMS = PARMS||"OBJ_NDX"'.'I'='||'''"OBJ_NDX.I"'''||';'"* > > > > * DO J = 1 TO ATTR_CNT * > > * PARM_VAL = OBJ.DRAW_ROW_NUM.DRAW_FLD_CNT.J * > > > > * IF POS("'",PARM_VAL) > 0 THEN DO * > > * CALL CHANGE_STR PARM_VAL,"'","''" * > > * PARM_VAL = STRING * > > * END * > > > > * INTERPRET "PARMS = PARMS||"OBJ.DRAW_ROW_NUM.DRAW_FLD_CNT||, * > > * "'.'J'='''PARM_VAL''';'" * > > * END * > > * END * > > *RETURN * > > > > *PARSE_PARMS: * > > * PARMS = ARG(1)* > > > > * INTERPRET PARMS* > > *RETURN * > > > > > Thank you, > > Brian Chapman > > > On Mon, Sep 13, 2021 at 10:19 AM Bob Bridges <robhbrid...@gmail.com> > wrote: > > > I use INTERPRET here and there, but pretty rarely. About the only > program > > with it that I use all the time is something I call "EV" (for "evaluate), > > that acts as a sort of ad-hoc calculator: > > > > parse arg v1 > > interpret 'v2='v1 > > say v1'='v2 > > > > Thus I can say on any ISPF command line "tso ev 228/15" and learn how > many > > cylinders that dataset is. Or "tso ev mvsvar('SYSNAME')" to look at the > > local node name. Or "tso ev xxx(45)" to test a new external REXX > function. > > > > But I keep thinking about the possibilities for malice in any tool I > write > > for public use, and worry about it. I can't think of any examples, > because > > as Itschak points out below, it's always going to run under the > > perpetrator's own ID, so INTERPRET isn't giving him any capabilities he > > doesn't already have. Can anyone point me to an example of how this > would > > become a Bad Thing? I'm really curious. > > > > --- > > Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 > > > > /* Here is one of the great ironies of contemporary feminism: Elite young > > women these days take their cues about how to behave primarily from > > unmarried (and therefore adolescent) males. -Maggie Gallagher, > 2002-05-20 > > */ > > > > -----Original Message----- > > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf > > Of ITschak Mugzach > > Sent: Monday, September 13, 2021 09:43 > > > > Why hijack? Right your own code. Anyway, it runs under your user… > > > > We switched some of interpret commands to value since the sending field > > was larger than 256 bytes. Value don’t care. > > > > --- בתאריך יום ב׳, 13 בספט׳ 2021 ב-16:35 מאת Gary Freestone < > > maz...@iinet.net.au > > > A few years back I switched from INTERPRET to VALUE due to concerns I > > > had from a security perspective. > > > > > > Value only performs an evaluation and assigns it to a variable. > > > Interpret lets you do any thing. > > > > > > Say for example in your sample code. If I could hijack you code and > > > adding a single line to the REXX I could issue a JES2 command. The > > > line is > > > > > > def=';x=isfcalls(on);address sdsf "isfexec /$DI";istr="DEF";say "DEF" ' > > > > > > Sure this case its just a harmless $DI but it could be anything. The > > > only difference in the output is an example blank line. > > > > > > Sent from Mail for Windows > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN