Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Getting information about a remote file via SSH: how to escape the filename

by Happy-the-monk (Monsignor)
on Jun 27, 2013 at 13:17 UTC ( #1041013=note: print w/ replies, xml ) Need Help??


in reply to Getting information about a remote file via SSH: how to escape the filename

$ssh->cmd(qq[ls -l $remotefile]); # Then parse the info I want from $stdout with an easy regex

But I can't rule out the possibility that the remote filename might contain shell metacharacters.

This should do it: $ssh->cmd(qq[ls -l "$remotefile"]);

Cheers, Sören

(hooked on the Perl Programming language)


Comment on Re: Getting information about a remote file via SSH: how to escape the filename
Re^2: Getting information about a remote file via SSH: how to escape the filename
by salva (Monsignor) on Jun 27, 2013 at 13:54 UTC
    $remotefile=qq[foo"; rm -Rf /; echo "bar]

      In my particular situation, actively malicious filenames are very unlikely to occur (and if they do, it implies that I have much bigger problems than this program can possibly address or even meaningfully exacerbate).

      However, I still don't want the thing to fail to work correctly if a filename happens for some reason to contain quotation marks.

      $remotefile=qq[foo"; rm -Rf /; echo "bar]

      You'd better untaint your variables, Monk!

      Cheers, Sören

      (hooked on the Perl Programming language)

        How can you discern a valid filename from a malicious one in a generic way?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1041013]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (8)
As of 2014-10-23 00:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (123 votes), past polls