Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: Getting information about a remote file via SSH: how to escape the filename

by Happy-the-monk (Abbot)
on Jun 27, 2013 at 13:17 UTC ( #1041013=note: print w/replies, xml ) Need Help??


in reply to Getting information about a remote file via SSH: how to escape the filename

$ssh->cmd(qq[ls -l $remotefile]); # Then parse the info I want from $stdout with an easy regex

But I can't rule out the possibility that the remote filename might contain shell metacharacters.

This should do it: $ssh->cmd(qq[ls -l "$remotefile"]);

Cheers, Sören

(hooked on the Perl Programming language)

  • Comment on Re: Getting information about a remote file via SSH: how to escape the filename

Replies are listed 'Best First'.
Re^2: Getting information about a remote file via SSH: how to escape the filename
by salva (Abbot) on Jun 27, 2013 at 13:54 UTC
    $remotefile=qq[foo"; rm -Rf /; echo "bar]

      In my particular situation, actively malicious filenames are very unlikely to occur (and if they do, it implies that I have much bigger problems than this program can possibly address or even meaningfully exacerbate).

      However, I still don't want the thing to fail to work correctly if a filename happens for some reason to contain quotation marks.

      $remotefile=qq[foo"; rm -Rf /; echo "bar]

      You'd better untaint your variables, Monk!

      Cheers, Sören

      (hooked on the Perl Programming language)

        How can you discern a valid filename from a malicious one in a generic way?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1041013]
help
Chatterbox?
[davies]: LanX: No. The mayor of London would better be described as the transport commisar for London. S/h/it doesn't have a tenth of the power of La Sturgeon (and therefore does <10% of the damage).

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (12)
As of 2017-12-15 18:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    What programming language do you hate the most?




















    Results (440 votes). Check out past polls.

    Notices?