Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Getting information about a remote file via SSH: how to escape the filename

by Happy-the-monk (Abbot)
on Jun 27, 2013 at 13:17 UTC ( #1041013=note: print w/ replies, xml ) Need Help??


in reply to Getting information about a remote file via SSH: how to escape the filename

$ssh->cmd(qq[ls -l $remotefile]); # Then parse the info I want from $stdout with an easy regex

But I can't rule out the possibility that the remote filename might contain shell metacharacters.

This should do it: $ssh->cmd(qq[ls -l "$remotefile"]);

Cheers, Sören

(hooked on the Perl Programming language)


Comment on Re: Getting information about a remote file via SSH: how to escape the filename
Replies are listed 'Best First'.
Re^2: Getting information about a remote file via SSH: how to escape the filename
by salva (Abbot) on Jun 27, 2013 at 13:54 UTC
    $remotefile=qq[foo"; rm -Rf /; echo "bar]

      In my particular situation, actively malicious filenames are very unlikely to occur (and if they do, it implies that I have much bigger problems than this program can possibly address or even meaningfully exacerbate).

      However, I still don't want the thing to fail to work correctly if a filename happens for some reason to contain quotation marks.

      $remotefile=qq[foo"; rm -Rf /; echo "bar]

      You'd better untaint your variables, Monk!

      Cheers, Sören

      (hooked on the Perl Programming language)

        How can you discern a valid filename from a malicious one in a generic way?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1041013]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (8)
As of 2015-07-29 04:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (260 votes), past polls