Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Perl calling Linux commands

by tmharish (Friar)
on Mar 08, 2013 at 11:06 UTC ( [id://1022392]=note: print w/replies, xml ) Need Help??


in reply to Perl calling Linux commands

If you had printed the system command that you were running you would have figured this out.

Update

Just to show what I meant consider what happens when your code is modified like so:

my $command = qq("svr_submit_RAST_job --user "$username" --passwd "$Pa +ssword" --fasta "$fasta" --domain "$domain" --genetic_code "$Genetic_ +code") ; print "\n\n\nGoing to run the following through system:\n $command\n";
Output
Enter the Rast Username username Enter the Rast Password password Enter the fasta file Name filename Enter the Domain Name domainname Enter Genetic_Code geneticcode Going to run the following through system: "svr_submit_RAST_job --user "username " --passwd "password " --fasta "filename " --domain "domainname " --genetic_code "geneticcode "

And the newlines are there for you to see, as plain as daylight.

Replies are listed 'Best First'.
Re^2: Perl calling Linux commands
by tmharish (Friar) on Mar 08, 2013 at 13:50 UTC

    Additionally you need to look at tainted variables.

    Its a really bad idea to take user input and throw it to system ( or a database ) - What if the username input was:

    " || ls && 0 &&

    Of course you could replace ls with whatever exciting nefarious command you choose but thats the idea ...

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1022392]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others lurking in the Monastery: (2)
As of 2024-03-19 07:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found