Tarball Cleaner

Category:	helper script
Author/Contact Info	Elihu elihu@atdot.org
Description:	Call this with a tarball to remove the contents of the tarball. Very useful if the tarball dumps in the current directory.
#!/usr/bin/perl -w # Removes files by using the tarball to get the files # by Rob Hudson (02012000) my $tarball = $ARGV[0] if ($ARGV[0] ne '') \|\| die "Must specify a file +.\n"; my @files; my @dirs; # If file ends in .gz or .tgz, assume is gzipped # Else assume it is a plain tar file if ($tarball =~ m/\.t?gz$/) { @files = `tar -tzf $tarball`; } else { @files = `tar -tf $tarball`; } # Removes files. If it ends with '/', then its a directory # Push those into the directory array and move on. foreach $file (@files) { chomp $file; if ($file =~ m!.*/$!) { push @dirs, $file; next; } print "Removing file: $file\n"; system ("rm -f $file"); } # Using pop here to go backwards thru the array since directories # can be nested. while ($dir = pop(@dirs)) { print "Removing directory: $dir\n"; system ("rmdir $dir"); }

Comment on Tarball Cleaner Download Code

Replies are listed 'Best First'.
RE: Tarball Cleaner by KM (Priest) on May 23, 2000 at 08:05 UTC
You may want to consider adding some checks in here to make sure this can't be exploited. This should use -T and the incomming arguments should be laundered (see Untaint.pm, and perlsec). By laundering the incomming arg, you can make sure that the incomming file has a .tar/.gz extention, and ends there. You wouldn't want someone passing an arg of 'foo.tar.gz; echo <badness> > trojan' or 'foo.tar.gz; rm -rf ./' I know it isn't a CGI, but making it somewhat safe is a good idea. Just a thought. Cheers, KM	[reply]
RE: Tarball Cleaner by Anonymous Monk on Feb 17, 2000 at 20:50 UTC
Some tarballs dont create new directories. This can be bad news. I recently did a rm -rf `tar tvfz blah.tgz` on a tarball that had contained ./ and had made a mess in the cwd Luckily, the "v" saved me, as I assume rm -rf ./ would be pretty bad. In my haste, I have not considered how your code would handle this, but it might be good to check.	[reply]
Re: RE: Tarball Cleaner by deprecated (Priest) on Jan 21, 2001 at 04:56 UTC
Is there a reason Archive::Tar was not used in this case? I am working on a project with it (code to follow, maybe even this evening), and it seems pretty straightforward (if a little braindead), and doesnt require the use of `` and the like... update: that code is here. dep -- i am not cool enough to have a signature.	[reply]